‘Why Do I See This Page?’ Virus

Posted: March 21, 2013 | Category: Ransomware
The 'Why do I see this page?' Virus is a browser hijacker that attempts to steal information by redirecting you to phishing websites. Sites promoted by the 'Why do I see this page?' Virus will ask you to fill out a survey as an anti-bot security measure, but the 'Why do I see this page?' Virus isn't related to any type of security feature, and surveys associated with the 'Why do I see this page?' Virus never should be given any personal information. Because several variants of the 'Why do I see this page?' Virus have been identified, including some that are installed with other PC threats,...

AVASoft Professional Antivirus Firewall Fake Alert

Posted: March 21, 2013 | Category: Fake Warning Messages
Screenshot AVA Soft Professional Antivirus Firewall fake alert is one of the most prominent fake pop-up warnings from AVASoft Antivirus Professional, a fake anti-malware product that detects nonexistent attacks against your computer. Other than referencing the name of this new variant of scamware, AVA Soft Professional Antivirus Firewall fake alert is identical to similar pop-up warnings that also are generated by various members of WinWebSec , a mildly eclectic family of fake security programs. The AVA Soft Professional Antivirus Firewall fake alert will announce that your PC has been attacked by...

Java/Exploit.Agent.NMK

Posted: March 21, 2013 | Category: Trojans | Threat Level: 9/10
Java/Exploit.Agent.NMK is a Trojan, which is a component of a spam malware campaign pertaining to the Cyprus problems. Java/Exploit.Agent.NMK is distributed via unsolicited emails containing malicious attachments and links. The bogus email fools a victimized computer user into opening a malevolent file, detected as Java/Exploit.Agent.NMK. The infected links divert a recipient to a phishing website (hxxp://go-my.ru/cyprus_news.html), which disperses the Blackhole exploit kit. The malware infection uses the latest Java exploit CVE-2013-1493 and is detected as Java/Exploit.Agent.NMK. Then...

Win32/Cridex.AA

Posted: March 21, 2013 | Category: Viruses | Threat Level: 8/10
Win32/Cridex.AA is a recent variant of the Cridex Trojan, a spyware worm that steals sensitive information related to web accounts, particularly bank-based ones. Jumping onto the same bandwagon as Troj/SwfExp-BN and Troj/PDFJS-ADE , Win32/Cridex.AA is distributed through spam e-mail messages that pretend to carry news about the Cyprus banking bailout. Instead, these messages redirect victims to drive-by-downloads for Win32/Cridex.AA – before sending them off to a legitimate BBC website as a distraction from this attack. Win32/Cridex.AA doesn't show major symptoms of its presence even...

Backdoor:Win32/Poison.E

Posted: March 21, 2013 | Category: Backdoors | Threat Level: 6/10
Backdoor:Win32/Poison.E is a backdoor Trojan that enables remote attackers to get backdoor access and control of the affected computer. Backdoor:Win32/Poison.E strives to copy itself to the infected computer as a potentially malicious file, which is named similarly to a legitimate Windows file and exists by default in the same folder; therefore, the copy attempt probably fails. Backdoor:Win32/Poison.E creates the registry entry so that it can run automatically every time Windows is started. Backdoor:Win32/Poison.E connects to a remote server to receive commands, which allows a remote...

W32.Seswol.B

Posted: March 21, 2013 | Category: Worms | Threat Level: 5/10
W32.Seswol.B is a worm that proliferates through removable drives and encrypts certain files on the compromised PC. When W32.Seswol.B is executed, it creates the potentially malicious files on all connected removable drives. W32.Seswol.B creates the registry entry. W32.Seswol.B also creates the registry entry so that it can run automatically every time Windows is started. W32.Seswol.B encrypts all files whose extension is not '.sys' on all drives, except for files located on C: drive.

Trojan.Jokra

Posted: March 21, 2013 | Category: Trojans | Threat Level: 9/10
Trojan.Jokra is a Trojan that wipes the hard drive of the affected PC by overwriting the default data with one of several predetermined text strings. Trojan.Jokra is compatible with multiple types of operating systems, and some members of the PC security industry speculate that a variant of Trojan.Jokra was involved in the recent South Korean DarkSeoul (or Mal/EncPk-ACE ) attacks. Although Trojan.Jokra's worldwide distribution numbers are low, given the potential damage of Trojan.Jokra's attacks, SpywareRemove.com malware researchers stress the usefulness of preventative security steps...

