Announcement

Announcement Module
Collapse
No announcement yet.

IObit Europe Laboratory NEWS - read more

Page Title Module
Move Remove Collapse
This is a sticky topic.
X
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • IObit Europe Laboratory NEWS - read more

    WARNING!
    Following the remote wipe attack on some Samsung Mobile devices via a USSD code embedded in URL links with the “tel” prefix, QR codes and NFC-enabled cards, a new vulnerability in Android OS could affect millions of users.The new USSD attack can change a SIM PIN and brute force a PUK lock, rendering the card unusable.

    --> IObit Europe Team
    --> IObit Malware Fighter Team

  • #2
    Warning

    WARNING

    A trojan on Facebook

    The trojan sends a message in the name of a friend on facebook and the friend has sent nothing and knows nothing about it.

    the message on facebook as follows:

    ahaahahahahhahaahhhhahhaahhaahaaaaaahaaahhahaahhhaaaaahahaaahaaaaaahhaaha
    www.mediafire
    . com /? 9ff5r1p6cwt4ksi

    Please not click and delete immediately.

    --> IObit Europe Team
    --> IObit Malware Fighter Team
    --> IObit Europe LAB Team

    Comment


    • #3
      Good NEWS "IMF and ASC Ultimate (ASC with AV 2013!)

      In October 2012, we saw a new QUERVAR variant with a new structure, different from the previously detected variants but with the same infection routines. These included infecting .EXE and Microsoft Excel and Word files and then renaming them with a .SCR extension. However, the newer variants came with a new payload: downloading ransomware and ZACCESS variants.

      The new QUERVAR variants are detected as PE_QUERVAR.E-O. PE_QUERVAR.E-O accesses the following malicious files below to download ransomware variants detected as TROJ_RANSOM.CMY and HTML_RANSOM.CMY, and the ZACCESS variant TROJ_SIREFEF.SZP.

      http://{BLOCKED}ewidea1.ru/1.php?000102E0&pin=16FB2534B0B2D6E3
      http://www.{BLOCKED}coservisi.com/test/php/way.php?000076A8&pin=16FB2534B0B2D6E3
      http://{BLOCKED}y90.com/c/osnovnoj2.exe?00022F68 – detected as TROJ_RANSOM.CMY
      http://{BLOCKED}lhgkjl.{BLOCKED}ilesexchnges.su/get.php?id=2 – detected as HTML_RANSOM.CMY
      http://{BLOCKED}lhgkjl.un {BLOCKED}ilesexchnges.su/landings/first/US/NL_files/buttons.css
      http://{BLOCKED}lhgkjl.{BLOCKED}ilesexchnges.su/landings/first/US/NL_files/jquery.min.js
      http://{BLOCKED}lhgkjl.{BLOCKED}ilesexchnges.su/landings/first/US/FBI.png
      http://{BLOCKED}lhgkjl.{BLOCKED}ilesexchnges.su/landings/first/US/NL_files/keyboard.js
      http://{BLOCKED}lil.ru/33797470/2a06754.50664748/3052832ace10d474336096b36fbd49f05f190.exe?{random characters} – detected as TROJ_SIREFEF.SZP

      IObit IMF and IObit ASC Ultimate users need not worry as they are protected via the Browser Guard and Network Guard. In particular, file reputation services blocks and deletes related malicious files, while the web reputation services blocks access to the sites where PE_QUERVAR.E-O downloads its malicious payload.

      --> IObit Europe LAB Team
      --> IObit Malware Fighter Team
      --> IObit Europe Team

      Comment


      • #4
        fake Adobe Flash Player update . . .

        NEWS
        Without verifying its legitimacy, users who may be anticipating a WebEx conference are at risk of downloading variants of a notorious info stealing malware. Last week, we received two spoofed emails that redirect users to a fake Adobe Flash Player update. These messages use different approaches to lure users into downloading the malicious file update_flash_player.exe (detected as TSPY_FAREIT.SMC). The first email is disguised as a WebEx email containing an HTM attachment. Once users execute this attachment, they are lead to a malicious ...

        --> IObit Europe LABS Team
        --> IObit Malware Fighter Team

        Comment


        • #5
          IObit Europe Laboratory NEWS - read more

          News
          We’re currently investigating several file infectors that have affected several countries, particularly Australia.
          Identified as:

          PE_XPAJ.C, PE_XPAJ.C-1, PE_XPAJ.C-2, and PE_XPAJ.C-O. Based on our initial analysis, these PE_XPAJ variants connect to the following C&C servers to send and receive information:

          {BLOCKED}.{BLOCKED}.162.208:35516 {BLOCKED}.{BLOCKED}.152.218:35516 {BLOCKED}.{BLOCKED}.71.249:35516 {BLOCKED}.{BLOCKED}.60.108:35516 {BLOCKED}.{BLOCKED}.123.153:35516 {BLOCKED}.{BLOCKED}.132.25:35516 {BLOCKED}.{BLOCKED}.16.5:389 {BLOCKED}.{BLOCKED}.0.1:1056 {BLOCKED}.{BLOCKED}.16.9 {BLOCKED}.{BLOCKED}.16.10 {BLOCKED}.{BLOCKED}.183.224:35516 {BLOCKED}.{BLOCKED}.0.1:1070 {BLOCKED}.{BLOCKED}.16.12:389 {BLOCKED}.{BLOCKED}.4.250:80 {BLOCKED}.{BLOCKED}.204.90:80 {BLOCKED}.{BLOCKED}.0.1:1043 {BLOCKED}biok.info {BLOCKED}c.com {BLOCKED}v.com {BLOCKED}tss.info {BLOCKED}ifhrf.net {BLOCKED}kowab.ru {BLOCKED}elertiong.com {BLOCKED}xw.ru {BLOCKED}naf.ru {BLOCKED}ppsfm.org {BLOCKED}r.info {BLOCKED}j.info {BLOCKED}bkxfn.biz {BLOCKED}hpte.com {BLOCKED}e.ru {BLOCKED}fbxrzn.com {BLOCKED}etobob.biz {BLOCKED}mullpy.info {BLOCKED}th.info {BLOCKED}medescriptor.com {BLOCKED}sncki.info {BLOCKED}hyjku.net {BLOCKED}mpyzh.net, {BLOCKED}hez.com, {BLOCKED}knddy.com {BLOCKED}vaweonearch.com, {BLOCKED}qyhqtb.org {BLOCKED}gnfvhz.ru {BLOCKED}l.ru {BLOCKED}cut.biz {BLOCKED}pq.info {BLOCKED}o.net {BLOCKED}eucnd.biz {BLOCKED}e.bluefirems.com.au

