Last week there were several attacks that targeted major South Korean organizations, some of which were banking institutions. Researchers from AhnLab and F-Secure uncovered what appears to be spear phishing emails used in the attacks, revealing a malicious archive. Tools used for exploiting vulnerabilities within organizations, especially banking institutions, come in many forms. The use of spear phishing techniques , the act of specifically targeting a user or department in an organization, is yet another stumbling block for South Korea banks just like it has been on a global scale...

HTML/DSPark.B, also known as gspwjg[1].htm, is a virus that typically exists in C drive and in the web browser cache. The C drive detection has a read-only attribute, which does not respond to any attempts to change it to common type so that HTML/DSPark.B removal could be completed. HTML/DSPark.B is difficult to detect and remove from the infected computer system. Once installed, HTML/DSPark.B may insert itself into legitimate running processes, take over browser settings and open backdoors to download and install other malware threats on the affected computer system.

Discount Buddy is a potentially unwanted program made by 215 apps for Internet Explorer, Mozilla Firefox and Google Chrome that is usually added when PC users install other free applications. Deal Boat will display ads, coupons and sponsored links via a pop-up box on Amazon, Walmart, Ebay and other shopping websites that PC users are visiting. These pop-up ads will be displayed as boxes, which include a variety of coupons that are available or as underlined keywords, which when clicked will illustrate a pop-up ad that declares it is sent to the target computer user by Deal Boat. When...

Deal Boat is a potentially unwanted program produced by 215 apps for Internet Explorer, Mozilla Firefox and Google Chrome that is typically added when computer users install other free software. Deal Boat will display advertisements, coupons and sponsored links via a pop-up box on Amazon, Walmart, Ebay and other shopping websites that Internet users are visiting. These pop-up advertisements will be illustrated as boxes, which contain numerous coupons that are available or as underlined keywords, which when clicked will show a pop-up advertisement that claims it is sent to the affected...

It seems that Facebook will always be under a unrelenting attack by cybercrooks as the latest warning is for Facebook users is to beware of the phishing site wasvideo.com that steals login credentials to Facebook accounts. Scambook, a site dedicated to reporting on the latest scams on Facebook, recently released a blog post warning Facebook users of a bogus message circulating on the 1-billion user-strong social network. The message is one to trick users into clicking on a link to the site wasvideo.com. The message below, if clicked on, redirects users to fizikubook.com as shown in...

Trojan Horse Generic32.HRP is a Trojan that circulates through one computer system to another via Internet or USB drives, CD and DVD. Trojan Horse Generic32.HRP copies itself and corrupts files in the targeted computer system. Trojan Horse Generic32.HRP is able to log on the victim's email and transmit itself to the affected PC user's contacts acing like a harmless email attachment. Once installed, Trojan Horse Generic32.HRP may contact a remote server to download and install other malware threats into the compromised machine and allow attackers to use malware to monitor the victimized...

Trojan.Win32.yakes.coen is a Trojan, which can damage an affected computer and gather a target PC user's personal information. Trojan.Win32.yakes.coen can spread via malicious websites, links, freeware and spam email attachments. Trojan.Win32.yakes.coen may pretends to be a legitimate program and install itself onto the corrupted PC without the victim's permission and knowledge. Trojan.Win32.yakes.coen can perform numerous damaging actions on the infected computer such as exploit system vulnerabilities, make a longer period of time than usual to start the computer and run programs, shut...

Adware:Win32/Kremiumad is an adware program that displays offers linked to a victim's web browsing habits as the PC user browses the Internet and opens advertisements that are outside the context of the program, website, or other source the advertisements are advertising. Adware:Win32/Kremiumad can be downloaded from the website of the program. Adware:Win32/Kremiumad creates an installation entry in the Programs and Features section of the Control Panel, which the affected PC user can access. Running an uninstaller, the target computer user may remove some or all of the files associated...

Trojan:Win32/Dembr.A is a Trojan that deletes the Master Boot Record (MBR), making the affected computer unusable. Trojan:Win32/Dembr.A includes a code to assure that it only runs after 14:00, on March 20, any given year. Trojan:Win32/Dembr.A may make lasting changes to the infected computer that will not be restored by detecting and removing this malware threat. Therefore, PC users will need to reinstall Windows, and restore the targeted computer from backup. Once installed, Trojan:Win32/Dembr.A will block victimized computer users from starting the PC. Trojan:Win32/Dembr.A blocks...

TeamSpy is a spying malware threat that is included in a cyber-espionage malware attack. TeamSpy uses legal programs together with commodity malware devices, and attacks government intelligence organizations, heavy industries and political activists in numerous countries of Eastern Europe. TeamSpy installs a legal edition of TeamViewer, a program that is used to perform remote administration, onto affected computers, and makes changes to the application with the help of Dynamic Link Library (DLL) compromising, so the targeted PC can be controlled remotely. TeamSpy may also exploit...

