Spyware Remover Help Spyware removal ebook Free download

The criminals behind Rogueware attacks are becoming increasingly aggressive in their approach to make money. We recently stumbled across a sample (Adware/TotalSecurity2009) which uses a ransomware technique to improve its sales. Once the computer becomes infected, Total Security forces the victim to purchase it before it will allow any files from being accessed on the system. When attempting to open a file, a message pops up in the notification area claiming that the application was blocked due to infection. The pop up recommends activating the "antivirus" software, which costs $79.95. This would be a devistating blow to any user and would likely force the victim to purchase it, so we went ahead and cracked the sample to reveal all of the valid serial numbers. We're hoping that victims can find this blog post before shelling out any hard earned cash to these criminals. Watch the video to see it in action: Valid serials for Adware/TotalSecurity2009:WNDS-TGN15-RFF29-AASDJ-ASD65 WNDS-U94KO-LF4G4-1V8S1-2CRFE WNDS-6W954-FX65B-41VDF-8G4JI WNDS-G84H6-S854F-79ZA8-W4ERS WNDS-TTUYJ-7UO54-G561H-J1D6F WNDS-A1SDF-6AS4D-RF5RE-79G84 WNDS-A1SDF-RY4E8-7U98D-F1GB2 WNDS-5SRTS-AEHUF-YA54S-D6F35 WNDS-P9685-4H41A-DSW3A-2R64T WNDS-2AE32-1VFC2-B6894-G67YU WNDS-4TS8R-D6F5D-4JH8T-U4JK5 WNDS-FGS5D-649RG-4S53D-412SF WNDS-452S3-ER00F-TSE35-S8FSD WNDS-SERFH-2642S-F04SD-64FG1 WNDS-F40SA-1ER5H-4FG5D-F8412 WNDS-5D1V2-XB0D5-JT1TY-97DS3 WNDS-4BGY2-JY4KO-IT98Y-7HJ43 WNDS-G8FB6-1V87S-DRT1S-63SRG WNDS-HFVDR-9844O-U54DA-5TBSC WNDS-89OF7-7324R-5SAD4-TG68U WNDS-JUYH3-24GHJ-HGKSH-FKLSDYou can download a free trial to completely remove the infection once the ransomware feature is removed.Special thanks to Mikel Echevarria Lizarraga for extracting the serials.
source

Tags: adware, antivirus, panda, ransomware

Posted under Malware Alerts

One of the latest examples of ransomware we have seen is Trj/SMSlock.AThe main aim of this malware is to make users pay ransom for their computer in order to have it completely operative.Until now some of the functionalities we had seen in ransomware were to encrypt certain documents or extensions of the computer or to empty the emails of the user’s inbox and the contact list, among others. However, in the case of Trj/SMSlock.A, it locks the access to the system (leaving the computer unusable), and it displays on the screen a message in Russian which contains the instructions so that users send an sms as a random for their system: Note: Below you have the transcription in English of the message displayed on the screen.To unlock you need to send an SMS with the text 4121800286 to the number 3649 Enter the resulting code:Any attempt to reinstall the system may lead to loss of important information and computer damage
source

Tags: malware, panda, ransomware

Posted under Malware Alerts

The infamous Gpcode ‘ransomware’ virus that hit computers in July was the work of a single person who is known to the authorities, a source close to the hunt for the attacker has told Techworld. The individual is believed to be a Russian national, and has been in contact with at least one anti-malware company, Kaspersky Lab, in an attempt to sell a tool that could be used to decrypt …


original article

Tags: malware, ransomware

Posted under Spyware in the News

We have detected a new case of RansomWare.

Once the malware infects users and encrypts their files, several “read_me.txt” files are created in the infected system, which warn users that their data files have been encrypted and that they won’t be able to access them unless they pay a ransom of $300.

 The email addresses indicated in the message may vary:

kiloglamour@gmail.com

tristanniglam@gmail.com

oxyglamour@gmail.com

glamourepalace@gmail.com

The “personal code” may also vary depending on the random value that is used to encrypt the data.

The encrypted files usually begin with the text “GLAMOUR”:

We have managed to access the data of the infected systems and there are 1,108 infected computers.

Besides, in 111 of those machines the port 6838 is open so that the machines act as socket servers.

The “construction kit” of Trj/Sinowal has been used to create this Trojan.

We have already mentioned this malware family in the eCrime 2007

http://research.pandasoftware.com/blogs/research/archive/2007/03/29/eCrime-2007-Congress.aspx

According to SecureWorks, this “construction kit” is sold for around $1,000.

http://www.computerworlduk.com/management/security/cybercrime/news/index.cfm?RSS&NewsId=3740

This variant has been detected as Trj/Sinowal.FY in the signature file.

Tags: malware, panda, ransomware, trojan

Posted under Malware Alerts

We have detected a new case of RansomWare.

Once the malware infects users and encrypts their files, several “read_me.txt” files are created in the infected system, which warn users that their data files have been encrypted and that they won’t be able to access them unless they pay a ransom of $300.

 The email addresses indicated in the message may vary:

kiloglamour@gmail.com

tristanniglam@gmail.com

oxyglamour@gmail.com

glamourepalace@gmail.com

The “personal code” may also vary depending on the random value that is used to encrypt the data.

The encrypted files usually begin with the text “GLAMOUR”:

We have managed to access the data of the infected systems and there are 1,108 infected computers.

Besides, in 111 of those machines the port 6838 is open so that the machines act as socket servers.

The “construction kit” of Trj/Sinowal has been used to create this Trojan.

We have already mentioned this malware family in the eCrime 2007

http://research.pandasoftware.com/blogs/research/archive/2007/03/29/eCrime-2007-Congress.aspx

According to SecureWorks, this “construction kit” is sold for around $1,000.

http://www.computerworlduk.com/management/security/cybercrime/news/index.cfm?RSS&NewsId=3740

This variant has been detected as Trj/Sinowal.FY in the signature file.

Tags: malware, panda, ransomware, trojan

Posted under Malware Alerts