|
|
Front Page News
-
|
Virus Bulletin 2007 is taking place this week, at the Hilton Vienna Hotel. This event, which starts today and ends on Friday, offers a wide range of interesting conferences about typical issues in the security area, such as crimeware, spam, phishing and...
|
-
|
Today we have published our Quarterly Report. The new Panda required a new look, so we have done our best to improve these reports. All the team hopes that you like them. Your comments are welcomed. Inside the report you can find plenty of information...
|
-
|
In the last three months we have seen some activity regarding a bot C&C Server named Apophis. Here you can see a few screenshots: - Login: - Statistics: - Configuration: - Settings: - Templates: - And a few more: Today we have gained access to a new...
|
-
|
Today we’re going to describe one of the ways the cybercriminals use to earn some easy money. There are many marketing companies that promote web traffic to different Web pages, software installations, etc. They use what they call 'affiliate programs',...
|
-
|
Last Friday, I received a URL which used several exploits to spread malware. As always, I started to investigate it. As you may know, these sites use javascript to exploit web browser, ActiveX or third party vulnerabilities, and of course JS obfuscation...
|
-
|
This month, the first positions of the list are very similar to last month’s. 1.- Application/MyWebSearch 2.- Adware/Lop 3.- Adware/Gator 4.- Adware/ActiveSearch 5.- Spyware/Virtumonde 6.- Adware/Savenow Adware/VideoActiveXObject goes up from the 10th...
|
-
|
It's summer, about 29ºC - 84ºF in Bilbao, a sunny and beautiful day. Good time for an ice-cream. But today we'll change the menu and we'll have an IcePack instead. IcePack Platinum is the name of a new "Kit for installing malware through exploits". Regarding...
|
-
|
As we commented in Spam in PHP forums and in Spam in PHP forums (II) , it has become more and more usual to see websites (forums, blogs, wikis, guestbooks, etc...) that contain advertising comments or links that direct to sites that infect with malware....
|
-
|
Today I have come across a server hosting an Mpack that has 292 different websites with iframes that make reference to it. Most of the infected users are Italian, as in the case we explained a month ago. You can check the information by following this...
|
-
|
Some time ago, we talked to you about malware prices, HTTP botnets, etc. Today I will show you the level Trojan creators have reached and the way in which some of them launch their creation ‘builders’, authentic centers for designing and creating totally...
|
-
|
We have detected a new case of RansomWare. Once the malware infects users and encrypts their files, several “read_me.txt” files are created in the infected system, which warn users that their data files have been encrypted and that they won’t be able...
|
-
|
A few weeks ago a spam attack was launched – as it happens everyday. But that time there was something new. It was a pump and dump stock scam, using a PDF attachment. And what’s more, the PDF looked in a very professional way, so many people could be...
|
-
|
Last week we have heard about an online shop that sells Iphones. This matter wouldn’t be unusual except for the fact that it is the classic case of phishing. Basically, you access the web thinking you are buying in an Apple’s official shop but, in fact,...
|
-
|
This month, Application/MyWebSearch joins the list in the first position, with only 36 detections less than Adware/Lop, which goes down to the second position. 1.- Application/MyWebSearch 2.- Adware/Lop 3.- Adware/Gator 4.- Dialer.XD 5.- Spyware/Virtumonde...
|
-
|
Finally, we have published the final version of NanoScan compatible with Windows Vista. Although the new operating system has new security features, users with Vista installed also need a double check of the PC. You don’t need to go to a special site...
|
-
|
We have often talked about the freedom with which certain cyber-crooks circulate around the Internet, but I must admit that even I am surprised sometimes… The theft of credit card details and trading of this information is the order of the day. How is...
|
-
|
Do you use personalized homepages as NetVibes , iGoogle or PageFlakes ? If so, I think I have good news for you: from now on you'll be able to scan your PC for active viruses, spyware, Trojans, etc. right from your homepage. Yes, we've just launched the...
|
-
|
Good news for Firefox users: NanoScan is now compatible with this excellent browser. To get the best results, we have opted to develop a plugin, and avoid Java, ActiveX controls and so on. This way, we have achieved complete compatibility and smooth operation...
|
-
|
“Dream System” is a bot that allows hackers to use infected machines as socket servers and to run any type of files in them. It launches two types of DDOS attacks: HTTP. UDP flood. The bot consists of: A server component, called “Dream Bot builder”, which...
|
-
|
We've been wondering for a few months now how malware mafias can hack so many web sites automatically to be exploited by MPack. Yesterday a few theories came to light, such as hinting that all the hacked servers all belong to the same virtual hosting...
|
-
|
In the last hours, many things have been said about the MPack massive infection with more than 10.000 affected websites. For more information, visit the Websense site http://www.websense.com/securitylabs/alerts/alert.php?AlertID=782 . Although the data...
|
-
|
Today, when I was tracking the server to which a variant of Trj/LdPinch sends information, I have come across, among the files in the server, some .php files that are used to control a botnet via web. The image below would be the initial screen from which...
|
-
|
Three new vulnerabilites have been make publicly this week. Two for Yahoo Messenger Webcam ActiveX and one for Microsoft GDI+ Yahoo! Messenger Webcam Upload ActiveX Control Buffer Overflow Security company eEye Digital Security has discovered two vulnerabilities...
|
-
|
This month there have been changes in the first two positions. Adware/Lop occupies the first position and 47 detections below, the seconds position is occupied by Application/MyWebSearch. Meanwhile, Adware/Gator goes down to the third position of the...
|
-
|
Checking a server that installs a variant of Trj/Cimuz, I came across a link that pointed to remover.exe file: After analyzing the code of the file, I noticed that it uninstalled the same variant of Trj/Cimuz that had been previously installed from that...
|
|
|
|