Executive Summary

Gozi is a well known Trojan that has been around for a number of years now.

Microsoft took a stab at Waledac bots last April when they added detection to their Malicious Software Removal Tool (MSRT).

The MSRT is part of their monthly Microsoft Updates package.

Why is it that banking trojans are a problem when all online banks are HTTPS secured and many of them employ multi-factor authentication?

The answer: Humans are not digital.

There's a botnet dubbed Kneber receiving lots of media attention this week.

So, just what is Kneber? Many reports have called it *THE* ZeuS botnet.

But really… it's just *A* ZeuS based botnet, dubbed Kneber because of the name used to register many of its domains.

The group behind “live-windowsantivirus. com” is having a very busy morning distributing Rogueware XP Internet Security 2010. We grabbed some snapshots for you of the current incarnation of the malware, since users appear to be falling for it in large numbers. The full window and the balloon popup stating “System Danger! Your system security is in danger” must be convincing…

Kudos to the Chinese authorities for shutting down an online hacker training operation known as the Black Hawk Safety Net.

The Black Hawk operation, which provides Trojan software and lessons in cyberattack techniques, comprises 12,000 paid subscribers and another 120,000 free members.

Three people who run the Black Hawk's website have been arrested, and the site has now been blocked from access. The police also seized nine servers, five computers and a car during the raid.

Over the past year, the SecureWorks Counter Threat Unit (CTU)(SM) has seen criminals continue to target Automated Clearing House (ACH) and wire transfer transactions for fraud activity, resulting in high-value losses. Small to midsized businesses (SMBs) and not-for-profits have been hit especially hard. Neustar has published an excellent overview (PDF) of this type of threat.

Spam continues to clog the internet with providers reporting spam stuffing 80% – 95% of all email content en route. It’s an ongoing problem into 2010, so last week we examined the active spambot Tedroo, some of its suspicious behaviors, one of its anti-debug/antiRE techniques, and its spam delivery.

As a followup to our early Jan Bredolab email blast warning, this post presents technical details and functionality about the payload accompanying the delivery notice + invoice attachment.

Some of our antivirus products had a brief false alarm today. The alert was from a common JavaScript file called show_ads.js. The false alarm was for a trojan called Trojan.JS.Redirector.ar.

The false alarm has been fixed in our update 2010-01-25_17.

This only affected our older products, such as the 2009 product range. F-Secure Internet Security 2010 had no issues.

We apologize for the false alarm. Sorry.

On 25/01/10 At 06:31 PM