To date, there are a number of so-called fileless infections. By fileless infections or fileless malware, we are referring to an infection or malware that does not write any files to the infected system’s hard drive. By leaving as little traces behind as possible, malware authors try to postpone detection by security vendors for as long as possible. Which is

Ransomware attacks have made a lot of headlines in the past year with several high-profile cases, including that of the Hospital in Los Angeles which had its data encrypted and ended up paying the ransom to get it back. Recently, the Ottawa hospital in Canada was also hit but able to contain a ransomware attack. We discovered the website of another Canadian

Author’s Note: We at Malwarebytes continue to do our part in educating our product users and constant blog readers about day-to-day online threats and how they can avoid falling prey to them. “PUP Friday”, our latest attempt at getting users acquainted with files they may need to watch out for in the Wild Web, offers an in-depth look at some interesting and

In recent variants of the infamous DNS-changer adware we have found that the coders use a particularly interesting method to bypass the default restrictions imposed for executing Powershell scripts. Execution restrictions To protect Windows users, Microsoft has chosen not to allow the execution of Powershell scripts by default. The default setting for the E

This blog post explains what FEATURE_BROWSER_EMULATION is and why browser hijackers seem to love it. It also points out that this does not mean it’s automatically a problem if you have one or more of them. What is FEATURE_BROWSER_EMULATION? FEATURE_BROWSER_EMULATION is a registry key that allows you to set a different default document mode for the web-browse

We are all very familiar with URL shortening services, which are regularly used in Tweets and other social media. It is no secret that cyber criminals also use URL shorteners to aid them in achieving their objectives. URL shorteners are often used by cyber criminals to obfuscate redirects to malicious destinations. Recently, a URL shortening service was used

WebSearcher is an adware application brought to you by “Web Fox” and usually comes bundled with “extremely useful” applications like “Video Codex” and “Video Player”. WebSearcher uses a proxy to insert the advertisements into your normal web experience.  What makes this one different? What makes this one different is that it uses a set of permissions to get

Users of popular accounting software Quickbooks should keep an eye out for this fake “Intuit Security Warning” themed email currently in circulation, encouraging you to update your browser with a zipped download. The email reads as follows: INTUIT Security Warning As of November 5th, 2015, we will be updating the browsers we support. We encou

Author’s Note: We at Malwarebytes continue to do our part in educating our product users and constant blog readers about day-to-day online threats and how they can avoid falling prey to them. “PUP Friday”, our latest attempt at getting users acquainted with files they may need to watch out for in the Wild Web, offers an in-depth look at som

Ransomware has been wreaking havoc on personal computers for several years now and it was recently made public that cyber criminals were going after personal websites as well. Poorly secured or vulnerable Linux web servers have always been valuable resources for their versatility in hosting or distributing threats. Security firms DrWeb and BitDefender have i

With Thanksgiving weekend just a few sleeps away, one can’t help but feel the air charged with a little excitement—perhaps, even a little danger. News outlets, marketers, and retail owners are looking forward to not just the huge deluge of people to brick-and-mortar stores and online shops, but they also anticipate buyer spending to increase yet again this y

Vonteera is an adware family that has been around for years. They stand out from the rest because of their very intrusive changes to the affected systems, which is why you will see them classified as Trojan by some anti-malware solutions. Recently, they added a new trick to their arsenal: using system certificates to disable anti-malware and anti-virus softw

So many home, and even business users, are complacent about the level of protection they are currently receiving from their traditional anti-virus (AV) software. I have real-time protection in my AV!  That’s enough, right? Nope. Not any more. The malware ecosystem has changed drastically in the past 10 years, to the point that the old precautions are j

Although this one has been around for a while, DynamicPricer deserves some attention because of the different approach it uses compared to other Potentially Unwanted Programs (PUPs). What’s different? Where other adware applications look for sneaky ways to invade your up-to-date browsers or even install their own browser on your system, this one just instal

A potentially unwanted program (PUP) called Video Saver, belonging to the Neobar family of browser hijackers, has been found to use a different trick to “convince” their victims to use their search engine “Search with us!”. It will show the victims a prompt to let them know there are restrictions in effect on their computer and to contact their system admini