          The infected file (detected as PE_XPAJ variants) is capable of downloading its mother file and loading it to the memory. As such, the copy of the mother file can be found in Windows folder using random file name and extension. ...

          --> IMF/ASCU Team
          --> IObit Europe LABS (Laboratory) Team
          --> IObit Europe Team

          Comment


          • #6
            Facebook Security Alert....

            FACEBOOK SECURITY ALERT....
            If you get a chat from a friend and it reads....

            hey, go to album67 dot com and search for "YOURNAME HERE" then click on the first photo.. I bet you didn't remember that, eh?

            1. DO NOTE GOTO THE LINK YOU WILL BE INFECTED
            2. Tell your friend his/her computer is infected and must be cleaned right away
            3. Change your FB password if you suspect you are infected right away.... bad guys have full account access to your profile now
            4. Get Advanced System Care w/ AntiVirus...
            5. Virus scan your entire system
            6. Run Deep Care - repair
            7. Reboot
            8. During the next 24/48 hrs keep in touch w/ friends on FB make sure they no longer are getting these messages from you
            if problems persist contact a professional technician

            --> IMF/ASCU Team

            Comment


            • #7
              Virus and Trojan Information

              Virus and Trojan Information

              W32/Mydoom.o@MM!CB4BF14684BD Trojan Low 25.10.2012

              Ransom!gw!95169F0738CA Trojan Low 25.10.2012

              Generic.gl!B73D3212DF6E Trojan Low 25.10.2012

              W32/Expiro.gen.n!DB6957E1F258 Virus Low 25.10.2012

              PWS-OnlineGames.a.dr!CA6559944F9F Trojan Low 25.10.2012
              (Trojan/Password Stealer) !

              Generic.dx!8BD479BD2D18 Trojan Low 25.10.2012

              Comment


              • #8
                Malware Information . . . read more . . .

                Malware Information

                PWS-Banker!56D48148ADF2 / Trojan / 27.10.2012

                Trojan / Password Stealer

                --> cheers . . .

                Comment


                • #9
                  Hi Martino... thanks for the information!

                  Originally posted by martino View Post
                  Malware Information

                  PWS-Banker!56D48148ADF2 / Trojan / 27.10.2012

                  Trojan / Password Stealer

                  --> cheers . . .

                  Hi martino... what else do you wish to be read??? You do understand that this is a restricted section of the forum dedicated to cleansing of machines so there are very few that can post here. So a suggestion here to read more would mean that you are providing additional information to be read. The title of your post is:
                  Malware Information . . . read more . . .
                  Please advise what is to be read!:shock: Otherwise the information is not useful to the majority of users that visit this support forum. It is necessary on this forum to post information that will be supportful to all members and visitors as best as possible (as the search engine bots are crawling everywhere here linking user searches here).

                  The information provided in the body of your post does not reveal the source of the information, nor the usefullness (how is a member or visitor to apply this information or test its validity??), thus the value of the post is severely diminished!!

                  Posts even in this section, as it is public, should be clear in their applicability and context to solving a particular issue.:wink:

                  Perhaps you should become familiar with the Iobit forums more?


                  Sincerely,
                  -Mel
                  Live long and prosper!
                  Last edited by Melvin_Deal; Oct. 27th, 2012, 01:08.


                  Comment


                  • #10
                    What is Tunneling ?

                    Tunneling
                    Tunneling is a virus technique designed to prevent anti-virus applications from working correctly. Anti-virus programs work by intercepting the operating system before it can execute a virus. Tunneling viruses try to intercept the actions before the anti-virus software can detect the malicious code. New anti-virus programs can recognize many viruses with tunneling behavior.

                    cheers

                    Comment


                    • #11
                      by martino . . .

                      hi eno, thanks for the information!

                      I understand what they mean.

                      your question:
                      Perhaps you should become familiar with the Iobit forums more?

                      my answer:
                      YES :)

                      cheers

                      Comment


                      • #12
                        Hi martino,

                        I haven't asked a question, but I will take that as you are replying instead to Melvin_Deal's post #9 in this thread. :lol:

                        Cheers.
                        enoskype

                        - Beauty lies in the eye of the beholder and belongs to the man who can appreciate it. -

                        Comment


                        • #13
                          IObit Europe Laboratory NEWS - read more

                          The other threat is a phishing email that entices users to visit a website where they can download Windows 8 for free. Instead of a free OS, they are lead to a phishing site that asks for personally identifiable information (PII) like email address, password, name that can be peddled in the underground market or used for other cybercriminal activities.

                          cheers

                          --> IMF/ASCU Team <--

                          Comment

                          Working...
                          X