Spyware Remover Help Spyware removal ebook Free download

We have just discovered another spam message used to fool users into installing a new banking Trojan (Trj/Banker.LGC). This time it passes itself off as if it were a real piece of news from El Pais, one of the major newspapers in Spain. It is about a car accident that would have taken place today in Bilbao and where Fernando Alonso, the two-time Formula 1 world champion has been supossedly seriously injured. As I'm writing this post from Bilbao, I can guarantee that there has not been any car accident in which Fernando Alonso is involved… ;-)The link to download the video points to the Trojan. This is a screenshot of the fake piece of news:The banking Trojan targets one of the biggest Spanish banks, which in the past was one of the Fernando Alonso's team sponsors. This is not the first time we have seen this piece of news used to spread malware though, as a few weeks ago we saw a very similar one, the major difference was that it was trying to install a Gaobot worm instead.


original article

Posted under Malware Alerts

Revision Note: July 16, 2008: Updated the example workaround steps for running the update to Windows Server Update Services 3.0 Service Pack 1 on Windows Server 2008 as an administrator. Advisory Summary:Microsoft has completed the investigation into public reports of a non-security issue that prevents the distribution of any updates deployed through Microsoft Windows Server Update Services 3.0 or Microsoft Windows Server Update Services 3.0 Service Pack 1 to client systems that have Microsoft Office 2003 installed in their environment. Microsoft confirmed those reports and has released an update to correct this issue under Microsoft Knowledge Base Article 954960. Microsoft encourages customers affected by this issue to review and install this update.

Posted under Microsoft Security Alerts

These last days we have observed several false email messages in circulation which seemed to come from the UPS company. However, they are not related to with this company at all.The aim of these emails is not to inform us of the impossibility to deliver a postal package, but to entice us to open the attached file to infect our computers (detected as Trj/Agent.JEN).This malware is copied in the system, replacing the Windows Userinit.exe (this file is the one which runs explorer.exe, the interface of the system and other important processes), copying the legitimate file as userini.exe, so that the computer can work properly.Additionally, it establishes a connection with a Russian domain, which has been used on some occassions by banker Trojans. From this domain it will redirect the request to a German domain in order to download a rootkit and a rogue antivirus, detected as Rootkit/Agent.JEP and Adware/AntivirusXP2008 respectively.The following graph represents the evolution of this malware with regard to the samples received in our laboratory during the last days. Before being included in our signature file, it was already detected by our TruPrevent Technologies as a suspicious file. Trj/Agent.JEN MD5: 6B4EF50E3E21205685CEA919EBF93476Rootkit/Agent.JEP MD5: C65EBF59203CE3F05861398CC41A976AAdware/AntivirusXP2008 MD5: EF6FFCC71B81B53328B63985B20C3871


original article

Posted under Malware Alerts