Everyone,
The content of this blog will be moving to http://pandalabs.pandasecurity.com. Therefore, you can find new and interesting posts at http://pandalabs.pandasecurity.com or www.pandalabs.com for this point on.
Content Migration
September 25, 2008
Leave a Comment » | 
General | Tagged: hacking tool, Malware, pandalabs, saas, spam, trojan, worm | 
Permalink
Posted by Ryan Sherstobitoff
Fake YouTube Page Creator – The Risk
September 15, 2008Last week PandaLabs discovered a new tool for creating fake YouTube video pages as a way of deceiving users into installing malware. The vector for infection is similar to many fake codec based malware attacks seen in recent weeks (CNN, MSNBC, etc). The flexibility of this tool allows anyone to direct the fake Adobe Flash update error to any malicious executable file hosted on any server – this means that essentially a hacker could register several domains in different countries (as seen in the CNN alerts attack) and utilize a bot-net to distribute a mass amount of spam pointing to these fake YouTube pages.
This tool introduces considerable risk to the community as it allows any hacker to easily generate false pages that have the look and feel of authentic YouTube pages and with the right combination of sending out spam, this could cause great damage.
Leave a Comment » | Malware analysis | Tagged: malcode, Malware, spam, trojan, Virus, YouTube | Permalink
Posted by Ryan Sherstobitoff
Attack of the Southwest Airlines Malware
September 11, 2008There is another round of spam messages claiming to be a ticket receipt for Southwest Airlines. The message attempts to entice the user into opening an attachment containing the electronic ticket which is actually malware classified as W32/Autorun.AEL.worm. The ploy here is the note that the ticket reservation system has changed and that an account has been created.
Leave a Comment » | Malware analysis | Tagged: Malware, security, southwest airlines, spam, trojan, Virus, worm | Permalink
Posted by Ryan Sherstobitoff
Fake Antimalware Applications
September 8, 2008As we have been monitoring the threat landscape during the last couple of weeks we have noticed an increase in fake anti-malware applications being used to defraud users. While these applications themselves do not provide any level of security for the user in terms of detecting and removing malware; the application itself is designed to trick the user into thinking that they are infected via the use of pop-ups and enticing them to purchase a full version as a means of cleaning the system.
The objective is always financial motivation and this is one way they are making money by sending out Spam with Trojan downloaders hidden behind the links designed to install fake security software, in a majority of the cases Anti-virus XP 2008.
Leave a Comment » | Malware analysis | Tagged: anti-malware, anti-virus XP 2008, malcode, malspam, Malware, spam, trojan, worm | Permalink
Posted by Ryan Sherstobitoff
New Celebrity Spam – Fake Security Product Installed (AV XP 2008)
August 28, 2008This morning the Celebrity spam campaign continued with a few new fake video codec sites delivering a downloader Trojan designed to install a fake security product known as AntiVirus XP 2008. It’s apparent now that a number of these spam campaigns are only interested solely in distributing this one particular fake security product. The file downloaded is called video99.exe or video66.exe and varies depending on the email message and the site used (HTML page names often correspond to the binary used index99.html, index66.html, etc).
Some of the subject lines of this particular spam campaign is:
“John McCain to Paris Hilton: Cosmo, baywatch!”
“Britney Spears Shaves Head at Request of Zombie Overlord”
Leave a Comment » | AV XP 2008, Malware analysis | Tagged: hacking tool, john mccain, malcode, malspam, Malware, paris hilton, security, spam, trojan, Virus, worm | Permalink
Posted by Ryan Sherstobitoff
pandasecurityus.wordpress.com 