Troj/Bredo-AGB

Posted: March 21, 2013 | Category: Trojans | Threat Level: 9/10
Troj/Bredo-AGB is a part of a spam malware attack, which is related to a DHL delivery. Troj/Bredo-AGB spreads via a spam email that pretends to come from DHL Express International. The spam DHL email has the subject line 'DHL delivery report'. The fake email includes false header information, which tricks a target recipient into believing that it is from a shipping company called DHL. The bogus DHL email attempts to dupe PC users into believing that there is a parcel waiting to be shipped to them, but an incorrect postcode has messed the delivery up. The fraudulent email message attempts...

Trojan.Reveton.B

Posted: March 21, 2013 | Category: Trojans | Threat Level: 8/10
In a case of a scam hedging its bets, PWS:Win32/Reveton.B is a spyware-based Trojan that is installed as a secondary PC threat during a traditional Reveton -based Police Trojan's attack. Members of the Reveton family usually are associated with ransom attempts that are enabled through Windows-locking attacks and fake legal warnings, but PWS:Win32/Reveton.B has entirely different functions, which SpywareRemove.com malware analysts have noted are geared towards stealing sensitive information. PWS:Win32/Reveton.B targets many kinds of programs, including FTP clients, Poker games, e-mail...

Chameleon Malware

Posted: March 20, 2013 | Category: Malware | Threat Level: 7/10
Chameleon malware is a botnet-based Trojan that creates fraudulent 'clicks' on online advertisements as a money-generating scam. Based on current analyses, SpywareRemove.com malware researchers estimate that Chameleon malware doesn't throttle its fake clicks to hide itself from the PC user; as a result of these excessive numbers of fake advertisement clicks, your PC may suffer from poor speed or stability. Chameleon malware has been known to crash and restart itself frequently and is unlikely to be designed with the sophistication that more extensive botnets than itself are known to...

Mal/EncPk-ACE

Posted: March 20, 2013 | Category: Malware | Threat Level: 7/10
Mal/EncPk-ACE aka DarkSeoul is a backdoor Trojan that's notable for disabling the Windows operating system, replacing the normal startup sequence with a hacker team's banner prominently for the duration of the attack. Mal/EncPk-ACE, as indicated by its nickname, achieved brief infamy during a recent attack against various South Korean banks and TV broadcast networks, all of which were targeted at the same time. However, if removed properly, Mal/EncPk-ACE hasn't been found to cause long term damage to your PC. Residents of countries other than South Korea are, at this time, considered...

Trojan.Nessess

Posted: March 20, 2013 | Category: Trojans | Threat Level: 9/10
Trojan.Nessess is a Trojan that opens a back door and steals information from the targeted computer. When Trojan.Nessess is executed, it attempts to connect to its command-and-control (C&C) server, which allows remote attackers to perform malicious actions on the hacked PC such as upload, download and run files, list and stop processes, and run a 'cmd.exe' command shell. Trojan.Nessess allows remote attackers to gain full access and control of the infected computer. Trojan.Nessess may download and install additional PC threats on the affected computer system.

W32.Arseefour

Posted: March 20, 2013 | Category: Worms | Threat Level: 5/10
W32.Arseefour is a worm that encrypts certain files on the affected computer. W32.Arseefour may circulate via removable drives by replicating itself. W32.Arseefour may create copies on the infected computer system. W32.Arseefour may attempt to steal personal information from the compromised PC. Once installed on the attacked PC, W32.Arseefour may make system changes by adding potentially malicious files and making registry modifications. W32.Arseefour may create the registry entry so that it can start automatically every time you turn your PC on.

TROJ_PIDIEF.SMXY

Posted: March 20, 2013 | Category: Trojans | Threat Level: 9/10
TROJ_PIDIEF.SMXY is a Trojan downloader that's disguised as a PDF document. The most recent attacks associated with TROJ_PIDIEF.SMXY have used a combination of spam e-mail messages to redirect victims to hostile sites, along with Blackhole Exploit Kit (a configurable exploit kit) attacks that install launch TROJ_PIDIEF.SMXY without your consent. Although the malware that TROJ_PIDIEF.SMXY installs has yet to be analyzed, SpywareRemove.com malware researchers warn that most infections associated with Blacole attacks are high-level threats, such as ransomware Trojans that lock your desktop...

