11/27/11 - Win32/Dofoil is a Trojan downloader that is set to follow control commands received
from its remote server. In most of the cases, Dofoil is used for downloading spam capable
software or rogue security software, such as the latest family of fake defragmenters (including
System Fix and others). This makes it obvious that this Trojan is created for commercial
objectives and, if not eliminated, it will compromise its victims privacy.
               

Win32/Dofoil trojan infiltrates target computers through spam campaigns based on fake letters
and malicious attachments. In most of the cases, victims are reporting finding such files found
attached to their emails:

• New_Password_IN46537.zip
• Invoice_Copy.zip
• Facebook_Password.zip

Typically, the letter announces (example):

iTunes

From: account.sn.5890@itunes.apple.com
Subject: Your iTunes Gift Certificate

Hello,

You have received an Itunes Gift Certificate in the amount of $50
You can find your certificate code in attachment below.

Then you need to open iTunes. Once you verify your account,
$50 will be credited to your account.
So you can start buying video, music, games right away.

iTunes Store.

Experts report over 13000 computers have been already found to have Win32/Dofoil Trojan within
the last 30 days. If you have also received such or similar suspiciously looking email from
iTunes, Facebook or other company, make sure you run a full system scan and remove
Win32/Dofoil Trojan with one of the automatic removal tools listed below.
             
     

        
11/24/11 - Protection against smartphone malware has become a serious issue because most
of the users don’t even know that they can allow it to come together with popular apps. Trying to
get money, cyber criminals have started to use this actively growing market – they release
Trojan apps looking exactly like legitimate ones (imitating popular games and etc.). After being
downloaded and installed, these apps generate money for creators by sending text messages
of premium rate that cost at least $9.39 per one. So, there is no surprise that cyber criminals
have started to use this niche.
                

Smartphones are attractive for cyber criminals because they run apps that still can’t be verified
and easily said to be 100% safe to use. In addition, many users download non-official apps
because they want to avoid spending their money. Sadly, but by doing this they may lead
themselves to much bigger expenditures which clears out only after getting the monthly
telephone bill.
                  

This type of malware can be very profitable for its creators because it sends a steady stream of
text messages (some of its examples have managed to send a message every minute). To avoid
this unpleasant surprise, install legitimate security software and also take these steps to protect
your device:

• Download apps only from a legitimate source;
• Avoid insecure websites, containing adult content and other;
• Track your phone bill;
• Pay attention how fast your battery runs down quickly;
• Don’t leave your phone unattended.

       

                    
11/23/11 - Privacy Protector is another fraudulent application labeled as a security tool.
Privacy Protector is a malware; it infects computers using web browser vulnerabilities. Privacy
Protector loads pop-ups disguised as Windows notifications. The fake alerts warns users of non-
existent system issues and privacy risks. PrivacyProtector can also hijack desktop background
and load “Your privacy is in danger. Download privacy protection software now!” message instead
of wallpaper. Do not trust this scam and delete Privacy Protector malware as soon as possible
using one of the automatic removal tools listed below!
      
Privacy Protector properties:
• Changes browser settings
• Shows commercial adverts
• Connects itself to the internet
• Stays resident in background
        
     

      
11/23/11 - The basic actions every iPhone user should immediately take to make the device
more secure (such as setting it to auto-lock after a specified period of time), and requiring a
passcode to unlock it (both can be accessed within Settings -> General),  but other functionality,
(such as managing your passwords on the device, or implementing additional protection for
sensitive files) requires the installation of third-party apps.
     
With hundreds of thousands of iPhone applications available in the App Store, it can be a
challenge to find the right solution for a given issue. What follows is a look at some key areas in
which apps can help improve iPhone security,  and suggestions of some specific applications
that may be a perfect fit for your needs.

      


Password management

     
Several iPhone apps are available to help users manage all of their online passwords securely in
one place. As long as the data is well-protected, an iPhone  can be an ideal place to store and
manage your passwords, since you’re likely to  have the device with you no matter where you
may be.
       

Many password management apps also offer users the ability to generate random (and strong)
passwords, which is key to improving online security in general – and some also enable syncing
with a PC-based solution, which serves both to back up your data and to make desktop
browsing easier and more secure.
      

Among the wide range of options available, SplashData’s SplashID ($9.95) password manager
offers a particularly comprehensive solution, including the ability to sync with the company’s
desktop software ($19.95). Key features include AES and Blowfish encryption, a random
password generator, and a browser plug-in for quick sign-in on your desktop.
     

