After a relative low virus detection for more than a week, MX Lab started to intercepted a new virus outbreak of Bredolab in emails regarding a Western Union money transfer. The malware is named Bredolab.gen.a (McAfee), TrojanDownloader:Win32/Bredolab.X (Microsoft), Mal/Krap-B (Sophos) or Trojan.Bredolab!gen3 (Symantec).
The spoofed from address is in the form of Manager Ginger Patrick <customer@westernunion.com> where [...]
November 30, 2009
Categories: Viruses . Tags: Bredolab, Malware, trojan, virus, Western Union . Author: mxlab . Comments: 1 Comment
MX Lab intercepts emails with an embedded URL that leads to a web site where you will have the notice “You don’t have the latest version of Macromedia Flash Player.” and you can download the file flashinstaller.exe. The file itself is malware and listens to the name Win32:Zbot-MGA (Avast), W32/Bifrost.C.gen!Eldorado (F-Prot), PWS-Zbot.gen.v (McAfee) or PWS:Win32/Zbot.gen!R [...]
November 20, 2009
Categories: Malware, Viruses . Tags: flash installer, flashinstaller.exe, Malware, torjan, virus . Author: mxlab . Comments: 4 Comments
Between October 27 and November 09th, 2009, MX Lab has noticed a large amount of viruses. Bredolab, distributed by the Cutwail botnet, was responsible for the majority of viruses during this period. After a few days low virus detection we see new peaks again with different virus campaigns.
The messages contain the trojan Win32:Trojan-gen (Avast), Trojan.Sasfis.C (BitDefender), [...]
November 17, 2009
Categories: Viruses . Tags: Malware, Sasfis, trojan, virus . Author: mxlab . Comments: Leave a Comment
Social networks are often subject to phishing and today MySpace is the target. MX Lab intercepted some messages from MySpace <message-*********@message.myspace.com> – where * stands for random letter and number combination. The from address is obviously spoofed.
The body of the email:
Dear MySpace user!
Please be informed that you are required to update your MySpace account.
Please update [...]
November 10, 2009
Categories: Phishing . Tags: myspace, Phishing . Author: mxlab . Comments: 1 Comment
MX Lab intercepted a large amount of emails with the subject “DHL Tracking Number 3YMH6JJY” containing the trojan TrojanDownloader:Win32/Cutwail.gen!C (Microsoft), Trojan.Kobka.E (GData), AVG (SHeur2.BQSN() or Troj/Agent-LQA (Sophos).
The contents of the email:
Dear customer!
The courier company was not able to deliver your parcel by your address.
You may pickup the parcel at our post office personaly.
The shipping label is [...]
November 10, 2009
Categories: Viruses . Tags: DHL tracking trojan, Malware, trojan, virus . Author: mxlab . Comments: 22 Comments
Yesterday MX Lab reported regarding a phishing email that has no URL but instead an attached HTML document with a web form included. Since then we see more similar cases and also PayPal is subject to this technique. The senders address shows us “www.paypal.com” <service@paypal.com> but this is spoofed. The email was sent from 69.128.90.226, an [...]
November 9, 2009
Categories: Phishing . Tags: paypal, PayPal phishing, Phishing . Author: mxlab . Comments: 1 Comment
In almost every phish email there is an URL leading to the phishingsite where you are asked for a login, password and other personal information. With the latest phish targeting Banca Agricola Popolare di Ragusa the URL is not inside the email but there is an attachment in HTML format. The goal of this trick [...]
November 8, 2009
Categories: Phishing . Tags: Phishing . Author: mxlab . Comments: 2 Comments
Apparently, the virus campaigns are far from over. MX Lab reported on this blog regarding the latest virus campaign that would be an attempt to grow the Cutwail botnet by infecting new computer systems by launching new trojan variants every few days.
MX Lab now intercepts a new Facebook virus campaign from the spoofed address <automailer+gtevzolc@facebook.com> or [...]
November 7, 2009
Categories: Viruses . Tags: Bredolab, facebook, Facebook trojan, Malware, trojan, virus . Author: mxlab . Comments: 6 Comments
Several sources reported a surge of the Bredolab trojan in the middle of October but MX Lab did noticed an real increase on October 27th.
The following graph shows the virus detection from October 7th until November 5th (from right to left) with small peaks at the beginning of October while at the end the virus [...]
November 6, 2009
Categories: Viruses . Tags: botnets, Bredolab, Cutwail botnet, trojan, virus . Author: mxlab . Comments: 2 Comments