Category: Trojans

I just received the message below via email. This is nobody I’ve been into contact with before and I did not download the linked file. Services like Wetransfer is getting popular and now unfortunately the hackers has caught on and is using this as a vehicle to get their trojans and viruses installed so be warned.

The message is a valid Wetransfer email, so the hackers has simply used their service and entered in me as a recipient of their no doubt virus file.


Just recently, the U.S. Department of Justice brought charges against nine of the alleged members of some criminal organization that spread the Zeus Trojan. The said malware was used to steal millions of dollars from almost any bank account worldwide. The DOJ’s charges were unsealed last Friday in the U.S. District Court in the District of Nebraska, included conspiracy participating in the racketeering activity, the conspiracy to fraud and identity theft and several counts of bank fraud. Two of the defendants, Yuriv Konovalenko and Yevhen Kulibaba are for arraignment at the Federal courthouse in Lincoln, Nebraska, according to the. The two defendants were extradited recently from the U.K. For more information regarding this post, go to the source.

Source: ComputerWorld

Microsoft has discovered an unusually stealthy Trojan capable of deleting files it downloads in order to keep them away from forensics investigators and researchers.

The Trojan downloader, called Win32/Nemim.gen!A, is the latest example of how malware writers are using sophisticated techniques to protect their own trade secrets. The Trojan essentially makes downloaded component files irrecoverable, so they cannot be isolated and analyzed.

Typically, downloaders’ only job is to deliver the core malware. In this case, the downloader delivered the malware and continued to be an integral part of the operation.

Source: InfoWorld

Security researchers in China are warning Android users to be on their guard after claiming to have discovered a million-strong botnet lurking on the platform.

The Android.Troj.mdk Trojan, first spotted by security firm Kingsoft Duba back in early 2011, is thought to be hidden in over 7,000 apps today, including many popular games such as Fishing Joy and Temple Run.

Once installed it allows the attacker to remotely control the victim’s smartphone for a variety of nefarious ends including harvesting contact and messaging details, generating nuisance adware, committing click fraud and downloading additional apps, Xinhua reported.

Source: The Register

A Trojan that infects Android devices is behind an increase in text message spam in the US.

SpamSoldier infects smartphones and spews out thousands of SMS messages without the user’s permission. The mobile irritant is primarily spreading through texts that offer free versions of popular paid-for games such as Need for Speed: Most Wanted and Angry Birds Space.

Marks are encouraged to click on a web link in a message that supposedly leads to a game installer. In reality users who open the “installer app” only succeed in infecting their handset with the SpamSoldier Trojan.

Source: The Register

Thousands of PCs in the UK could be infected with malware used to extort money from people warned Bitdefender.

The security company, found on millions of PCs around the world, said the malware scans the user’s IP address. It then sends a message saying purporting to come from the police accusing people of piracy. People are told they can pay a fine of as much as £125 to avoid prosecution.

These forms of attacks using malware such as Trojan Horses are being called ransomware by the security industry. Research has shown this form of attack is growing and could become a major problem next year.

Source: Computer Active



An SMS Trojan was spotted in the Google Play marketplace, distributed via a series of wallpaper apps that may look legitimate at first glance but connect to a Dropbox account to download an additional package named “Activator.apk”. Bitdefender said in a blogpost.

On download, the package notifies the user it’s about to install and that “services that cost you money” are about to be used. Although it’s a one-time-only process, the “Activator.apk” immediately prompts for uninstall after sending the premium rated SMS messages so it can successfully hide its existence.

The screenshot below illustrates how “Activator.apk” is downloaded from a Dropbox account:

Source: SoftwareCasa

Researchers have spotted a new banking Trojan subbed ‘Tinba’ that appears to have hit on a simple tactic for evading security – be as small as possible.

Its main purpose is to burrow into browsers in order to steal logins, but it can also use ‘obfuscated’ (i.e disguised) web injection and man-in-the-browser to attempt to finesse two-factor web authentication systems.

A particularly interesting feature is the way it tries to evade resident security, injecting itself into the Windows svchost.exe and explorer.exe processes, as well as Internet Explorer and Firefox to give itself access to traffic passing through those.

The effects of malware can be anything from a brief annoyance to identity theft. Protect yourselves against malware. Remove malware as soon as you can. There are a number of programs out there that can help.

Source: PCWorld

Google is spreading information about the DNSChanger malware, but for some the warnings may persist even after removing the malware. Google alert claims users’ internet may shut down on July 9.

Google’s search results page shows a warning at the top that states “Your computer appears to be infected” along with a small description about systems not being able to connect to the Internet in the future.

The message also includes a link to an information page that generally describes what malware is and how to detect it.This alert has had a few people concerned about their abilities to stay online.

This message from Google is an effort to help people who were infected with a widespread malware infection called “DNSChanger.”

The DNSChanger malware is a Trojan horse infection that at its peak affected approximately 4 million PC systems worldwide, with about 500,000 of those being in the United States. When installed, the malware changes the system’s DNS server settings to point to a rogue DNS network set up by the malware developers.

Because this threatens the connectivity of thousands of PC systems, to help inform people of this malware threat, Google has implemented a service that determines if the rogue DNS network is being used by your computer, and then issues you the warning. If you see this warning, then there are several things you can do:

1. Check your DNS settings
2. Update antivirus utilities
3. Run DNSChanger removal tools
4. Clear browser caches and monitor the system

Source: CNET News

Security experts are warning of yet more malicious applications found on Google’s official online apps market Play, this time designed to steal personal data in the background while promising to show trailers for Japanese anime, video games and porn.

The new Android Trojan had been discovered in 15 applications on Google Play so far and downloaded by at least 70,000 users, McAfee malware researcher Carlos Castillo explained in a blog post.

“Due the privacy risk that these applications represent to Android customers, all of them have been removed from the market,” he cautioned.

 The malware, specifically designed to target Japanese users, is hidden in apps which show internet-based video trailers.
Source: The Register