Articles Archive for June 2009
Posted in Information and Removal on 29 June 2009
Aside from the new Twitter component we’ve also seen Koobface download a new component with the filename dns.exe, whose main purpose, it seems, is to modify the system’s DNS registry settings.
It is accomplished by inserting 213.174.139.72 (IP of the rogue DNS server) into the values of NameServer and DhcpNameServer found in the following registry key: [...]
Post from: TrendLabs | Malware Blog - by Trend Micro
Posted in Information and Removal on 28 June 2009
Recently, we came across JS_VIRTOOL which uses certain Javascript techniques so that encrypted code may not be decrypted and analyzed by a malware analyst.
Here is how this is done:
It retrieves the URL where the malicious script is located.
It retrieves its own function and adds the string of the URL.
It computes the CRC of the function [...]
Post from: TrendLabs | Malware Blog - by Trend Micro
Posted in Information and Removal on 26 June 2009
Following the sudden and shocking death of The King of Pop, Senior Threat Researcher Loucif Kharouni reports that a slew of malicious links related to Michael Jackson’s last moments in the hospital before his death are now being proliferated in the wild via the instant messaging (IM) application, MSN. Below is a sample screenshot of [...]
Post from: TrendLabs | Malware Blog - by Trend Micro
Posted in Information and Removal on 26 June 2009
Lsas.Blaster.Keylogger is a fake Trojan infection that is usually downloaded to the PC by a rogue anti-spyware application called System Security 2009. Once installed, fake security alert appears and warns the user about the worm Lsas.Blaster.Keylogger. It is also made, that Trojan alert would announce about the credit card details, which can be stolen using [...]
Posted in Information and Removal on 26 June 2009
The Kiwee toolbar is a browser application that allows the user to search online, communicate with premium emoticons in e-mails and forums. However, this product becomes a trouble when we are talking about the bandwidth or the speed of the machine. The Kiwee toolbar is known to load the PC, and it was even reported [...]
Posted in Information and Removal on 26 June 2009
Virus Cleaner is a rogue anti-spyware program - a fake spyware remover, which uses trojans (mostly Vundo or variants of the infamous Zlob) to enter the system. This parasite relies on misleading advertising to trick you into purchasing its “licensed version”, which is just as fake as the trial.
Once inside and active, Virus Cleaner will [...]
