Content Migration

September 25, 2008


The content of this blog will be moving to Therefore, you can find new and interesting posts at or for this point on.


Fake YouTube Page Creator – The Risk

September 15, 2008

Last week PandaLabs discovered a new tool for creating fake YouTube video pages as a way of deceiving users into installing malware. The vector for infection is similar to many fake codec based malware attacks seen in recent weeks (CNN, MSNBC, etc). The flexibility of this tool allows anyone to direct the fake Adobe Flash update error to any malicious executable file hosted on any server – this means that essentially a hacker could register several domains in different countries (as seen in the CNN alerts attack) and utilize a bot-net to distribute a mass amount of spam pointing to these fake YouTube pages. 

This tool introduces considerable risk to the community as it allows any hacker to easily generate false pages that have the look and feel of authentic YouTube pages and with the right combination of sending out spam, this could cause great damage.

Banks are not the only target for phishing

September 12, 2008

It’s not just banks that hackers deploy phishing attacks against; it has been seen that hackers also deploy attacks against other payment processing services such as MoneyGram, Equifax, Western Union, etc as a way of gaining profit through harvesting personal details.

New Statement of Fees Malspam

September 11, 2008

The Statement of Fees malspam campaign continues today with additional messages containing new Trojans. This round is distributing the W32/Autorun.AFC.worm malware which connects and downloads a file called lspr.exe.

Attack of the Southwest Airlines Malware

September 11, 2008

There is another round of spam messages claiming to be a ticket receipt for Southwest Airlines. The message attempts to entice the user into opening an attachment containing the electronic ticket which is actually malware classified as W32/Autorun.AEL.worm. The ploy here is the note that the ticket reservation system has changed and that an account has been created.

Lloyds TSB Scam: Updated Terms and Conditions

September 9, 2008

Recently we have noticed several email messages claiming to come from Lloyds TSB a London, UK based financial entity informing customers that they are required to login and accept an updated terms and conditions, otherwise their account will be suspended. The messages appear to be coming from; however, when further analysis is done on the message header it is actually coming from several domains ending with .es.

When the user clicks the link below thinking they will be going to the terms and conditions, they are actually sent to a fake Lloyds banking site that guides the user through the login process (in an effort to steal credentials).

Fake Antimalware Applications

September 8, 2008

As we have been monitoring the threat landscape during the last couple of weeks we have noticed an increase in fake anti-malware applications being used to defraud users. While these applications themselves do not provide any level of security for the user in terms of detecting and removing malware; the application itself is designed to trick the user into thinking that they are infected via the use of pop-ups and enticing them to purchase a full version as a means of cleaning the system.

The objective is always financial motivation and this is one way they are making money by sending out Spam with Trojan downloaders hidden behind the links designed to install fake security software, in a majority of the cases Anti-virus XP 2008.