Still, there’s not an enormous amount to differentiate SplashID from competitors, such as
LastPass ($12.00/year, including cloud storage and desktop software), 1Password ($6.99, plus
$39.95 for desktop software), among many others. Crucially, the three options mentioned here
all offer free trials, allowing you to decide which interface you like the most.
      

Theft protection
       

Apple’s MobileMe service ($99.00/year) includes a Find My iPhone feature, which offers users a
wide range of essential functionality if an iPhone is lost or stolen. Users can view their iPhone’s l
location online, display a message on the iPhone, and remotely lock or wipe the device as
needed. While the Find My iPhone app (free) isn’t required, the service itself does have to be
enabled on the iPhone within Settings -> Mail, Contacts, Calendars.
     

Find My iPhone is by far the most complete theft protection solution available for the device, and
it comes along with MobileMe’s mail, contacts and calendar syncing, as well as online iDisk
storage – but if you’re not using any of MobileMe’s other features, $99.00 can be a lot of money
to spend just for theft prevention.

      
Still, all other options for device recovery are limited by the fact that the iPhone doesn’t allow
third-party applications to run in the background. One simple option is GadgetTrak (free), which
offers very basic device tracking functionality, while a similar solution, TapTrace ($1.99), also
provides an interface for the user to send a message to the lost or stolen iPhone offering
contact information and a reward.
      

Spam prevention
       

Accessing e-mail on an iPhone can be frustrating if your inbox is being flooded with spam. To
improve detection of spam and malware when downloading e-mail to the  device, Mobile Active
Defense ($16.99/year) filters all incoming e-mail through its servers prior to delivery. The
company updates its filters more than 100 times  per day to maximize protection from spam,
phishing attacks and malware.
      

Spam Arrest ($49.95/year) offers a more aggressive challenge/response solution – rather than
filtering for spam and malware, it requires everyone who sends you an e-mail to respond to a
query in order to confirm their identity. The company’s iPhone app offers users the ability to
create an account, manage incoming mail, and edit an approved senders list.
          
A third option is simply to set up a free Gmail account purely for iPhone use, then configure that
account to read all incoming e-mail from your other POP or IMAP accounts. Gmail’s spam filters
will then clear spam prior to delivery to your iPhone. It’s not the simplest or most comprehensive
option, but it is a free and reliable way to ensure nearly spam-free mobile e-mail access.
 
    

File encryption
       

If you need to carry sensitive files with you on your iPhone, it makes sense to add an extra level
of security in addition to password-locking the device itself. File protection apps, such as Folder
Lock ($3.99) or iDiscrete ($1.99) are designed to safeguard a wide variety of file types – and both
Folder Lock and iDiscrete enable users to transfer files to their iPhone from a PC or Mac via
Wi-Fi.
       

Security updates
        

Finally, as of June 2011, Intego's VirusBarrier iOS was the only anti-virus solution approved for
the iPhone Os. It allows iPhone, iPad and iPod Touch users to manually scan their devices and
"detect and eradicate all known malware affecting Windows or Mac OS X. while Apple hasn’t
approved any other iPhone anti-virus solutions, several security firms now offer apps that give you
the ability to monitor threats on your iPhone in real time, including Symantec (free), Cisco SIO To
Go (free) and Threatpost (free).

These applications provide news feeds and alerts regarding the latest vulnerabilities and security
threats – of the three, Cisco’s SIO To Go is targeted most specifically at IT users, offering the
ability to customize incoming news and alerts to focus on specific threats that could impact the
user’s network.

     
11/21/11 - FREE Smart Phone Security Apps

    
Real Time Protection
     

Many users appreciate the web presence available to them when they connect to the
internet to read email or surf their Choice of URL’s to download music, games, etc.
Before you leap, you should have some form of protection.
    

There are many excellent security software programs for many different phones.
Check your Market Place Applications. Just understand that these smartphone 
security apps are not as robust as the security programs used on PC's. Users
should use some restraint when surfing the web using smartphones.
     

Go to… tablet, PC or your Smart Phone
      

Android Users - some say since Android is developed from the Linux system,
antivirus software is not required (this is a myth). Virus software can attach to the
Linux OS’, it is not likely to attach to a Linux Live CD but any OS on a hard disk
is succeptable to Malware. For Smartphones (there is limited protection),  to be
safe, there are a many free antivirus software programs available for phones that
operate with the Android OS.
      

