Everyone, The content of this blog will be moving to http://pandalabs.pandasecurity.com. Therefore, you can find new and interesting posts at http://pandalabs.pandasecurity.com or www.pandalabs.com for this point on.        Read Full Story

Last week PandaLabs discovered a new tool for creating fake YouTube video pages as a way of deceiving users into installing malware. The vector for infection is similar to many fake codec based malware attacks seen in recent weeks (CNN, MSNBC, etc). The flexibility of this tool allows anyone to direct the fake Adobe Flash update error to any malicious [...] Read Full Story

It’s not just banks that hackers deploy phishing attacks against; it has been seen that hackers also deploy attacks against other payment processing services such as MoneyGram, Equifax, Western Union, etc as a way of gaining profit through harvesting personal details. Read Full Story

The Statement of Fees malspam campaign continues today with additional messages containing new Trojans. This round is distributing the W32/Autorun.AFC.worm malware which connects and downloads a file called lspr.exe. Read Full Story

There is another round of spam messages claiming to be a ticket receipt for Southwest Airlines. The message attempts to entice the user into opening an attachment containing the electronic ticket which is actually malware classified as W32/Autorun.AEL.worm. The ploy here is the note that the ticket reservation system has changed and that an account has [...] Read Full Story

Recently we have noticed several email messages claiming to come from Lloyds TSB a London, UK based financial entity informing customers that they are required to login and accept an updated terms and conditions, otherwise their account will be suspended. The messages appear to be coming from noreply@illoydstsb.com; however, when further analysis is done on [...] Read Full Story

As we have been monitoring the threat landscape during the last couple of weeks we have noticed an increase in fake anti-malware applications being used to defraud users. While these applications themselves do not provide any level of security for the user in terms of detecting and removing malware; the application itself is designed to trick the user into [...] Read Full Story

This morning the Celebrity spam campaign continued with a few new fake video codec sites delivering a downloader Trojan designed to install a fake security product known as AntiVirus XP 2008. It’s apparent now that a number of these spam campaigns are only interested solely in distributing this one particular fake security product. The file downloaded is called video99.exe or video66.exe and varies depending on the email message and the site used (HTML page names often correspond to the... Read Full Story

This morning the AV XP 2008 spammers were at it again with another round of spam messages claiming to offer an update to Microsoft Windows Vista (we have seen similar attacks before offering false updates). However, when the user clicks the link he/she is directed to a malicious .swf that will download the file install.exe which essentially is a downloader Trojan designed to install AV XP 2008. File size: 203776 bytes MD5…: 0f44ed00c0b67d9e5062b8e2c3574345 SHA1..: 4d9b42bbd950ea0... Read Full Story

A couple of minutes ago another round of spam messages appeared claiming to provide information concerning a statement of fees recently posted (inferring to banking account fees). The message contained an attachment with a fake Microsoft Word Document which actually is an executable (Fees-2008_2009.doc.exe) that installs a Trojan Downloader. Further analysis indicates that the Trojan when installed connects to a php page hosted on a Russian domain to obtain several possible sites as a means ... Read Full Story