Lavasoft Blog

Malware Arrests Send Message to Cyber Thieves

Erin — Fri, 20 Nov 2009 17:11:25 +0000

This past week, news broke that British police have made groundbreaking headway in combating cyber crime, making the first arrests in Europe of two people suspected of distributing Zeus – a sophisticated Trojan designed to steal sensitive data. On November 3, the Metropolitan Police’s Central e-Crime Unit arrested a man and a woman in Manchester, England on suspicion of helping spread the Trojan, known as Zeus or Zbot.

At Lavasoft, we detect this threat as ‘Win32.TrojanSpy.Zbot’ in Ad-Aware's Detection Database; it’s a type of malicious program that can steal information such as passwords, surfing habits, credit card details and e-mail addresses. According to a statement on its website, the Metropolitan Police say that the malware allowed distributors to harvest “millions of lines of data from affected machines – hundreds of thousands per day…”

What does this breakthrough mean for combating malware? Andy Browne, the team leader of the Malware Labs here at Lavasoft, says that the arrests of two suspects distributing Zbot sends a long overdue and strong message that such behavior is a serious criminal offense and will not tolerated. Good work, Scotland Yard!

Law Firms and PR Groups Targeted in Spear Phishing Attacks

Erin — Wed, 18 Nov 2009 15:49:54 +0000

The U.S. Federal Bureau of Investigation has issued a new advisory for law firms and PR companies to take heed of:

By way of an ongoing FBI investigation, it’s been found that hackers are increasingly targeting U.S. law firms and public relations groups with spear phishing e-mails containing malicious payloads, in an attempt to break into their computer networks to steal sensitive information.

According to the FBI’s e-scam advisory:

“Hackers exploit the ability of end users to launch the malicious payloads from within the network by attaching a file to the message or including a link to the domain housing the file and enticing users to click the attachment or link. Network defense against these attacks is difficult as the subject lines are spoofed, or crafted, in such a way to uniquely engage recipients with content appropriate to their specific business interests.”

For full details, read the FBI's warning or The New York Times’ recent coverage on this.

What's New in Ad-Aware?

Erin — Mon, 16 Nov 2009 21:47:16 +0000

You may have seen our blog post last week giving you a look at the new Ad-Aware Game Edition, the spin-off of Ad-Aware that provides protection to gamers as they play.

Did you know that we also have a video tutorial available on the latest version of Ad-Aware? Have a look below to get a good, brief overview of Ad-Aware Internet Security.

Those of you who have been enjoying the new version for the past several weeks may already be familiar with what's being discussed in this one, but please take a peek and pass it on to anyone you know interested in learning more about the latest Ad-Aware and getting a guided tour through the new features.

Ad-Aware Game Edition - Quick Look....

LS Patrick — Thu, 12 Nov 2009 07:47:38 +0000

CamFrog Scam

Albin — Wed, 11 Nov 2009 06:43:12 +0000

One of the most popular applications for cam sessions (CamFrog) is now being abused for distribution of malicious software. The site, below, will appear if the victim visits camsjungle.XXX. The domain is more or less a clone of the real site, camfrog.com

The cyber criminals have planted a fake version of CamFrog (CamFrogSetup.exe) on the server. The application looks like this:

When the victim executes the fake application, a new malicious file will be downloaded. The file is a Win32.TrojanDowloader.VB and will run in the background without the user's consent, connecting to suspicious servers. Ad-Aware’s Genotype scanner will detect the malicious file as Win32.TrojanDowloader.VB/S.

Albin

Lavasoft Malware Labs

Vote Now in the 2009 Softonic Awards

Erin — Tue, 10 Nov 2009 19:12:46 +0000

A new edition of the Softonic Awards is underway, and that means the race is on to see which software viewers pick as the best in 2009 across different categories and platforms. Please help us out by voting for Ad-Aware in the “Best Anti-Spyware” category, where we’re proud to say that we’ve been shortlisted again this year.

Be sure to cast your vote soon to let your voice be heard and enter for your chance to win big – according to Softonic, everyone who participates in this year’s awards will be entered into a draw to win a SEAT Ibiza, or €8,000. But keep in mind, the polls (available in English, Spanish, German, French, Italian and Portuguese) are only open until November 30, 2009.

