Securelist / Blog
Securelist / Blog
  • The Winlock numbers, the Winlock laws

    While Eugene’s busy taking bets (wonder how much he’s going to make?), I’ve been having a think about the Winlock case.

    Russian law enforcement is estimating that the bad guys could have raked in as much as $1 billion. While it’s difficult to be certain about the exact amounts involved (obviously they spread their money across a lot of different accounts to avoid attracting attention), a little bit of simple math makes me think this figure isn’t as crazy as it might sound.


    Our statistical analysis tells us there could be around a million people who’ve been infected. 10 cybercriminals, each getting a cut of a ransom between $10 and $30 - even though they were paying out $3 per infection to the people willing to spread this malware, the numbers add up pretty quickly.

  • Understanding Current Trends in the Fake Anti-Virus/Scareware Ecosystem
    The cyber-criminal groups behind fake anti-virus (scareware/rogueware) infections have run into some significant roadblocks over the last few years, but there is much more to the overall story.


    Some groups have been arrested. Some have had their operations and entire call support centers
    shut down.

    Some groups attracted too much attention, picked off
    the low hanging fruit and eventually walked away from their botnets.

    In some cases, the groups just weren't very skilled
    at developing anti-anti-malware techniques, blackhat SEO, and malware distribution. They couldn't keep up with the changes in anti-malware technologies,
    weren't exactly dedicated     to the effort, and simply fell off the map.


    However, some of the remaining scareware distribution gangs upped the ante and are aggressively developing difficult-to-detect polymorphic installers and difficult-to-remove support components. And the newest of these malware components include some of the first ITW 64-bit malware components to be taken seriously. But, for the most part, the scareware program itself remains the same. The development continues to change and progress, all for the purpose of evading anti-malware solutions and helping coerce the end-user to pay for the fake product, including support/rootkit components like TDSS (and its extreme complexities) or the more recent Black Internet (also known as "Trojan-Clicker.Win32.Cycler") support/rootkit components. These complex Mbr infectors and other rootkit components meant to maintain money-making scareware on the system are signs of this somewhat extreme development effort.

  • The Winlock case - I'm taking bets!

    Interesting news on Trojan SMS Blockers (Winlock etc). These programs block Windows and demand a ransom in the form of a text message which is sent to short number for a fee. It's a very popular type of racket at the moment, both in Russia and a few other countries.


    The whole affair has now reached the General Prosecutor’s office of Russia – the criminals have been identified and detained (or so it seems) and will be prosecuted in Moscow soon.

    Altogether the criminals have earned an estimated 790,000 roubles, or $25K. Moreover, they have caused other damages by blocking or crashing a yet to be determined number of personal and company PCs. Very often people have needed to re-install the OS and all software and then restore data from backups - even after paying the ransom.




    But I wanted to focus on the outcome – or the possible outcome of this incident, not on the investigation, arrests and so forth.
 
SpywareGuide Articles
Articles on Spyware, Adware, Malware and privacy in general
SpywareGuide Articles
  • DATA-THEFT WORM TARGETING GOOGLE'S ORKUT
    FaceTime Security Labs announced the discovery of a worm that steals users? banking details, usernames and passwords. The worm, known as MW.Orc, is propagating through Orkut, Google?s social networking site, as users launch an executable file disguised as a JPEG. Google has a temporary fix in place
  • The Digital Underground: Interview with RinCe
    This is Part TWO of a series of write-ups focusing on the recent threat to E-Commerce systems via potential IM (Instant Messaging) attack vectors and more besides, by way of a remotely installed administration tool and custom-built scripts, designed to find vulnerabilities in third-party payment sys
  • Property Values, Satellite Maps and Zillow
    A new service called Zillow allows you to easily access the value of your home...and your neighbors and even their neighbors. SpywareGuide articles are sponsored by FaceTime Communications, providing solutions for securing and controlling IM, P2P and Spyware Greynets.
Privacy Policy PDF Print E-mail
User Rating: / 0
PoorBest 

Privacy Policy for www.vscan.com

If you require any more information or have any questions about our privacy policy, please feel free to contact us by email at This e-mail address is being protected from spambots. You need JavaScript enabled to view it .

At www.vscan.com, the privacy of our visitors is of extreme importance to us. This privacy policy document outlines the types of personal information is received and collected by www.vscan.com and how it is used.

Log Files
Like many other Web sites, www.vscan.com makes use of log files. The information inside the log files includes internet protocol ( IP ) addresses, type of browser, Internet Service Provider ( ISP ), date/time stamp, referring/exit pages, and number of clicks to analyze trends, administer the site, track user’s movement around the site, and gather demographic information. IP addresses, and other such information are not linked to any information that is personally identifiable.

Cookies and Web Beacons
www.vscan.com does use cookies to store information about visitors preferences, record user-specific information on which pages the user access or visit, customize Web page content based on visitors browser type or other information that the visitor sends via their browser.

Some of our advertising partners may use cookies and web beacons on our site. Our advertising partners include Google Adsense, .

These third-party ad servers or ad networks use technology to the advertisements and links that appear on www.vscan.com send directly to your browsers. They automatically receive your IP address when this occurs. Other technologies ( such as cookies, JavaScript, or Web Beacons ) may also be used by the third-party ad networks to measure the effectiveness of their advertisements and / or to personalize the advertising content that you see.

www.vscan.com has no access to or control over these cookies that are used by third-party advertisers.

You should consult the respective privacy policies of these third-party ad servers for more detailed information on their practices as well as for instructions about how to opt-out of certain practices. www.vscan.com's privacy policy does not apply to, and we cannot control the activities of, such other advertisers or web sites.

If you wish to disable cookies, you may do so through your individual browser options. More detailed information about cookie management with specific web browsers can be found at the browsers' respective websites.

 
 

Latest Virus Threats

Recent Posts

Article Archives