Apple (for Iphone users) doesn't allow the device’s software development kit to
authorize programs to run out of its own Sandbox. They also are not enthusiastic
about helping third party vendors in developing programs to get into the machine
Level. Some programs like Trend Smart Surfing & Lookout have limited
effectiveness with this platform.
      

BlackBerry - Lookout.com software operates on this platform with limited
effectiveness.
 


  WHAT 'THE VENDORS' ADVERTISE!
 

  Free Android OS Antivirus
      

- AVG Mobilation - The most popular antivirus for Android devices.
      

- Antivirus Free - Creative Apps - Fast and lightweight malicious app 
        protection for your phone.
      

- ALYac Android - Android OS-Optimized antivirus application featuring the 
       advanced security features of ALYac.
     

- NetQin Mobile Security - Designed to protect Android devices against
       viruses and malware, while keeping your system running at optimum speed.
      

- Norton Mobile Security - Ranked #1 in protection and performance, Norton 
       lends its antimalware expertise to mobile.
    

- My Mobile Security - Comprehensive and award winning Android tablet & 
       mobile security!
      

- Virus Terminator -This safe software is the best antivirus and virus
        protection safe.It can cure various mobile phone viruses, suck fee,
        malicious, trojans, privacy steal, and other illegal procedure, real-time
        monitoring, scanning, interception, killing Android platform for the latest
        virus, with root permissions users can also offer senior bottom Android
        security mechanism of antivirus service.
       

- GuardX Antivirus -You are afraid that your on your phone will be installed
        malicious application or your personal data will be stolen? Then, use
        GuardX. It protects your applications from malicious and spyware. Using
        GuardX your phone always be protected, it controls each application
        install and notify you if it is malicious.
        

- Zoner Antivirus Free - Zoner AntiVirus Free is a modern security and
        anti-virus solution for your device. It provides protection against viruses,
        dialers, trojans, worms and other malware as well as phone call and message
        protection.
      

- Super Security Standard - Super security provides cloud based antivirus
        engine to help you get rid of malware. Provides strongbox to hide your
        sensitive data.
      

- Aegislab Antivirus Free - Aegislab Antivirus Free is an antivirus/mobile
        security tool that is able to
        (1)identify Spyware/Malware on current market.
        (2)support advertisement detection, especially from Admob
        (3)network/traffic statistic for both mobile/wifi interface and sort based
           on applications' usage count.(help to find suspicious background
           transmission that causes potential bills for users).
      

- MY Android Protection v1.5/1.6 - MYAndroid Protection is a fully featured
        and comprehensive protection package providing Anti virus & Malware
        protection, Real-time monitor, Backup & Data recovery, Anti theft
        protection, protection against losses, phishing, trojans, spyware and
        Credit Card & Identity theft protection.
      

- My Mobile Protection 2.0+ -The best and most comprehensive Android Security
        for maximum protection!
     

- Bitdefender Mobile Security - Keeps your Android device safe on the move.
     

- ESET Mobile Security for Android - ESET Mobile Security for Android
        combines our proactive scanning engine with antispam and antitheft solutions
        to provide real-time smartphone protection against known and emerging threat
        s without impacting performance.
     

- Lookout Mobile Security - Just as you protect your PC with antivirus, you
        need to protect your phone from malware and spyware. But unlike traditional
        virus protection, Lookout is lightweight and only consumes the amount of
        battery power in one day as a 33 second phone call.
      

- Dr. Web Antivirus Light - scans the file system of your Android device,
        including the "hidden" area and user applications. Detected malicious
        objects are moved to quarantine. A real-time file monitor automatically
        scans applications being installed and all files written to the SD card.
          
 Free IPhone Antivirus
     

- Trend Smart Surfing - a free iPhone 4GS and iPhone 4G anti virus that
        provides safer web surfing experiences during surfing the web using iPhone.
        Trend Smart Surfing perhaps is the first secure browser to protect iPhone
        user from Web pages with malicious intent.
      

- Virus Barrier X5 - VirusBarrier X5 now offers the ability to scan files and
        applications on the iPhone and iPod touch in search of malware or files that
        indicate that exploits have compromised the devices. Users connect an iPhone
        or iPod touch to their Mac, then choose the device and scan it with
        VirusBarrier X5.
 
-  McAfee VirusScan Mobile
       McAfee provides proven anti-malware protection for mobile devices. Architected
       specifically for mobile device platforms, McAfee VirusScan Mobile guards against
       known and unknown virus and malware threats, streamlines mobile security
       management, and reduces operating costs.

