Consolidated Malware Callback IPs as on 24/8/2012

Below are the consolidated Callback IPs Identified from past 3 weeks.
Which include Zbot, Zeroaccess/Sirefef Infection Callback IPs.
Watchout your network who are going to below IPs. 13 more words

Technical paper - Fake anti-virus: The journey from Trojan to a persistent threat

Fake anti-virus (also known as scareware) has grown over the years into a persistent and prevalent threat and is now one of the largest families of malware that we’ve seen in recent history. 101 more words


BitTorrent serves malware directly from website - no need for P2P!

Back in 2001, when BitTorrent was first announced, it seemed inevitable – and, at the same time, implausible – that a commercial company based around its social approach to file sharing would emerge and succeed, despite its novelty. 603 more words


Email with Guys & Dolls ZIP file contains trojan

MX Lab intercepted some emails with the subject “Ad third try” with attached a ZIP file named Guys & Dolls_displayad.zip.

The message comes from a spoofed email address and has the following body: 96 more words


Trend Micro Unmasks FakeAV

We all know what a pain FakeAV has been over the course of the last few years. It seems to be the problem that just won’t die. 157 more words


FakeAV Serial Fishing


I am going to analyze a FakeAV (thanks to MDL) md5: 5493bb325f4b3a1cc6efab226d1c4600. This analysis will be focused on how to spot the serial checking algorithm and retrieve a valid serial. 282 more words