Recent Posts Tagged With 'dropper'

• Cutwail/Pandex reader_s.exe Continues to Deliver Spambots and mmx Evasions throughout Shutdowns

  Posted on Monday August 10th, 2009 at 17:22 in bot, dropper, evasion technique, undetected malware, fakealert

  Cutwail (also known as Pandex) malware is not a new family name on the bot scene. However, the Cutwail/Pandex botnet is described as one of the largest and most active botnets currently known. This resilient botnet managed to bounce back after both t...

• South Korea and U.S. Government Sustained DDoS

  Posted on Thursday July 9th, 2009 at 12:31 in bot, dropper, government and cybersecurity

  The botnet driven distributed denial of service attack that started over the weekend has been attacking American agency web sites like the White House web site, the FTC site, NYSE site, FAA, NSA, Dept of Homeland Security, the Treasury, and many more...

• Koobface flash_udpate.exe Around the World

  Posted on Friday December 5th, 2008 at 19:46 in worm, social engineering, dropper

  We are analyzing the binaries and koobface processes and will provide detailed technical information later -- this one performs lots of process, system admin, file create/delete activity, and each one has a tricky anti-emulation trick that we'll desc...

• Crack.exe

  Posted on Tuesday December 2nd, 2008 at 13:14 in dropper, undetected malware, antimalware solutions

  If you find yourself installing and running cracks and keygens that you're downloading over Limeware, stop what you're doing. First, stop using cracks and pirated software. Secondly, nothing truly is for free.Limewire users have been seeing various k...

• Fakealert Droppers

  Posted on Wednesday September 24th, 2008 at 15:05 in trojan, social engineering, rogueware, dropper, fakealert

  A high number of Fakealert droppers are showing up on the radar today and yesterday. A crack under the name "crack_ver1.454.0.exe" in a "zebradesigner pro.zip" package is being distributed from a fairly popular crack site. The standard phony codec di...

• CbEvtSvc.exe Is Not Flash

  Posted on Thursday July 31st, 2008 at 15:21 in bot, social engineering, dropper, undetected malware

  We are researching a couple of highly prevalent pieces of malware, and may be drawing some links between the two.Thousands of websites have been compromised and are spreading phony "get_flash_update.exe" files via a "showvideo.html" page titled "Watc...

• Removal Tool? No.

  Posted on Monday June 23rd, 2008 at 19:09 in worm, bot, rat, dropper, undetected malware, chasenet, swerat, bifrost

  A little detected "tool" is downloading and executing bots. A version of "driveguard.exe", with promises of cleaning up your system from infections and keeping it clean, is worming its way onto machines and downloading strains of Poison Ivy as "WinSe...

• Spambot Crackz

  Posted on Friday June 20th, 2008 at 11:26 in spam, adware, rootkit, social engineering, dropper, undetected malware

  Last Thursday's post commented on malware commonly bundled with crackz. A large number of users are running files that appear to be distributed from a number of crack sites. We will not publish those domains on this post.The filename bundles carry a ...

• ThreatFire Crackz

  Posted on Thursday June 12th, 2008 at 16:45 in dropper, vundo

  Sure, you want to get it for free. Who doesn't want free schwag?In our previous post on peculiar Vundo capabilities, we detailed Vundo's inclusion of Microsoft Research Detours source code in their malicious binaries. After googling Vundo and reading...

• MSN IM Worm

  Posted on Wednesday June 4th, 2008 at 12:46 in worm, bot, social engineering, dropper

  Another MSN IM-worm is making the rounds, in an effort to create yet another IRC-based botnet. Almost all of the activity that we are seeing is coming from our user community in Italy, Spain, Argentina and Peru.A message will arrive, asking "Is this ...

• Agent again, this time undetected

  Posted on Wednesday May 14th, 2008 at 14:07 in obfuscation, dropper, undetected malware

  Several interesting surges in malware activity are showing up today. The most highly propagated that we are seeing is a large increase in the past 24 hours of an old friend that's been labelled "Trojan.Agent". The filename that we are seeing the mos...

• Aowch

  Posted on Thursday March 13th, 2008 at 16:49 in spam, bot, dropper

  A painfully high number of incidents have been occuring over the past couple of days in India, Thailand and Greece involving a bot/mailer that is installed by a "aow4.tmp", "aowc.tmp", "aow28.tmp"...you get the idea. The bot is downloaded from 66. 29...

• MonaRonaDona Mystery Solved

  Posted on Monday March 3rd, 2008 at 18:47 in adware, social engineering, rogueware, dropper

  Brain Krebs at the Washington Post blogged today about a pretty common, unusually mysterious, and very badly named extortion scam, "MonaRonaDona":"Nobody seems to know how the thing wiggles into infected PCs in the first place, but the one thing that...

• Help.exe still not much of a helper

  Posted on Tuesday January 8th, 2008 at 18:46 in worm, reversing, dropper, password stealing, evasion technique

  One of the highest hitting worms that ThreatFire encountered over the past week is a worm designed to target online game player logins by dropping a password stealer and rootkit components on infected systems. We previously blogged about the help.exe...

• Bootkit binaries in the wild

  Posted on Tuesday January 8th, 2008 at 16:02 in exploit, rootkit, blackhat, vulnerability, dropper, commodity kit

  Yesterday, we were further analyzing an executable that we recently haven't been seeing all that much of, tmpms45.exe. The filename is familiar, as sometimes various executables with that name are delivered by malicious emails or malicious web pages....