          
 Free Symbian OS Antivirus
      

- NetQin Mobile Antivirus - uses leading technology to protect your mobile
        phone against all the latest mobile threats. A Combination of firewall and
        real-time monitoring ensure your mobile device is safe and secure.
        Optimized full scan and system management provide your mobile device
        instant protection while simultaneously enhancing overall mobile
        performance.
      

- ExoVirusStop (Demo) - Protect your Symbian series 60 phone against viruses
        and Trojans, with this antivirus product. The file size is small, so it
        won' t use up your phone storage space. Very fast scanning engine takes a
        few seconds to check your phone for viruses. Free to Try.
        

- Kaspersky Mobile Security - Symbian Series 9.X Series 60 3rd. The latest
        technologies to keep your phone free from spam, viruses and other malicious
        programs.
         

- Bit Defender Mobile Antivirus 2008 - for Nokia devices with Symbian OS.
     
 Free Windows Mobile OS Antivirus
        

- Kaspersky Mobile Security - For Windows Mobile 5.0, 6.0, 6.1, 6.5. The
        latest technologies to keep your phone free from spam, viruses and other
        malicious programs.
       

- Bit Defender Mobile Antivirus 2008 2.1.132 - For Windows Mobile Smartphone 2
        002 and higher. The product has two independent modules:
        - BitDefender Mobile Antivirus: the program that runs on the mobile device
        - BitDefender Mobile Antivirus Update Module: the program that runs on the
          PC. This software installs and updates the BitDefender Mobile Antivirus
          on your mbile device. (scroll the down the download webpage).
    
-   ExoVirusStop Antivirus 2.01
        - (Demo) Windows Mobile Pocket PC (from Windows Mobile 2003, to Windows
          Mobile 6.1).
     
- Airscan Mobile Antivirus v2.0 - Pocket PC 2002/2003 & ARM/XScale Processors.
     

- Spybot For Pocket PCs - Spybot-S&D for Windows Mobile uses a lightweight
        version of the detection engine of Spybot-S&D for Windows to detect threats
        for Windows Mobile and Symbian both.
      
 Free Palm OS Antivirus
        

- F Secure Antivirus for Palm 2.0 - provides strong protection against any
        known malware for the Palm platform. F-Secure Anti-Virus for Palm OS is the
        first anti-virus product offering on-device protection with a continuous,
        fully automatic update service and technical support.
       

- F Secure Antivirus for Palm 3.0 to 5.x - Version 1.03 Beta.
      

- Bit Defender Free Edition for Palm 1.0 - BitDefender for Palm OS is an
        effective anti-virus security solution that protects the PDA from infection
        through a home or business network or from sources outside it.
        

- Trend Micro PC Cillin for Palm - For Palm 3.1 to 4.1.
     

- Symantec Antivirus 2002 - For Palm 3.0 to 5.x.
      

- Symantec Antivirus 2004 - For Palm 3.5 to 5.x, PPC 2002, PPC 2003.
           

 Free Cross Platform Antivirus
              

- LookOut Antivirus/Firewall - For Android, Blackberry, and Windows Mobile.
        See Review.

These apps are advertised to provide users with protection when in fact, some of them
only provide limited protection while giving users a feel for the app and its footprint on
the platform and others (even in full paid mode) are considered useless by most IT
Pro's.

    
11/18/11 - Perfect Keylogger is a complex commercial keylogger with rich functionality. It records
all user keystrokes including passwords, takes screenshots, tracks user activity in the Internet,
captures chat conversations and e-mail messages. Perfect Keylogger can be remotely
controlled. It can send gathered data to a configurable e-mail address or upload it on a
predefined FTP server. The keylogger must be manually installed. It runs on every Windows
startup. Please remove this parasite with one of the automatic removal tools listed below as
soon as possible.
    
          

              
Perfect Keylogger properties:
• Allows remote user connection
• Takes and sends out screenshots of user activity
• Sends out logs by FTP or email
• Logs keystrokes
• Hides from the user
• Stays resident in background
     
     

              
11/17/11 - I had been eyeballing the HTC Androids long before I got to ‘Phone upgrade time’.
I like the Android operating system's support for multi-tasking (support for security
functionality)... the fact that it enables a wide range of mobile security processes to run in the
background, including virus scanning and automated backups. These are quality's which are
very important as we brace ourselves for the Holiday Season Malware roll out.
        
