RED ALERT!!

Nice wallpaper pushing a rogue.

AdultFriendFinder account suspended

Some spyware pushed AdultFriendFinder... but apparently they got blocked ;-)

Buffer overflow attempt?

BraveSentry joke

What? You must be kidding!

Spot the mistake courtesy of TrustedAntivirus

Hint: achtung!

Winsoftware localisations

Having fun with different versions of WinAntivirusPro... French, German, Italian.... you name it.

TrustedAntivirus Scam

Ah... it will never change...

Scam again

Don't buy this rogue stuff. It's a S.C.A.M.!!!!

Malware tampers with verclsid

Verclsid.exe is used to verify a COM object before it is instantiated by Windows Explorer.

This threat attempts to delete verclsid.exe. I guess the idea is to execute a non verified nasty COM object regardless ;-)

AVSystemcare, 5 star rating?

My PC gets infected with a Trojan which pushes the famous AVSystemCare rogue:



Very nice install screen!



Lots of happy customers:




It's MY DECISION!!!





Verdict:
A very good looking product with very bad intentions (your money).

When a picture hides an executable

A GIF file is harmless, right?

Wait, maybe not!



It turns out it's an EXE renamed just for the fun of it.

VirusTotal sneak preview:

Fake Zlob Trojan codec site down? or not....

Apparently a goner....



Hmm.... maybe not:

Trojans from China: exposed!

A nice collection of Trojans being pushed massively stored at:
down[hidden].china-s0ft.cn/downlist.txt




and more from another domain:

Zlob Trojan: fake error, real infection

I found a fake video codec while doing some Google searches. It is very well crafted, with a bit of social engineering. At first I thought this one was VMware aware because of the error message. However, some deeper analysis revealed it was not. Some interesting things came up. Below is a summary.

Upon executing the sample, the following message shows up:



However, in the background things are taking place:




An Internet Explorer toolbar is created:


Only the following security vendors are detecting this threat at the time of posting:

Porn YouTube impersonation leads to malware

"Show Yourself"?

Once you pick a video, you are prompted to download a codec.


The site is totally bogus and the comments posted are fake (of course). Though kudos to whoever wrote them.



Installs a rogue app (VirusHeat) as well as a bunch of other bad stuff.

RogueFest

Stay away from those scams!

Malware Crush:


Filter Program:


Advanced Cleaner

Search2Find installs rogue SystemDefender

Rogue infestation

A VM image infected with several rogue anti spyware apps. Note the antivirus.exe process (in Process Explorer). Although you see the process, the file is invisible to the system. Rootkit technique....
Also, one of the rogue is VM aware....

Rootkit + Rbot Worm

I found something interesting while analyzing a malware sample.
A process called "taskmaneger.exe" was running (I can see it in Process Explorer). However it was not visible on the hard disk under its location System32.
I therefore rebooted under Linux (dual boot drive) and mounted the XP disk. I browsed it from Linux and this time I found the cuplrit classified as the Rbot Worm.




It is using Rootkit techniques to hide itself from Explorer, however, the process is still visible....

Most hacked AppInit_DLLs ever

Storm Worm: Love Edition

Malware AutoIt error

AutoIt is a program to write Windows scripts. This malware author didn't smoke test it well enough... it crashed on my machine as it was trying to do its payload.