by Alex Eckelberry | Nov 28, 2007 | Uncategorized
As a follow-up to our recent posts, here’s some additional information.First, we can ring the all-clear bell. Google took action on these domains and you won’t find them anymore in Google.However, check out this javascript:(source:...
by Alex Eckelberry | Nov 28, 2007 | Uncategorized
Here’s a first — the Italian Gromozon, one of the nastiest pieces of malware in creation, being pushed in disguised form as a rogue antispyware security app. (This same page also installs Malwarealarm, but through a different file.)Incidentally, it’s also the...
by Alex Eckelberry | Nov 27, 2007 | Uncategorized
Hi all, Adam Thomas here from the Malware Research Team. I just wanted to post a follow up to our blog post yesterday regarding malware redirects from search engine results.Sunbelt Software has uncovered tens of thousands of individual pages that have been...
by Alex Eckelberry | Nov 26, 2007 | Uncategorized
We’re seeing a large amount of seeded search results which lead to malware sites.These are using common, innocent terms — one researcher landed on a malware site through searching for alternate firmware for a router. For example, this search for “netgear ProSafe...
by Alex Eckelberry | Nov 25, 2007 | Uncategorized
A new fake codec: codecvip(dot)com.Pushes both Windows and Mac TrojanDNSChanger.Sample binaries: Mac: codecvip(dot)com/download/codecvip(dot)dmg; Windows: codecvip(dot)com/download/codecvip(dot)exe. If you are hunting for Mac fake codecs, remember to change your user...