Browse by Tags

All Tags » In the Wild (RSS)
Sat, Oct 27 2007 17:45

Storm Worm variant now using Kittycard.exe as filename

Kittycard.exe is now of one the filename use by this Storm Worm. Email received today: The new filename is Kittycard.exe: Half of malware scanners via VirusTotal.com will detect it while half did not: For you... to read : The Storm Worm: http://www.schneier...
Posted by donna | with no comments
Filed under: ,
Sat, Oct 27 2007 12:58

What's with the malicious PDF file?

Symantec wrote: the PDF file will download ldr.exe file F-Secure reports: The PDF is spiced with CVE-2007-5020 exploit that downloads ms32.exe that downloads more components. So I grab both .exe files (ms2.exe and ldr.exe) and uploaded it to Virustotal...
Posted by donna | with no comments
Filed under: ,
Fri, Oct 26 2007 20:32

In the wild: Malicious PDF files; Which AV will detect it?

If you haven't update your Adobe Reader to v8.1.1, you better to do it NOW. The vulnerability is being exploited now and yup, it's in the wild because I received copies already. Screenshots at http://www.dozleng.com/updates/index.php?showtopic...
Posted by donna | with no comments
Filed under: ,
Thu, Oct 25 2007 17:26

Spammer's trick: Redirection. Can't Google, Yahoo and AOL kill the false one?

This is not new since this is 'common' issue with redirection and being use by spammer but geez, can't this company do something to stop the redirection to succeed? Same SPAM emails received today: That's AOL, Yahoo and Google. Guys, you...
Posted by donna | with no comments
Filed under: ,
Sun, Oct 21 2007 6:21

2 more kitty (storm worm) gone undetected by many scanner

I received similar email last week where 15 out of 32 malware scanners will detect or trigger an alert if found or being downloaded in the system. Today, I got 2 more kitty greetings. Result is 10 out of 32 scanners will detect or trigger an alert: Preview...
Posted by donna | 1 comment(s)
Filed under: , , ,
Tue, Dec 19 2006 7:42

Skype Worm Breaks Out in APAC

Symantec and Websense have warned Skype users of a new worm that spreads itself via Skype text messages. Dubbed Chatosky by Symantec, the cycle starts with a Skype user receiving a message offering a file called sp.exe. According to Websense's preliminary...
Posted by donna | with no comments
Filed under: ,
Sat, Dec 16 2006 1:50

Worm Alert: Big Yellow; Worm hits computers via Symantec Corp.'s antivirus program

Date: December 15, 2006 Severity: High Systems Affected: Symantec AntiVirus 10.0.x for Windows (all versions) Symantec AntiVirus 10.1.x for Windows (all versions) Symantec Client Security 3.0.x for Windows (all versions) Symantec Client Security 3.1.x...
Posted by donna | with no comments
Filed under: ,
Thu, Dec 14 2006 16:03

Rustock: Deep Dive

Rustock, also known as “Spambot”, is a family of back door programs with advanced user and kernel mode rootkit capabilities. Rustock has constantly been in development since around November, 2005. Rustock is a tough threat to combat because of its approach...
Posted by donna | with no comments
Filed under: ,
Mon, Jul 10 2006 18:52

Variant of phished Google Mail in the wild

Websense Security Labs has received reports that a variant of Google phishing attacks are increasing in sophistication. Details at http://www.websense.com/securitylabs/alerts/alert.php?AlertID=545
Posted by donna | with no comments
Filed under:
Thu, Jun 29 2006 21:26

Argh! 2nd instance of fake Windows Genuine Advantage Notification

One earlier and now there's 2nd ... it's at Daniweb 's forum (Thanks to Microsoft MVP Robear Dyer for the link). The bad file is faking Microsoft's Windows Genuine Advantage Notification and Validation Tools. As you can see on earlier (the first report...
Posted by donna | 1 comment(s)
Filed under:
Wed, Jun 28 2006 2:23

Email Blast, From the Past

McAfee Avert Labs reports : A Microsoft Word document was mass-spammed today, which exploits MS01-034 . While this vulnerability was patched nearly 5 years ago, the DOC file can still deliver its payload if users allow Word to run the malicious macro...
Posted by donna | with no comments
Filed under:
Fri, Jun 16 2006 17:16

Doombot Worm Spreads Via Phishing Model Attack

Security experts at MicroWorld Technologies inform that a Backdoor Worm named 'Doombot.k', is spreading fast via 'abuse warning' emails, spoofing domain names of security software companies and leading business houses. The modus operandi of proliferation...
Posted by donna | with no comments
Filed under:
Thu, Jun 15 2006 19:18

Panda Alert: BlackAngel.B worm spreading via MSN Messenger

Panda Software, warns of the spread of the new B variant of the BlackAngel worm. PandaLabs has already received several incidents from users affected by this worm. This worm spreads via Microsoft’s instant messaging program MSN Messenger. In order to...
Posted by donna | with no comments
Filed under:
Sat, Mar 25 2006 17:32

Spyware Quake is in the wild

Sunbelt reports "There is a new rogue Anti-Spyware application out there serving as a replacement for Spy Falcon and SpyAxe." Eric L. Howes added Spyware Quake to its list of Rogue/Suspect Anti-Spyware Products & Web Sites Spywarewarrior.com Forums...
Posted by donna | 1 comment(s)
Filed under:
Thu, Feb 16 2006 16:26

Apple OS X gets its first virus

The first virus to target Apple's OS X operating system has been identified in the wild. Leap-A (also known as Oompa-A) spreads via the iChat instant messaging system, forwarding itself as a file called 'latestpics.tgz' to contacts on the infected user...
Posted by donna | 1 comment(s)
Filed under: ,
Tue, Feb 7 2006 18:09

Phishing-based attacks on 3 banks

Websense Security Labs has received reports yesterday (Feb. 6, 2006) of a new phishing attack that targets customers of the following banks: - First Bank - Banco del Bajio - The Farmers Bank As usual, users receive a spoofed email, which claims: - the...
Posted by donna | with no comments
Filed under:
Tue, Jan 24 2006 14:08

Websense Alert: Yahoo! Account Compromise through Yahoo! Messenger

Websense Security Labs has received several reports of a new phishing attack that targets Yahoo! customers. Users receive a message through Yahoo! Instant Messenger, enticing them to access a website with "click on this website." Upon clicking on the...
Posted by donna | with no comments
Filed under:
Tue, Dec 20 2005 12:52

Another Dasher

Dasher.A, B and C few days ago. Now it's Dasher.D. See Symantec's article on Dasher.D here . Dasher infects 3,000 machine already!
Posted by donna | with no comments
Filed under:
Tue, Dec 20 2005 12:08

Spyware Lures to Install Potentially Unwanted Software

Websense Security Labs is seeing a large increase in the number of websites and emails that use deception and/or browser vulnerabilities to install potentially unwanted software. The common theme among these threats is the use lures of possible spyware...
Posted by donna | 2 comment(s)
Filed under:
Sun, Dec 18 2005 5:57

Dasher A, B, C - Internet worm exploits MS05-051

Read Microsoft's MVP Harry Waldron's journal on this Dasher worm. Some antivirus vendors have released Dasher detections: Dec. 15 - Symantec released Dasher.A and Dasher.B detections while Sophos released Dasher.B detection. Like Symantec, F-Secure released...
Posted by donna | 1 comment(s)
Filed under:
More Posts Next page »