Antivirus Security is just another fake remover that plaques internet today. This rogue anti-spyware program is quite similar to other programs released in year 2009, that is relies on being pushed though trojan infections or fake websites to unsuspecting victim PCs. The results is a PC that bombs user with various alerts or security center [...]

SecretService is a very pretentious name for a very bad product. It is an antivirus-scam that claims cleaning your PC from all kinds of infections. Well, mostly from non-existing ones as it does not had fully working removal module. SecretService is cloned from other similar parasites and is a really simple application : it searches [...]

Active Antivir is not a real antivirus, but a tool of sucking money from your credit card account. Once your PC catches some trojans, you will get bombed by popups and alerts promoting ActiveAntivir or warning about non-existing threats on your PC. Suddenly Windows starts recommending non-Microsoft product, does not this sounds weird? Well, let [...]

AntivirusBEST, ironically, is a scam - a rogue anti-spyware program that appeared in end of June,2009. It is pushed around with the help of trojan drive-by downloads or bundled with other shareware. Once your PC is infected with trojans belonging to makers of AntivirusBEST, you start seeing some popups or fake security center alerts claiming [...]

Cybercriminals once again used the passing of Michael Jackson, the ‘King of Pop,’ a few days ago as an opportunity to go about with their malicious activities and attack innocent users.
We spotted an email (see Figure 1 below) about Michael Jackson’s death written in Spanish claiming to be from CNN Mexico.

Upon closer analysis (see Figure [...]

Post from: TrendLabs | Malware Blog - by Trend Micro

Michael Jackson Video Leads to Malware Download

A new ransomware spreading through email is on the loose.
On the outset, the worm detected by Trend Micro as WORM_RANSOM.FD may look like a normal mass-mailing worm but further analysis reveals that this comes with a deadly payload. With only a few exceptions (files with .rwg, .dll, .exe, .ini, .vxd, and .drv extensions are [...]

Post from: TrendLabs | Malware Blog - by Trend Micro

Files for Ransom… or Not

Aside from the new Twitter component we’ve also seen Koobface download a new component with the filename dns.exe, whose main purpose, it seems, is to modify the system’s DNS registry settings.
It is accomplished by inserting 213.174.139.72 (IP of the rogue DNS server) into the values of NameServer and DhcpNameServer found in the following registry key: [...]

Post from: TrendLabs | Malware Blog - by Trend Micro

New Koobface Component: A DNS Changer