Protecting over 200 million PCs, Macs, & Mobiles – more than any other antivirus

Archive

Author Archive
August 8th, 2011

Four browser nets and one phish

Not all browser nets can catch the same phish. One Friday evening, just before I wanted to go home, I received an interesting email.

It contained sentences like “ We recently reviewed your account, and suspect that your PayPal account
may have been accessed by an unauthorized third party” and words like “protected“, “security” and “unauthorized“.  Of course, at the end of the email, there were directions to click on a “Paypal” link to update information like login name and password.

Read more…

May 17th, 2011

Google-images poisoning stats

I think most of you have probably heard about Google-images poisoning, but what is it?

When a user performs a Google Image search, images from an attacker’s page can be shown at a certain position in the results page. The exploit happens when a user clicks on the image. Google displays an iframe to a legitimate site. The  browser will  then send a request to the page running the attacker’s script. This script checks the referrer and, if it is Google, the script starts new JavaScript. This causes the browser to be redirected to another site that is serving a fake antivirus.

More thorough technical  information about this attack could be found on the Unmask Parasites blog or the ISC site. In this blog, we only tried to focus on the data from the avast! Community IQ database to show how big this attack was, and to look at how many domains are still infected — with their admins either unknowing or not paying much attention to their websites. Read more…

November 3rd, 2010

Malware running on AutoRun

A normal part of using a computer is seeing the “Removable Device Inserted” announcement when plugging in a memory stick.

This is AutoRun, a really useful tool built into Microsoft operating systems. In addition to helping people pick the application for opening the new files, it is also a very common way of spreading malware. Did you know that AutoRun is a way for spreading around about two-thirds of current malware?

Read more…

Categories: analyses, Virus Lab Tags: ,