The extensive capabilities of the Androids and the connectivity of the program suite available
require these smartphones to be locked down in order to protect your data.
                       
Malware Holiday Rollout
           

Recently, NC State Researchers have discovered a
new cyber threat – SMS Android Trojan that
attacks android systems by representing itself as
Google Library. This threat is used to perform
various functions designed by its creators, like
sending messages or initiating phone calls to
premium numbers. Though illegal activity may sound
familiar for you, researchers claim that this
virus can be called a version of Android Trojans
because it has no similarities to earlier released

Android threats and attempts to utilize Device Administration API.

                  
It seems to be clear that this threat is completely good at masquerading and additionally using
victim’s personal information for illegal activities. Trying to get inside the system, a Trojan named
DroidLive uses a package that matches Google’s own package naming convention and installs
itself as a device administration app. In addition, investigation has revealed that this scamware
starts receiving commands from a Command and Control (C&C) server once it gets inside the
system and performs required functions.
                         
Being infected with DroidLive may result in significantly large phone bills because it is designed
to send text messages or call only to premium numbers. In addition, this trojan also collects
personal information of the victim, so you can also lose your credit card information or various
passwords as well. It is highly recommended using only official sources when you download an
App because researchers have found more than 10 infected Android Apps that have been spread
through alternative marketplaces, not the official Android Market. Besides, always read reviews
and ratings to avoid downloading this or other cyber threat.
                             
Still, the Android operating system allows for broader multitasking than that other popular
smartphone OS. Android devices are able to support a wide range of mobile security processes
that run in the background on an ongoing basis.
                            
F-Secure  (FREE Trial, Anti Theft and Online Tools)
              
For the security of my system, I ran to 'The Union Jack' (The British) where F-Secure (at $40
per year) quickly aided me in locating the most essential security provisions for my Android
device... It's easy to install. Provides your personal and confidential content with real-time
protection from viruses and malware, Enables safe browsing and safeguards your identity
online, Automatically retrieves the newest malware definitions and updates, Locates your
lost or stolen device (or the person holding it), Protects your children from unsuitable web
content, Locates your children anywhere using their mobile device… (password-protecting
the device itself and setting it to auto-lock after a specified period of time, does not require
an app – both of those features can be accessed within Settings -> Location & Security).
                        
Digging in to my HTC EVO, I really appreciated my Android’s multiple unlock options,
including a numeric PIN, a password or a graphical pattern (the last of which was recently
found to be easily compromised, according to researchers at the University of
Pennsylvania).
            
Kaspersky Mobile Security 9 (Free Trial)                   
    
Looking good with Anti-Theft, Anti-Virus Protection, Anti-Spam Protection and Privacy Protection,
This Mobile Security Suite comes in very affordable at $30 per year.

                                 
Malware and Theft Protection

                          
In most cases, it’s not necessary to look for separate solutions for anti-virus scanning and theft
protection, as several developers offer a wide range of security features within a single Android
app. Each product offers a slightly different range of functionality – and it’s worth keeping in
mind that since all of these apps are relatively new, their feature sets are likely to evolve, as
well.                  

The Lookout security suite (free) offers anti-virus protection, data backup functionality (for
contacts, photos, video, e-mail and text messages), and a missing device locator, which can
be used to show the device’s location on an online map, sound an alarm from the device itself,
and/or remotely wipe all data on the device. All app functionality can be managed remotely from
the company’s Web-based interface.
                   

At this point, Lookout (right) appears to be the most complete option available – though it’s safe
to assume that its competitors’ functionality will likely grow to match or exceed Lookout’s over
time.
                      

SMobile Systems’ Security Shield app ($29.99) offers anti-virus scanning, a missing device
locator, remote device lock, and remote device wipe. For SMB and enterprise users, SMobile
Systems also provides a wide range of device management solutions for Android, Windows
Mobile, Symbian Series 60 and BlackBerry smartphones.

                    
WaveSecure ($19.90/year), which was recently acquired by McAfee, doesn’t offer anti-virus
protection at this point, though it does provide backup and restore functionality, as well as the
ability to locate, lock or wipe a device remotely. When locked remotely, the device can also be
triggered to display a customizable message, such as a phone number to call if the device is
found.
                      

And DroidSecurity’s aptly named anti-virus (free) and anti-virus Pro ($9.99) provide background
anti-virus scanning functionality – while an optional Findr Chrome extension (free) adds the ability
to determine your device’s location using GPS, and to lock or wipe all data on the device
remotely. 
                 
