Archive for the ‘Spyforms’ Category

Welcome to Super Antivirus Blog

December 17, 2009

I am a Jedi. http://sinaurl.cn/hiWzC 化繁成简… 破茧成蝶 Panda Cloud Antivirus 首款基于云的免费防病毒软件

Posted in 1007, Adware, Anti-Phishing, Banking Trojans, Blackhat, Blackhat SEO, Blogs, Botnet, Challenges, Cloud computing, CMS, Contest, Cryptography, Cybercrime, Data Breach, Demonstration, E3, Exploit, Facebook.com, Fast-flux, flash_player_plugin.exe, Hostfresh, How To, identity theft, Internet Antivirus Pro, Malicious links, Malware, Malware in Social Media, Microsoft, Off Topic, Panda Security, PandaLabs, Patch, Phishing, PornTube, Ransomware, Rickroll, Rogue Anti-malware, Rogue Antimalware, Rogueware, Rogueware: Worms, SaaS, Scam, Scareware, Security Conference, Security Reports, SEO, Skype, SMS, Social Media, Social Networks, Spam, Spyforms, SQL Injection, SystemSecurity, Total Security, Trends, Trojan, Tutorial, Twitter, Uncategorized, Video, Vulnerabilities & Exploits, Web Applications, Worms, YouTube | 1 Comment »

Facebook Malware Refocusing on Bank of America

March 14, 2009

The perpetrators behind the recent Classmates and Facebook Malware incident are now refocusing their attack on Bank of America customers.  The new website is designed to look like a Bank of America Help page and reads:
“You have not been permitted to access the Bank of America Direct® login page because your browser did not provide a valid digital certificate. In order to access Bank of America Direct, you must have a valid Digital Certificate installed on your PC.  For help, please select from the help links below.”

Bank of America Malware Site

The page includes a fake video which is labeled as an “Installation Demo” but points to a Malicious Executable named Adobeflashplayer.exe, which we detect as Trj/Spyforms.BZ.

Trj/Spyforms.BZ is primarily distributed through links in spam e-mails and the Trojan is designed to monitor network traffic and steal ftp, icq, pop3, and imap passwords.  The stolen data is then sent back to a server located in Hong Kong. 

Posted in Hostfresh, Malware, Spyforms | Comments Off on Facebook Malware Refocusing on Bank of America

Malware Impersonates Classmates and Facebook Websites to Deliver Password Stealing Trojan

March 12, 2009

Websites designed to look like Classmates.com and Facebook are currently being used to distribute a password stealing Trojan, which we detect as Trj/Spyforms.BZ.   Some of you may remember the Spyforms Malware family from a previous incident involving Barack Obama spam campaigns. In this most recent incident, the malicious web links are still primarily distributed via spam e-mails. Once clicked, the victim is presented with a realistic looking Classmates or Facebook website.  The website contains a fake YouTube video, which prompts a dialog stating “Please Download correct Flash Movie Player!  Installation: Double-click the downloaded installer.  Follow the on-screen instructions!” and attempts to download a file named Adobemedia10.exe or Adobemedia11.exe. 

Fake Classmates.com Malware Site

Fake Facebook Malware Site

Once installed, the Trojan intercepts network traffic in order to obtain ftp, icq, pop3, and imap passwords and then sends the data back to a server in a Hong Kong based ISP (HOSTFRESH).  You may recall the last major Malware incident involving the Hong Kong based ISP, which was one of the providers involved in the malware distribution operation taking place inside of the Atrivo/Intercage network.

Posted in Facebook.com, Hostfresh, Social Networks, Spyforms | Comments Off on Malware Impersonates Classmates and Facebook Websites to Deliver Password Stealing Trojan