Symantec Connect
  • Login
  • Register
  • All of Connect
    • All of Connect
    • Backup and Archiving
    • Endpoint Management & Virtualization
    • Storage and Clustering
    • Security
    • Inside Symantec
    • Vision User Conference
    • Partners
    • Developers
    •  
  • Overview
  • Forums
  • Articles
  • Blogs
  • Downloads
  • Events
  • Videos
  • Groups
  • Ideas

Security Response: Showing posts tagged with Security: Showing posts by Fred GutierrezSyndicate content

Login to participate
The Layers of Trojan.Ransompage
Fred Gutierrez | August 5, 2009
0 comments

Trojan.Ransompage is interesting because it is the first ransom threat that is designed to target three different browser platforms. Not only has the malware author chosen to target the two most popular browsers in Firefox and Internet Explorer, but Opera is also a target. This shows that the malware author wanted to target more than one browser in order to maximize the chances of success in case an infected user decided to change browsers rather than pay the ransom.

To attack Internet Explorer users the Trojan will drop a file called msmedia.dll and install it as a browser helper object (BHO). To target Firefox users the Trojan will install an extension called “informer” that consists of the following files: install.rdf, chrome.manifest, informer.xul, and informer.js. With Opera, the Trojan will drop a file called feeder.js that also acts as an extension and is written in JavaScript. These three different payloads all have the same functionality. They will...

Read more
Tags: Endpoint Protection (AntiVirus), Malicious Code, Security, Security Response
Browsers and Ransoms
Fred Gutierrez | July 24, 2009
0 comments

We have already written about threats that can encrypt files or lock victims out of their computers in order to extract a ransom. Today I want to talk about yet another similar threat. It uses scare or nuisance tactics—similar to rogue antivirus programs—in an attempt to demand ransom from its victims.

Once infected with Trojan.Ransompage, a victim’s browser will display a persistent inline ad on every page that the victim visits. The ad will cover part of the original Web page, as shown below.

imagebrowser image

The ad will stay on the screen even if the page is scrolled:

imagebrowser image

This ad is written in...

Read more
Tags: Endpoint Protection (AntiVirus), Emerging Threats, Malicious Code, Online Fraud, Security, Security Response

About Security Response Blog

Our security research centers around the world provide unparalleled analysis of and protection from malware, security risks, vulnerabilities, and spam.
Filter by:

Blog Tags

10.x 11.x 9.x and Earlier Antivirus2010 Backdoor.Tidserv Brightmail Gateway Emerging Threats Endpoint Encryption Endpoint Protection (AntiVirus) Endpoint Protection Small Business Enterprise Security Manager Evolution of Security General Symantec IT Healthcare Landscape IT Risk Management Internet Security Threat Report Live PC Care Malicious Code Misleading Applications Mobile & Wireless Online Fraud Password Management Restore Security Security Risks Spam Sykipot SymbOS.Exy Symbian Trojan.FakeAV Trojan.Zbot VirusDoctor Vulnerabilities & Exploits Windows Zeus
© 2010
  • Symantec Corporation
  • Contact Us
  • Get RSS
  • Privacy Policy
  • Symantec.com