Recently a Microsoft blog was released describing a new Facebook Trojan classified as JS.Febipos.A by several AV vendors. Febipos is currently active in Brazil and takes control of your Facebook profile using a Firefox and/or Chrome extension that’s installed during execution. I managed to obtain several copies of the Febipos executable, which uses Facebook-like icons in an attempt to appear legitimate, along with being signed by digital certificates from ‘Updates LTD’.
Staying safe online requires more than just avoiding web-sites that look untrustworthy. These days, you might be redirected and/or infected with malware by the advertisement banner showing on a legitimate webpage. To counter this kind of threat, we at Malwarebytes tend to block entire advertiser networks in an effort to prevent our users from being a victim of malicious advertisements or malvertising. The purpose of this blog post is to explain exactly why you might see pop-ups from our Website Blocking function on a site that you thought you trusted.
Once again, Skype has proven itself to be a valuable tool for the spread of malware and other malicious doings by cyber criminals. Our researchers have discovered a scam being spread via Skype that is designed to steal the log in credentials for Skype users by dangling free premium upgrades. However unlike other attacks, this one checks the legitimacy of your credentials before infecting your system with malware.
Malware today is so numerous and diverse that security professionals have known for some time that signature based solutions would no longer be able to cut it alone. Not only are there too many new malware files each day, some of them are able to change their shape and signature as they go along. But,if you can’t recognize something by its looks, you might be able to categorize it by its behavior. This is where methods like HIPS (Host Intrusion Prevention System) come into play.
By definition HIPS is an installed software package which monitors a single host for suspicious activity by analyzing events occurring within that host. In other words a Host Intrusion Prevention System (HIPS) aims to stop malware by monitoring the behavior of code. This makes it possible to help keep your system secure without depending on a specific threat to be added to a detection update.
You may recall a post I wrote back in April about fake Microsoft phone support calls. I had received a call from scammers whose job was to trick me into buying a bogus program for ‘only’ $299. When they saw I was not willing to pay, they got mad and deleted documents and pictures off my (virtual) machine before cutting me off in a very rude way. Well, this time we meet again, but on different terms: I am the one calling them and I make sure I’m collecting as much evidence as possible before waving good bye.