And, we’d also like to thank all those who voted in these awards last year, giving Ad-Aware the win for “Best Anti-Spyware Program” in 2008. Let’s make it happen again this year!

Quote of the Day

Lina — Tue, 10 Nov 2009 13:26:16 +0000

We recently came across an article that featured an interesting quote from one of our competitors, so I thought I would share it:

“We’re the Toyota. A high quality brand - you get a great car for a reasonable price.” Acknowledging that the new products had been value priced Powledge said that they were targeted at people “Who don’t want to pay the highest prices, but want a quality solution.”
Tom Powledge, General Manager, PC Tools

Would that make us the Volvo..?

Framed by Malware

Erin — Mon, 09 Nov 2009 17:58:24 +0000

It’s a disturbing occurrence that you don’t automatically think of in terms of the repercussions of a malware infestation…And according to this recent Associated Press article, it’s happening more often than you might imagine – innocent computer users unwittingly have pornographic images deposited on their PCs due to a virus, branding them as child abusers.

Here’s an excerpt from the article:

“Pedophiles can exploit virus-infected PCs to remotely store and view their stash without fear they'll get caught. Pranksters or someone trying to frame you can tap viruses to make it appear that you surf illegal Web sites. Whatever the motivation, you get child porn on your computer -- and might not realize it until police knock at your door.”

The article goes on to detail an Associated Press investigation that found cases where innocent people have been accused as pedophiles when family or co-workers uncover images of child pornography on their PC, ultimately bringing devastating effects on the victims’ family, career, reputation and finances - in order to prove their innocence. Complicating many of these situations, the report explains, is the fact that pedophiles frequently blame viruses to explain the presence of pornographic images found on their PCs, making law enforcement skeptical of this defense.

These types of cases are reminiscent of the plight of Connecticut, USA teacher Julie Amero, the so-called "Spyware Teacher" who was facing up to 40 years behind bars after being convicted of exposing her students to pornography by allegedly accessing pornographic images on a classroom computer in October 2004. Amero's defense contended that the teacher had no control over the incident because malware on her computer caused a loop of pornographic pop-ups to barrage her screen. The controversial guilty verdict was then dropped in 2007.

New Trojan Redirects to a Fake Media Codec Site

Albin — Fri, 06 Nov 2009 13:24:33 +0000

There's a new Trojan out there that will cause annoying pop-ups and change the desktop background to entice victims to purchase their services. The new desktop background will appear like this:

If you choose to go further and click on the 'update now' button, you'll be redirected to a purchase page. This page gives a serious impression at first sight and the makers behind the site claim that:

“WinCodecPro is not just a set of codecs to improve the audio and video quality on your computer! This newest development of SPACE Technology, thanks to it we were able to improve video image by 68%,to improve sound effects by 32% and to improve the quality of Flash by 46%!For the last 8 years products of SPACE Technology have proved their strong unsurpassed quality! WinCodecPro”

The sad truth is that victims will be tricked into purchasing a trial package for $49.99 or the full package for $79.99.

This domain is fraudulent and plays on people’s lack of knowledge about media codecs. It’s recommended to always make some basic Google searches to verify how trustworthy the source is, to avoid scams like this.

Albin

Lavasoft Malware Labs

Don’t Be a Billy

Erin — Thu, 05 Nov 2009 15:39:20 +0000

The National Cyber Security Alliance, in its continued effort to promote online safety, has released a new web video, directed by filmmaker Brett Wagner.

This throwback to 1940’s classroom etiquette shows you what NOT to do online. Take a look at 'Don't Be A Billy':

New Rogue: BlockProtector

Albin — Thu, 05 Nov 2009 08:28:40 +0000

The makers behind the Winiguard family never give up. They almost release a new clone application on a daily basis, and this time the rogue is named BlockProtector.

Albin

Lavasoft Malware Labs

IT Blog Awards 2009 - Vote Lavasoft!

Erin — Tue, 03 Nov 2009 17:01:03 +0000

Computer Weekly is now running its second annual IT Blog Awards 2009 contest. The Lavasoft blog has been nominated this year in the “IT Security” category.

We need your help - if we’re among your favorite security blogs, please take a moment to help us out by casting a vote for Lavasoft! Details here.