Watch this space – it’s growing rapidly, with several new solutions currently in beta, including
Mobile Defense (closed beta), AppScan (free) and Norton Smartphone Security for Android (free).

                        
Password Management

                   
To manage all of your passwords centrally, LastPass ($12.00/year) combines an Android app
with a PC-based browser extension for Firefox, Safari, Chrome and Internet Explorer. A master
password provides access to a cloud-based password vault, and the app and extension can fill
in site passwords for you automatically, both on your PC and on your Android smartphone.
                 
The standalone SplashID ($9.95) password manager application can be used to store passwords,
credit cards, PINs and more on an Android device, guarded with 256-bit Blowfish encryption.
Optional desktop software ($19.95) can be used to sync mobile data with a PC. As with
LastPass, the Android app can be used to fill in passwords for you on a proprietary mobile
browser.
                       
Similarly, Callpod’s Keeper app ($29.99/year) offers military-grade encryption along with cloud
data backup, as well as Wi-Fi data sync to the company’s desktop software – ultimately,
LastPass, SplashID and Keeper are similar enough that it’s worth downloading a free trial of
each one to decide which interface you like best before making a purchase.
                      
Alternatively, a far cheaper and fully functional option is KeePassDroid (free), an Android port of
the open source KeePass password manager, which uses the free DropBox app to synchronize
stored data.
                        
If you want to take your device’s password protection one step further, apps like App Protector
Pro ($1.99), Carrot App Lock Pro ($1.50), Seal ($3.45) and Android Protector (free) also allow
you to password-protect applications on an individual basis.
  
And as with the security suites mentioned above, several new offerings are also currently
available, including an Android app for Agile Web Solution’s popular 1Password password
manager for Mac. 
     
     

     
11/13/11 - CC Search is a transitional website which is linked to scammers and their
commercial prospects. Though it looks legitimate from the first glance, this search website
can be entered through Coolsearchserver.com or Wickedsearchsystem.com address' and it
is believed to have more clone websites that are used to redirect PC users. The reason for
releasing malicious domains and then redirecting their PC users is very simple: hackers expect
them to click on malicious adverts which they will use to convert the targets money.

     
Most of CC Search victims report that they have been made to enter malicious websites
unexpectedly by clicking on any Google or other search engine result. The truth is that rootkit
virus is always let inside the PC first and it’s the one that makes various modifications leading
to the search engine’s failure. Keep in mind that if you want to stop redirect hijacker you must
eliminate this Rootkit from your machine. It is recommended running a licensed anti-spyware
program for that. In addition, if you have problems with Google redirect virus, read this Redirect
virus removal guide. 
   


        
     

    
11/10/11 - sychost.exe is a malicious process related to LEOX.B virus. It is a dangerous threat to
your system and therefore should be removed immediately after detection.

sychost.exe properties:
• Allows remote user connection
• Connects itself to the internet
• Hides from the user
• Stays resident in background
      
     

       
11/09/11 - The Zeus crimeware toolkit has been around now for a while and has grown over time to
be the most established crimeware toolkit in the underground economy. In late December 2009 a
new crimeware toolkit emanating from Russia—known as SpyEye V1.0— started to appear for sale
on Russian underground forums. Retailing at $500, it is actually taking a chunk out of the Zeus
crimeware toolkit market. Symantec detects this threat as Trojan.Spyeye. It is now starting to
mature with newer modules like 'kill Zeus and Video grabber' increasing spying activity. This
product is fast developing into the undergrounds 'king' of the crimeware toolkits.


         
The SpyEye toolkit is similar to Zeus in a lot of ways. It contains a builder module for creating the
Trojan bot executable with config file and a Web control panel for command and control (C&C) of
a bot net. Some of the advertised features online are:
 
•    Formgrabber (Keylogger)
•    Autofill credit card modules
•    Daily email backup
•    Encrypted config file
•    Ftp protocol grabber
•    Pop3 grabber
•    Http basic access authorization grabber  
•    Zeus killer
*    (NEW) Video Grabber
 
New revisions of SpyEye, with additional features, are being released on a regular basis. The latest
version (V1.0.7) contains an interesting new feature called “Kill Zeus” that we have yet to
substantiate. SpyEye hooks the same Wininet API (Wininet. dll) HttpSendRequestA as used by
Zeus for communications. If a compromised system infected with SpyEye was also infected with
Zeus, this in turn would allow SpyEye to grab and report on http requests sent to the Zeus C&C
server.
 