Troj/SwfExp-BN

Posted: March 20, 2013 | Category: Trojans | Threat Level: 9/10
Troj/SwfExp-BN is a Flash-based component of the Blackhole Exploit Kit, a website-based PC threat that searches for vulnerabilities that can be used for drive-by-download installations of other malware. E-mail spam appears to be the main distribution mechanism for attacks related to Troj/SwfExp-BN, with some popular e-mail attacks including references to European events like the Cyprus banking bailout and the election of Pope Francis. If you have the misfortune to follow web links from e-mail messages that resemble this description, you should take care to use anti-malware software to...

Troj/PDFJS-ADE

Posted: March 20, 2013 | Category: Trojans | Threat Level: 9/10
Troj/PDFJS-ADE is a Trojan downloader that connects to an external server for downloading and installing malicious software automatically. Attacks linked to Troj/PDFJS-ADE are prominently associated with misleading e-mails that use fake news articles with European themes (such as the Cyprus bank bailout or the papal election) to encourage victims to click on their malicious links. These links redirect you to a Blackhole Exploit Kit , which launches attacks a variety of potential system vulnerabilities through components like Troj/PDFJS-ADE. Besides the standard defenses against BEK-based...

Tech-ava-soft.org

Posted: March 20, 2013 | Category: Rogue Websites
Screenshot Tech-ava-soft.org is a malicious website that's given over to promotional efforts for AVASoft Professional Antivirus , a rogue anti-malware program from the Winwebsec family. Unlike legitimate anti-malware scanners, Tech-ava-soft.org's product can't find malware or remove it from your computer, but displays inaccurate alarms and system scans to make it seem otherwise. Visiting Tech-ava-soft.org risks infecting your PC with AVASoft Professional Antivirus by means of drive-by-download exploits, but most PC users only will see Tech-ava-soft.org after they're redirected to...

Backdoor.APT.Merong

Posted: March 19, 2013 | Category: Backdoors | Threat Level: 6/10
Backdoor.APT.Merong is a backdoor Trojan that is included in a malware attack, which affects companies. The malware campaign that is used by cybercriminals to distribute Backdoor.APT.Merong uses the name of the company it aims at in the CnC URL name. Backdoor.APT.Merong regularly uses either names of companies or a project that a particular company works on in its CnC URL name in order not to appear suspicious. Backdoor.APT.Merong propagates via malicious emails carrying harmful web addresses. The zip file encompasses 'Updated_office_contact_v1.exe', which when run creates 'ctfmon.exe'...

Trojan.APT.LetsGo

Posted: March 19, 2013 | Category: Trojans | Threat Level: 9/10
Trojan.APT.LetsGo is a Trojan that is a component of a malware campaign, which targets companies. The malware attack that is used by attackers to spread Trojan.APT.LetsGo uses the name of the company it affects in the CnC domain name. Trojan.APT.LetsGo constantly uses either names of companies or a project that a certain company is working on in its CnC domain name in order not to raise any suspicion. Trojan.APT.LetsGo spreads via infected emails including malicious URLs. The .zip file includes 'Updated_office_contact_v1.exe', which once executed creates 'ctfmon.exe' and...

Win32/Agent.UAW

Posted: March 19, 2013 | Category: Trojans | Threat Level: 9/10
Win32/Agent.UAW is a Trojan that is used as a detection name of Power Loader, a special bot builder for generating downloaders for other malware families and yet another example of specialization and modularity in malware making. Win32/Agent.UAW may gather certain information used to access specific websites. Win32/Agent.SFM may also gather personal information when the computer user browses particular websites. Win32/Agent.UAW strives to transmit collected information to a remote server. Once run, Win32/Agent.UAW may also harvest various information connected with the targeted PC...
previous  320  321  322  323  324  325  326  327  328  329  330  331  332  333  334  335  336  337  338  339  340  next     total items: 20481
Home "Articles"