Tag Archives: Malware
DNSChanger and the errors “Server not found”/”This webpage is not available”
Do you know someone who can’t navigate and instead of the well known websites receives errors like “Unable to resolve the DNS address” “Server not found” “The webpage is not available” ? He might be infected with the DNSChanger malware … Continue reading
DNSChanger malware: One day left to react
We wrote about the DNSChanger malware and about the Avira tool which detects if your computer’s DNS settings were altered and restores the defaults in case they were changed by the malware. Tomorrow, July 9th, the FBI will shutdown the DNS servers which allow the … Continue reading
Old Microsoft Office for Mac vulnerability actively used to install malware
Not surprisingly, more than two and a half years after a critical patch has been delivered, we see customers that didn’t update. And if we can see them, then also the bad guys see them as well. Even worse, we … Continue reading
A ZBot trojan variant in emails pretending to come from DHL
We all thought that the days of ZBot trojan are long gone, but maybe it was only our hope and not the reality. We have started to detect in an aggressive spam campaign with emails pretending to come from DHL, … Continue reading
Avira DNS-Repair-Tool released
You must have heard already about the already “famous” malware DNSChanger which manipulates the DNS settings of the computer in order to silently direct the users to malicious websites. FBI and others took action against this malware and in November 2011 … Continue reading
Fake Certificate in Malware – with Message
The malware authors every now and then send us virus researchers some messages. For example in the compiled binary itself, or as debug output. Now we found a Zbot Trojan variant which tries to evade detection by carrying a digital … Continue reading
Federal Police Scam
During our usual malware analysis we found a malware sample which shows a fake warning passing off as official German “Bundeskriminalamt” (the German Federal Police). The page contains various logos taken from the official Internet sites. It’s easy to discover … Continue reading
Picturesque Brazilian Banker
While analyzing new malware samples, we found a brazilian banking Trojan that caught our interest: It contains plenty of images – all of brazilian banks and insurances. It is quite a multi talent when it comes to the bank logins … Continue reading
Analysis of TR/Spy.SpyEye
SpyEye is a malware family which we are monitoring for some time. Today we are analyzing a sample which is detected as TR/Spy.SpyEye.flh by Avira products. The Trojan is able to inject code in running processes and can perform the … Continue reading
Fake System Optimizer with special messages
When analyzing malware, we often look for strings within the malware samples. Those give some interesting insights about the malware, its creators or the targets, for example. While poking into a fake system optimizer, after some decryption layers we also … Continue reading