Spyware Remover Help Spyware removal ebook Free download

PandaLabs,

This morning we have seen an e-mail that was supposed to contain a Windows update for the vulnerability in the Kodak image viewer, which could allow arbitrary code to be remotely executed.

The e-mail seems to come from Microsoft Corp, though the domain from which it was created has no relation with this company:

The email subject is “Bolet?n de seguridad de Microsoft MS07-055 – Cr?tico”, though it is possible that there are more e-mails referring to different updates. The message contains real information about the security bulletin called MS07-055. However, the links included in the text lead to a different website, which is almost the same as Microsoft’s.
 
This is the website to which we are redirected. If we don’t pay much attention to the web address, we will be downloading a backdoor detected as Bck/Bandok.BO:

A really curious thing is that this malware is in fact installing the real MS update, plus a free backdoor to open your system to the bad guys. This is what you see when you run it:

Microsoft Official Update
MS07-055  WindowsXP-KB923810-x86-ENU.exe
MD5: a2d27a703f93c860e842af732ff3d93f

Fake Microsoft Update
MS07-055   WindowsXP-KB923810-x86-ENU.exe
MD5: b59d788bc907d9aecb15375abe09c606

Thanks to Fernando de la Cuadra and Xabier Francisco for this one!

Posted under Malware Alerts

PandaLabs,

As far as I can remember, the first time I talked about "Malware 2.0" was at the begining of this year, talking to Pedro Bustamante about a banking Trojan. He used it in his e-Crime Congress presentation, and since then I have seen it in many places, even when talking about spam. What happens is that it was related to add spam in blog comments, through Youtube accounts, Myspace, etc., so it was the old Spam using new distribution channels.

As you already know, spam is a profitable business, and the spammers are looking for new ways of increasing their benefits. A few weeks ago we saw the new MP3 Spam and I finished that post wondering how long we should wait to see MP4 spam… well, that time has come. Today we have received a spam message with a URL to a Youtube video. It is not a fake link, you click on it and you will see a video advertising an online casino and showing how to use the Martingale betting system.

In the same spam message they give you another link in case you want to bet. It is an affiliate link to the Casino they are promoting. Do you wonder how much money can they earn with this? Take a look at this:

Posted under Malware Alerts

PandaLabs,

Today, we have released our Quarterly Report. Inside you will find interesting information regarding trends on malware. This time we include a comparative review of "Kits for installing malware", as they have become one of the most used tools for spreading malware. 

Also, we make a review of the state of the vulnerabilities landscape. A list of unpatched vulnerabilities is also included.

You can download it in english or in spanish.

Enjoy it!

 

Posted under Malware Alerts