Fake Windows XP activation trojan.
11-20-08
Known as Kardphisher and “in the wild” since April, 2007, last week the malware author of this trojan horse mimicking the Windows XP activation interface while collecting the credit card details the end user has submitted, has made significant changes to visual interface and usability of the trojan, consequently improving its authenticity. Guess what happens when a gullible end user falls victim into this social engineering attack?
Their credit card details end up automatically into an IRC channel specifically set for that purposes.

“Hello kitten”
- malware spammed out in sexy picture email
11-3-08
Do you know anyone who might call you “kitten”?
Is she in the habit of sending you sexy photos?
If you answered yes to any of the above questions, then you might be at risk of a virus infection - especially if you receive an email with the subject line “I am free… :)” looking like this:
Malicious hello kitten email
Whatever you do - don’t open that attachment. Even though it pretends to be a digital photograph made on a Pentax camera, it’s nothing of the sort.
The email isn’t really from an old flame, and the attached file isn’t really a sexy photo but a copy of the Troj/Agent-ICW Trojan horse.
Beware the fake Windows
Security Center
Windows XP Service Pack 2 added the Windows Security Center, a central
location, accessible from Control Panel, where you can view the status
and make changes to security related settings. A new Trojan is out
there that installs a fake Security Center interface that nags you to
install "Windefender 2008." Some users would logically
assume that this is a new version of Windows Defender, but it's not.
The really insidious part is that the program also interferes with
your Internet connection, blocking you from downloading anything else
until you pay $40.00 for the fake software. Read more about this scam
here:
http://www.wxpnews.com/75XE59/081021-Research-Blog
Fake MS Update notifications
by email.
10-15-2008
Malicious attackers are once again taking
advantage of event-based
social engineering attacks, and are currently mass mailing fake
notifications for Microsoft’s
Patch Tuesday, attaching a copy of Trojan.Backdoor.Haxdoor,
next to a
legitimately looking PGP signature which is, of course, fake
too .
Furthermore, this backdoor opens
several TCP ports that allow remote attackers to connect to the
comprmised PC and execute files, steal information from it, or
upload and download files. The attachment’s file name varies, but
uses the convention KBxxxxxx.exe, where xxxxxx is a random 6-digit
number. Below are some of the file names we’ve seen, and are being
used:
KB199250.exe
KB246586.exe
KB535548.exe
KB572906.exe
KB763412.exe
AntiVirus
2008 or 2009 -
TOP Threat! The threat looks like
this
and this.
9-2008
A rogue anti-malware program that displays false
virus results and requires you to first purchase the software before you can remove anything. When installed, Antivirus 2008
or 2009 will scan your computer and list a variety of infections found on your computer. Results are fake and they are just trying to scam you into purchasing the software.
This program is typically known to infect a computer just after performing an install of specific video
codec or an infected email link. This corrupted video codec is usually distributed with a Trojan, Malware and Virus. It is crucial to remove all the components of XP Antivirus and all malware and trojans such as
zlob.trojan, trojan.vundo and trojan.downloader that may have been installed along with it.
Free Tool Very effective against this threat:
Malwarebytes'
Anti-Malware
Or for the geeks among us:
How to manually remove XP Antivirus:
Navigate to Start-> Run, type cmd in the box and click Open
In the command window, type regsvr32 /u shlwapi.dll and press Enter
Next type regsvr32 /u wininet.dll and press Enter
Next Press Ctrl + Shift + ESC
Right click on XPAntivirus.exe from the processes window and select the option to end process
Right click on XPAntivirusUpdate.exe from the processes window and select the option to end process
Navigate to Start-> Search, then click on Files and Folders. Search for and delete the following files:
XPAntivirus.exe
XPAntivirusUpdate.exe
shlwapi.dll
wininet.dll
XP Antivirus 2008.lnk
Uninstall XP Antivirus 2008.lnk
XP antivirus
XPAntivirus.lnk
Uninstall XPAntivirus.lnk
XPAntivirus on the Web.lnk
XPAntivirus.url
Navigate to Start-> Run, type regedit in the box and click Open
Delete XP antivirus in the following path: HKEY_USERS\Software\
Restart your PC and everything should be back to normal
Virus infects BOGUS FedEx Tracking email
8-2008
Subject: Fedex Tracking Number 4296240370
Virus: Win32:Rootkit-gen
Message:
Unfortunately we were not able to deliver postal package you sent on August the 1st in timebecause the recipient’s address is not correct.
Please print out the invoice copy attached and collect the package at our office
Is that really Barack Obama in that
video?
----
As the US Presidential fight hots up, hackers have attempted to infect millions
by sending an email claiming to contain a link to an incriminating video of
Barack Obama. Salacious surfers and followers of hot political news may be
tempted to watch the video, but risk being infected by malicious code. Watch our
video to find out the truth behind this campaign.
http://www.sophos.com/blogs/gc/g/2008/09/10/barack-obama
Beware malware fallout from fake nuclear
explosion emails
----
SophosLabs has intercepted a widespread malicious spam campaign that claimed
there had been a powerful explosion at a nuclear power station outside London.
According to the email, the government have stopped the media reporting about
the incident and prevented anyone affected by it contacting the outside world.
As you may have suspected, opening the email attachment is not a good idea...
Learn more about this new threat now.
http://www.sophos.com/blogs/gc/g/2008/09/11/nuclear-email
No, your internet access is not being
suspended
----
Emails claiming that "your internet access is going to get suspended",
have been widely distributed across the net. Claiming that the receipient has
committed "illegal activities" such as pirating software, movies or
music, the attachment is in fact designed to infect PCs. Sophos advises on the
threat, and tells users what to look out for.
http://www.sophos.com/blogs/gc/g/2008/09/12/your-internet-access
Back to the top |