of 172 page(s)
Complex - PDF hides Malware inside XFA which is inside PNG - not an image
April 6, 2011
We recently received an email supposedly from Puremobile - a supplier of unlocked cellphones. The "order confirmation" included a PDF file as shown below.
Advice after the Epsilon breach
by calling us at the toll-free number available on our web site
April 5, 2011
Should I feel left out? I didn't receive an apology letter from my bank, broker or grocery store this week.
In case you are wondering what they should be apologizing about - besides the weak dollar or the price of tomatoes - the online marketer Epsilon was breached this week by hackers, and reports say that millions of US customers' email addresses and names were exposed (as well as the name "Epsilon" which was previously unknown to most consumers).
UPS malware now sent via DHL!
March 31, 2011
For the 3rd day running we are seeing vast quantities of email-attached malware.
Today the spoofed sender was DHL with subjects like "DHL Express Service". The emails included standard test such as...
Huge amounts of UPS and Facebook malware attachments
March 30, 2011
Virus distributors have steadily decreased their usage of email as a means of malware distribution.
The more popular methods nowadays include the use of drive-by downloads as well as "voluntary" downloads of "shockwave updaters" and "movie codec files". But the last day or so has seen very high levels of emails with attached malware. At one point these accounted for over 30% of all email received.
iPad 2 affiliate marketing scams and incompetent spammers
March 29, 2011
It's so hard to find good help these days.
Even in the world of spam you just have to do everything yourself or else take a risk that some inattentive subordinate is going to mess up. Like this Apple iPad 2 marketing scam campaign which should have the recipient name neatly filled in...
An un-epiphany (how to use a GPU to speed up ClamAV)
March 17, 2011
I have always been amused at people talking about the death of the antivirus industry. It has supposedly been dying for decades and it is still around and growing.
What amuses me even more is how people can sound so knowledgeable about how antivirus works and why it is doomed to fail. What is especially amusing is precisely how they get all their facts wrong. I was busy reading about GPU (Graphics Processing Unit) based super-computers and its uses when I came across an interesting paper on how to use a GPU to speed up antivirus software. So I read it and had my un-epiphany.
Has the reported disruption of Rustock affected spam levels?
March 17, 2011
Numerous reports have been circulating about the sudden demise of the Rustock botnet.
If Rustock has been taken down there are several possible explanations for the generally stable spam levels shown above...
How PDF files hide malware - Example - PDF scan from Xerox
February 9, 2011
The body of the email says that the PDF attachment comes from a "Xerox WorkCentre Pro", a very popular copier machine widely used in offices.
We assume that this type of email and the "innocent" looking PDF attachment would convince most office recipients to open the attachment and thus install new malware on their systems. Commtouch's Command Antivirus detects this malicious PDF as PDF/Expl.IQ. Recipients who actually open the file will see nothing - there is no text or image content displayed.
Analysis of an attack targeting Bank of America customers
February 7, 2011
The attack begins with a message that comes from a spoofed "Bank of America" sender (such as: RiskDept@hotmail.com, or RiskDept@msn.com).
The attached file, BillingVerification.exe, is a self-extracting archive which contains and automatically loads an html page in the recipient's browser. The file saved on the local drive is:
Malware spread via Facebook Chat
January 27, 2011
Facebook chat messages containing malicious links are being sent from compromised Facebook accounts. The messages are typically sent to all of the compromised user's friends.
The Facebook chat messages include text such as "hahahah foto" and the phony Facebook application pages are also photo-related such as "cytepic" and "artephotos".
Help keep this page up-to-date. Submit a Virus Information News link for inclusion on this page.