An example of Zeus C&C server report taken from underground forum The new Kill Zeus feature is
optional during the Trojan build process, but it supposedly goes as far as allowing you to delete
Zeus from an infected system—meaning only SpyEye should remain running on the compromised
system. If the use of SpyEye takes off, it could dent Zeus bot herds and lead to retaliation from
the creators of the Zeus crimeware toolkit. This, in turn, could lead to another bot war such as we
have seen in the past with Beagle, Netsky, and Mydoom.



 
An example of the SpyEye Trojan builder control panel Another feature of SpyEye is the ability to
load additional threats onto infected SpyEye systems, by country, using the SpyEye control panel
GUI as shown below:

Symantec will continue to monitor the progression of this toolkit and update detection as necessary.
Remember to keep your definitions up to date to ensure you have the best protection against new
threats.
 
 

      
11/06/11 - SpyEye is a trojan designed to infiltrate a computer and collect certain
information without the owner’s informed consent. It's a wide spread infection. This trojan can
capture network traffic, send and receive network packets in order to bypass application
firewalls, hide the own process on injected processes, and most importantly - steal information
from Internet Explorer and Mozilla Firefox. As the name suggests, SpyEye was designed to spy
on you and steal your sensitive information, credit card details, passwords, etc. SpyEye, also
known as Win32/EyeStye, toolkit has several components, some of them are rather unique, but
the most import module utilizes a method known as "form grabbing". Other modules include bot
monitoring, full botnet statistics and tasks, virtest tool and some additional plugins. 
       

There are five main "grabbers": BOA, CC, Certificate, Email and FTP. As you can see, scammers
collect information that can be further used to steal money, infect websites or compromise
accounts. All the other information is simply identified as "junk" and won't be collected. SpyEye
trojan can download and install additional malware onto the infected computer. It can also take
screenshots and send them to scammers. What is more, the newest builds have a video grabber
module. It can record certain activities and send videos to scammers. The video is saved
in Matroska video format, good quality and small in size. It goes without saying that you need to
remove SpyEye trojan from your computer as soon as possible. Stolen login credentials can be
sold in underground markets or used for identity theft.
      
     

            
11/06/11 - Buy an individual virus or an entire cyber crime kit the choice is yours, and its all on
sale.
   

It’s the kind of hi-tech sale crackers really want to know about. Crackers are selling malware,
everything from an individual virus to entire kits that let cyber thieves put together their own
attacks.
    

The prices? A lot less than you might think. An individual virus can cost up to $35, while the
entire kit, such as Mpack, goes for up to $1000. And some of the more expensive software
comes with 12 months of tech support so the programs can exploit the latest vulnerabilities is
systems. There’s also a statistical package, letting users know how successful their attack
has been and the location of infected computers.
   

They have been popping up left and right as sights offer downloadable cracking tools. The DIY's
are all the rage these days. It’s the classic verticalization of a market as it starts to mature. It’s
almost a play-by-play of good business practices of software marketing. When it comes to the
cracking industry and level of business acumen there’s no limit to what your money can buy.
You can even find volume discounts and price reductions for regular customers.
    
The DIY's

People are building musical instruments, beer keg-monitoring robots, baby rocking machines,
and iPhone-controlled cars, and gaining the satisfaction of making something with their own
hands while saving a little cash. Bad news for the Web browsing public however, the DIY fad
has spread to cybercrime and phishing scams.
   

The real money for the people selling them comes from discovering unknown or
unpatched vulnerabilities in software; that information can go for thousands of dollars.
   

According to experts there are around 68,000 downloadable cracking/hacking tools out in
cyberspace and those numbers are growing. The vast majority are free, requiring a good
knowledge of computers to use. But others are for sale to those whose knowledge is far
more limited.   
    
The Newbie's

If you know how to download music or a movie you have the necessary experience to
begin using one of these kits.
    

Thats right, the kits (which are largely responsible for the explosion of malware and phishing
scams) are apparently so easy to use, that if you're tech savvy enough to download an album or
a movie, you can use one to create a custom and convincing looking messages from UPS,
Facebook, or Microsoft. The messages usually contain links that install malware capable of
stealing banking information and turning the victim's PC into a bot in the attacker's vast network
of controlled spam machines.
     