Exploit:JS/ActiveXComponent is a Trojan that circulates as a JavaScript exploiting the vulnerability (CVE-2000-1061) to run an arbitrary code. When installed, Exploit:JS/ActiveXComponent makes system changes by making browser changes on the compromised PC. Exploit:JS/ActiveXComponent can change the Internet Explorer homepage and add domains to a victim's Internet Explorer Favorites list. Exploit:JS/ActiveXComponent is distributed via malicious or hacked websites. Exploit:JS/ActiveXComponent is loaded if the PC user visits hacked or malicious websites. Exploit:JS/ActiveXComponent also...

Exploit:Win64/Anogre is a Trojan that propagates as a malicious file exploiting a vulnerability in Windows (CVE-2011-3402), which can enables a remote attacker to install programs, view, change, or delete data or create new accounts with full administrative privileges. If a PC user visits a website, which contains the malicious code while using a vulnerable version of Windows, Exploit:Win64/Anogre will attempt to load itself. If the computer user has automatic updating enabled, he/she will not need to take any action because this security update will be downloaded and installed...

Trojan:Win32/Dembr.C is a Trojan that steals information about an infected computer and then transmits it to a remote server. Trojan:Win32/Dembr.C opens and inserts itself into a new Internet Explorer process. Trojan:Win32/Dembr.C collects information about the compromised PC, such as the computer's name, the registered owner, the registered organization and the date the PC user installed Windows. Trojan:Win32/Dembr.C encrypts and transmits this data in the form of a unique ID to one of the certain servers. Trojan:Win32/Dembr.C gets encrypted data from the servers, which it decrypts and...

SelectionLinks is an adware program, which will display advertisements and sponsored links on Facebook, Google, Youtube, and other websites that computer users are visiting. These advertisements will be displayed as boxes on different websites, and under them the affected PC user will see a link 'about this ad', which will take the attacked PC user to the website of SelectionLinks. SelectionLinks will also add a tab to the Google Search page, in which it will display Youtube and Twitter search results for the victim's queries, and when the computer will highlight any words on a website,...

TR/Sirefef.AG.9 is a Sirefef Trojan that enters the vulnerable computer system stealthily via social networks, freeware, shareware, dubious websites, spam messages, and can come bundled with other PC threats. TR/Sirefef.AG.9 might be connected with rogue anti-spyware software. TR/Sirefef.AG.9 might be used to deliver and install fictitious security tools on vulnerable PCs. TR/Sirefef.AG.9 may show annoying pop-up ads on the screen of the infected computer. TR/Sirefef.AG.9 may collect information about the compromised PC user's online activities by retrieving logs on the computer system....

Although a normal checksum-based error is a result of data corruption and, potentially even problems related to your BIOS (your PC's Basic Input/Output System), the 'System message – Sector Not Found' Fake Alert is a fraudulent checksum warning that actually is caused by rogue Registry cleaners. Just one of the many types of fake system alerts displayed by members of the FakeSysdef or FakeHDD family, the 'System message – Sector Not Found' Fake Alert can't detect real hard drive errors and should be considered a symptom of the presence of malicious software. If you want to delete...

The Eleonore Exploit Kit is an online PC threat that is inserted into hacked or malicious websites for the purpose of installing malware onto the vulnerable computers of any visiting traffic. Previously, due to its limited range of exploits, the Eleonore Exploit Kit was considered one of the less-dangerous exploit kits compared to similar PC threats like Blacole. However, updates for the Eleonore Exploit Kit have added new exploits, including at least one zero-day vulnerability that cannot be protected against by patching your PC's software. SpywareRemove.com malware research team urges you...

Apple has recently dropped a XProtect.plist definition update to protect users against a newly discovered Yontoo Trojan, which has had Mac users in a scare of the malware generating an abundance of annoying adware on their system. Yontoo Trojan was recently discovered by a Russian antivirus and security company just last week. Before and during the discovery, unfortunate Mac users surfing the web took notice to their systems prompting them to download and install a necessary plug-in claimed to be missing to view video trailers. Those who continued to install the so-called plug-in,...

Tuvaro is free browser add-on, which is advertised via other free software downloads. Once installed on a compromised PC, Tuvaro will add the Tuvaro Toolbar, change the default homepage and search engine of the hacked web browser to tuvaro.com. The Tuvaro Search Bar will display advertisements and sponsored links in victimized search results, and may gather search terms from search queries of an affected Internet user. Tuvaro Toolbar gets on the vulnerable computer after the PC user has installed another free software product or add-on that had bundled into their installer Tuvaro...

Win32/RDPdoor is a backdoor Trojan, which uses TeamViewer as a backdoor component to manually transfer money on victimized PCs. Win32/RDPdoor is a part of the TeamSpy targeted attack, which aims at government services and companies. TeamSpy uses modified components of the TeamViewer application. Win32/RDPdoor uses genuine applications in an effort to establish a remote connection with an affected computer system. Win32/RDPdoor makes some changes to the legal components of the corrupted PC. Win32/RDPdoor uses the TeamViewer 5.0 standalone component to initiate remote control of the...