HackDig : Dig high-quality web security articles for hacker

Advanced phishing tactics used to steal PayPal credentials

Phishers are back to using an old tactic in a new fashion to get hold of their victims’ credentials. One of the first lessons you will learn during anti-phishing training is to hover over the links in a mail to see if they point to the site where you would expect them to point. Although good advice, this is NOT a guarantee that you are going to be safe. Alwa
Publish At:2016-06-14 19:15 | Read:2724 | Comments:0 | Tags:Cybercrime Social engineering fake JavaScript PayPal phish P

PUP Friday: RelevantKnowledge

RelevantKnowledge is a Marketscore variant. It is considered adware and by some even seen as spyware. MarketScore, formerly known as Netsetter, uses RelevantKnowledge to gather data about internet usage. The data are sold for various goals. These include internet development, commerce, economic analysis, and market predictions. Officially RelevantKnowledge i
Publish At:2016-06-11 00:00 | Read:3049 | Comments:0 | Tags:Malware marketscore Pieter Arntz PUP relevantknowledge

Process Explorer: part 2

For Windows operating systems (OS), especially those up to and including Windows 7, Process Explorer is an excellent replacement for Task Manager. After publishing part 1: an introduction I received some questions, requests and comments that I will try to cover here. (Stop) Replacing Task Manager First of all I was asked to mention that undoing the replaceme
Publish At:2016-05-28 06:35 | Read:4026 | Comments:0 | Tags:101 How-tos color coding handles Pieter Arntz process explor

Tech Support Scammers using Winlogon

As we’ve seen in other recent examples [1], [2],[3] Tech Support Scammers are using every trick in the malware authors book to get new “customers”. Here is one that takes over the victims’ Windows system after a reboot by using the Winlogon-Shell registry value. Shell registry value Under default circumstances the registry value looks like this: [HKEY_LOCAL_
Publish At:2016-05-23 17:05 | Read:3365 | Comments:0 | Tags:Cybercrime Social engineering Malwarebytes Pieter Arntz scam

KPN spam results in CTB-Locker infection

This morning I received an email claiming to be from KPN – a Dutch provider of internet, television, and phone – claiming an amount so high that it should raise questions or at least your blood pressure. We can safely assume that it is intended to peak the receivers curiosity enough to get them to click one of the links in the mail. Translation
Publish At:2016-05-10 00:35 | Read:2772 | Comments:0 | Tags:Cybercrime Malware ctb-locker kpn Pieter Arntz spam

The next generation Yontoo browser hijackers

Author’s Note: We at Malwarebytes continue to do our part in educating our product users and constant blog readers about day-to-day online threats and how they can avoid falling prey to them. “PUP Friday”, our latest attempt at getting users acquainted with files they may need to watch out for in the Wild Web, offers an in-depth look at some interesting and
Publish At:2016-05-07 17:50 | Read:4422 | Comments:0 | Tags:Cybercrime Malware browser hijacker chrome firefox home-page

Process Explorer: An introduction

When Microsoft acquired Sysinternals in 2006, one of the most famous tools it gained was Process Explorer. For Windows operating systems (OS), especially those up to and including Windows 7, Process Explorer is an excellent replacement for Task Manager. It offers a much clearer view of what is going on and has a lot more options. Besides the options the regu
Publish At:2016-05-03 22:35 | Read:3849 | Comments:0 | Tags:101 How-tos malware Pieter Arntz process explorer sysinterna

GsearchFinder hijackers add extra Firefox profile

Author’s Note: We at Malwarebytes continue to do our part in educating our product users and constant blog readers about day-to-day online threats and how they can avoid falling prey to them. “PUP Friday”, our latest attempt at getting users acquainted with files they may need to watch out for in the Wild Web, offers an in-depth look at some interesting and
Publish At:2016-04-22 12:50 | Read:3431 | Comments:0 | Tags:Cybercrime Malware extra Firefox profile GsearchFinder HohoS

Dodge four tries to escape from being scammed

Today, we would like to discuss some very persistent Tech Support Scammers with you. After installing a file – which was offered as a “free version of PC Cleaner Pro” – Tech Support Scammers will try four methods to get you to call one of their numbers or connect to them using the legitimate program TeamViewer. We can only guess in which way they will try an
Publish At:2016-04-12 05:15 | Read:3801 | Comments:0 | Tags:Cybercrime Malware Pieter Arntz scam teamviewer tech support

AdLoad: an advertisement bombarder

While looking into an infection associated with a “system optimizer”—Didn’t we say they’re digital snake oil?—we identified a multi-functional installer called FAsetup1.exe (md5 902e30fa3dc4bf543b523b4a41eb8acd) as the source. This file offers a variety of different bundlers and scams that are usually different every time you run the
Publish At:2016-04-06 21:35 | Read:3083 | Comments:0 | Tags:PUPs Threat analysis adload advertisement fake alert Malware

Fileless Infections: An Overview

To date, there are a number of so-called fileless infections. By fileless infections or fileless malware, we are referring to an infection or malware that does not write any files to the infected system’s hard drive. By leaving as little traces behind as possible, malware authors try to postpone detection by security vendors for as long as possible. Which is
Publish At:2016-03-30 07:45 | Read:2656 | Comments:0 | Tags:Cybercrime Malware Security Threat exploit fileless kovter p

TopFlix: a DNS Unlocker variant

Author’s Note: We at Malwarebytes continue to do our part in educating our product users and constant blog readers about day-to-day online threats and how they can avoid falling prey to them. “PUP Friday”, our latest attempt at getting users acquainted with files they may need to watch out for in the Wild Web, offers an in-depth look at some interesting and
Publish At:2016-03-18 05:05 | Read:3934 | Comments:0 | Tags:Online Security bundle wrapper dns hijacker Malwarebytes one

Windows AppLocker: An Introduction

Windows AppLocker is a feature that was introduced in Windows 7 and Windows Server 2008 R2 as a means to limit the use of unwanted applications. AppLocker provides administrators with the ability to specify which users can run specific applications. AppLocker was designed to replace the Software Restriction Policies feature. It is considered a potentially po
Publish At:2016-03-11 09:50 | Read:3857 | Comments:0 | Tags:Online Security applocker blacklist exception Pieter Arntz r

Adware PUP Dotdo FastInternet Blocks Security Related Domains

Author’s Note: We at Malwarebytes continue to do our part in educating our product users and constant blog readers about day-to-day online threats and how they can avoid falling prey to them. “PUP Friday”, our latest attempt at getting users acquainted with files they may need to watch out for in the Wild Web, offers an in-depth look at some interesting and
Publish At:2016-03-04 15:05 | Read:3094 | Comments:0 | Tags:Malware Analysis Pieter Arntz PUP PUP Friday

De-obfuscating malicious Vbscripts

Although they were never really gone, it looks like there is a rise in the number of malicious vbscripts in the wild. Maybe the similarity to VBA scripts and possible use in macros is responsible for the increased popularity. Let’s have a quick look at a few of them. First some background VBScript has been installed with every desktop version of Windows sin
Publish At:2016-03-01 14:45 | Read:3375 | Comments:0 | Tags:Malware Analysis banker clicker de-obfuscate decrypt dropper

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud