Manufacturing Fear

We’ve seen some particularly nasty malware recently that has prompted me to think about how people react to scare tactics and fear appeals. The kind of malicious software I’m thinking of in particular here is generally referred to as ‘rogue security software’, and it displays false and misleading messages regarding malware infections in order to…

1

Helpful Suggestions to Protect You From Game Password Stealers

Greetings, As you probably figured out from Matt McCormack’s post, and Jeff Williams’ post; there are a lot of Game PWS (password stealers) out there. I decided to do a post on how you might prevent these PWS from infecting your computer. 1. Run up-to-date antivirus software. I know us gamers hate the performance penalty…

2

Another Malware Rides the 2008 Olympics Wave

We recently noticed a new malware threat that is spreading via email. The email contains a malicious ‘CHM’ (Microsoft Compiled HTML Help) file attachment which displays a document about free speech and media freedom during the Olympics in Chinese and English when opened. We have added detection for this threat and named it ‘Backdoor:Win32/Xinia.B’. You…

0

MMPC Encyclopedia Top 5: Mostly Vundo

The following is a list of our top five most commonly viewed encyclopedia pages last month: TrojanSpy:Win32/Bancos.gen!A Win32/Vundo Trojan:Win32/Vundo.gen!H Trojan:Win32/Vundo.gen!P Win32/Alcan It looks like our readers are really interested in Win32/Vundo, also known as Win32/Virtumonde. Of the 5 most popular malware encyclopedia entries last month, 3 of them are Win32/Vundo related (2, 3, and 4). We…

0

Malware rides the wave of 2008 Beijing Olympics

The great anticipation that awaited the Olympics is matched by the anticipation for malware to make use of the event to infect users.  The first executable malware taking advantage of this event has also arrived.  The malware is disguised as a screen saver named “2008BeijingOlympics.scr”. When you run the program, it actually displays some nice pictures…

1

MSRT on CAPTCHA breaking malware

A CAPTCHA (IPA: /ˈkæptʃə/) is a type of challenge-response test used in computing to ensure that the response is not generated by a computer. The process involves one computer (a server) asking a user to complete a simple test which the computer is able to generate and grade. Because other computers are unable to solve the…

1

MMPC @ Gamefest 2008

I had the privilege of presenting a couple of weeks ago at Gamefest 2008—a Microsoft sponsored technical conference targeted at the games industry.  I spoke about game password stealers- what they do, which games are targeted by which families and the behaviors of those families, prevalence, number of variants and so on.  This is a…

2

My Favourite Time of the Year

It’s when a VX group folds, and it has happened again.  Twice, even.  The day before the “much anticipated” 😉 EOF-DoomRiderz-rRlf group zine was released, rRlf announced that they were disbanding.  This is something that we could have guessed anyway, based on the comment in Latin that was posted on their website a few days…

2

Horst: (Something Old, Something New)

The latest version of the MSRT was released on the 8th of July. The newest family selected for inclusion was “Horst”. The Horst family is made up of a number of different components. Each of which, can perform different tasks. Tasks include downloading, malware distribution and email account registration by CAPTCHA bypass. Horst family variants…

1

How potentially unwanted software finds a way into our computers

I was talking yesterday with a fellow researcher about the Win32/Danmec trojan and the way it uses SQL injection to extend its bot network when I just realized that I was actually looking through some of the injected webpages. I decided to find more about it so I backtracked the events to see how the…

3