Rogue antivirus programs continue to plague our customers as submissions this September echoed August's top malware profile. FAKEAV variants and components vicitimized users from all over the world. These threats are still among the most common case submissions we have been receiving even just two weeks into September. Rogue AV attacks' sophisticated modus operandi starts with the surreptitious downloading of a seemingly legitimate file via several possible infection vectors. So far we've seen actual rogue AV attacks that begin in: Spammed email ...

Notable Malware WORM_KOOBFACE.E, WORM_KOOBFACE.D These worms used the famous social networking site Facebook in their propagation routines. While executing on an affected user’s system, these worms search for cookies related to Facebook. Once a match is found, the worms access the user’s Facebook profile using the credentials contained in the cookie files. The worms then modify the user’s Facebook profile to include a link to pointing to the malware to infect more systems. The attack places at risk the great number of Facebook ...

Keeping the texts short and malicious, the spam our filters caught this time use catchy headlines so absurd they could actually pique their readers' curiosity. Below are screenshots of spammed email messages: The address bars and Subject fields carry sensational headlines whose details supposedly are in the attached video. The said attachment is a compressed file, which when opened contains not a video but a malicious executable file named Exclusive.Cut.avi.exe. The file uses the double extension technique commonly used by malware ...

The previous spam run that used ImageShack-hosted SWF URLs must have worked like a charm -- the technique is seen again being employed for another spam run, TheRegister reports. It is actually more of the same messages seen previously containing links to SWF files hosted on ImageShack which are being spammed. This time, however, the SWF files don’t trigger a file download. Instead, they cause the affected users’ browser to redirect to Web sites promoting things from Viagra to free software updates. ...

Here we go again -- another invoice spam run! Apparently, invoice spam has recently gained popularity among spammers. We’ve seen invoice spam runs related to UPS, FedEx, and of course, German-language Rechnung spam receipts. Now, this new invoice spam claims to come from Western Union, informing recipients that their credit card-issuing bank has halted the transaction by the demand of the "Federal Criminal Investigation Service". Below is a screenshot of the spam: Recipients are instructed to contact Western Union and bring their ID card, ...