Indeed, newbie cybercrooks and veterans alike are using DIY kits to carry out phishing
campaigns at an accelerated rate, security researchers say. They've been blasting out fake e-
mail messages crafted to look like official notices from UPS (UPS), FedEx (FDX), the IRS; or
account updates from Vonage, Facebook or Microsoft Outlook (MSFT); or medical alerts about
the H1N1 flu virus, etc.
    

The faked messages invariably ask the recipient to click on a Web link; doing so infects the PC
with a banking Trojan, a malicious program designed to steal financial account logons. Often, the
PC also gets turned into a "bot": The attacker silently takes control and uses it to send out more
phishing e-mail.
    
Big Business

The rapid development and aggressive marketing of DIY cybercrime kits has emerged as a big
business. "It's possible that the people creating and selling these kits may be the same groups
already profiting from cybercrime, and they could see this as yet another revenue stream," says
Marc Rossi, Symantec's (SYMC) manager of research and development. Generally sold for $400
to $700, the kits come with everything you need to begin infecting PCs. Selling software is legal;
what you do with it can get you in trouble.
     

Most kits can be easily upgraded to customize phishing messages or bypass anti-virus
defenses. Purchasing the latest kits requires spending time in Web forums populated by
cybercriminals, says Fred Touchette, senior researcher at e-mail security firm App River.
     

The increased availability of such kits in the second half of 2009 correlates to an escalation of
Internet infections over the same time period. The number of unique banking Trojans intercepted
by PandaLabs totaled 343,151 in 2009, up from 194,233 in 2008, a 77% spike.
    

Early in the year, phishing campaigns flowed from familiar sources in a predictable pattern,
spreading from certain regions in the world. But by October — with DIY kits coming into much
wider use — App River found itself blocking 10 times more phishing e-mails from hundreds of
sources all over the globe.
    

Touchette says he expects the use of DIY kits — and the infections they spread — to persist.
"DIY kits make it too easy to get your malware out there," he says, "and it's so hard to stop."

           

    

     
11/03/11 - Security Defender is a rogue anti-spyware program that is closely connected to
win32/defmid trojan that usually comes undetected. In addition, after being installed it uses fake
scan results and false security alerts as a method to make you think you are infected with
viruses. It impersonates Windows Defender which is a legitimate anti-spyware program. The
rogue simulates a system scan and reports fake infections. It then prompts to pay for a full
version of the program to remove the threats. Actually, it just tricks you out of your money. If
you have paid for the this program already then I suggest you contact your credit card company
and dispute the charges. Security Defender is configured to start automatically when you login
to Windows. It detects non-existent or harmless files as malware but does not allow you to
remove them until you purchase the full version of the program. 
     
Security Defender properties:
• Changes browser settings
• Shows commercial adverts
• Connects itself to the internet
• Stays resident in background
    


Use one of the legitimate automatic removal tools to reradicate this parasite from your system.
       
     

      
11/03/11 - Rootkit.TDSS, TDL3 or Alureon [Microsoft] is a malware designed to hide the
 existence of any process on the infected machine in order to perform malicious and dangerous
 actions. TDSS may also replace essential system executable files, which may then be used to
 hide processes and files installed by the attackers. Rootkit.TDSS is installed without the user's
 permission through the use of trojan viruses, whereas trojan virus can download and install
 additional malware, adware or even rogue anti-spyware applications. This virus may also infect
 MBR sector, which is executed prior to windows boot. Rootkit.TDSS removal can be
 complicated, but it is essential. When your computer is infected with TDSS rootkit you may
 encounter the following symptoms:

• Google (Bing, Yahoo) search result links will be redirected to various misleading sites
•  that promote rogue products or display bogus advertisements. 
• Security related websites will be blocked. 
• You won't be able to launch legitimate anti-malware or anti-virus applications. 
• You may find that web pages load slower.

Please use TDSS virus remover and remove it as soon as possible after detection. First of all,
 download TDSSKiller. This tool was created to remove rootkits that belong to numerous malware
 families, including TDSS. Run TDSSKiller and press the button Start scan for the utility to start
 scanning. The scan won't take long, only  a few minutes. After the scan, it will list maliciius files.
 Suspicous objects should be skipped and malicious, high risk objects should be deleted. After
 clicking Next, the utility applies selected actions and outputs the result. Select the correct
 option and click Continue. A reboot might require after disinfection, so just click Reboot. Now,
 your computer should be TDSS rookit free. You can download TDSS remover to remove
 associated malware from the system. 
             
Rootkit.TDSS properties:
• Hides from the user
• Stays resident in background