Follow me on Twitter
If you don’t already know it, I am on Twitter. Get the latest security updates on there!
Jerome Segura
|
Happy Canada Day!
Tomorrow is Canada Day. It is our national holiday.
It was 8 years ago that I first came to Canada for a visit to Halifax, N.S. That’s at the same time I met my future wife.
Years have passed and I am still loving this country.
Jerome Segura
|
False Positives are NEVER a good thing
We discovered that one of our products, Paretologic Antivirus Plus is being flagged as malware.
It started with two vendors, and it is now at seven!
Interesting to note that the names that are coming up look pretty much identical… So, does that mean one AV vendor makes a mistake and all the rest of them blindly follow?
We are contacting the approriate people.
Jerome Segura
|
Another fake codec Mac and PC
As I was just finished with the fake Brazzers site, my investigation took me to another very interesting path.
The following IP: 61.235.117.88 from China, hosts malware:
The domain celebnudestars.net pushes PC and Mac Trojans:
The Mac sample is yet again totally undetected:
The PC sample will change your Desktop wallpaper to this:
and install a rogue, System Security:
Stay clear off those sites!
Jerome Segura
|
Fake Brazzers site leads to Malware
This is a look alike of Brazzers.com:
All the download links are malware files, detected as:
Jerome Segura
|
More Mac malware
UPDATE:
Totally undetected variant found:
From the following site:
The Windows version is detected, but not by many vendors:
——————————–
As I was browsing different crack sites with a spoofed user agent (Safari) I came across another Jahlav OSX Trojan:
See the extension at the bottom of the previous snapshot is for an “.exe” but when I click on the link it converts it into a “.dmg”
Very few vendors are detecting this variant:
I did some background check on the original crack site. All bad stuff!
IP: 213.182.197.8
IP Country: Latvia
This IP address resolves to mxs.newhostgroup.ru
34 Hosts on this IP
Number Domain / Host Functions
1. prowarezsite.com
2. prolinesoft.com
3. studiaweb.com
4. inspirationsbymicco.com
5. prosserpianoca.com
6. seexxxfree.info
7. djstevyvee.com
8. topsecretwarez.com
9. therogueelement.net
10. uniquexsoftware.com
11. yourcrackkey.com
12. premieracs.com
13. yoursoftonline.com
14. unix-service.com
15. 2008bloggger.com
16. lyutsifer.ru
17. vipwarezz.com
18. arws.org
19. prava-center.ru
20. zoosexvideo.net
21. kostenlosie.net
22. giveprava.ru
23. dwlsoft.com
24. paysitesmag.com
25. watch-video.info
26. sihuirading.com
27. warezfans.com
28. hacker-pro.net
29. index938.com
30. www.arws.org
31. appz-blog.com
32. klasoft.com
33. warezter.com
34. www.sihuirading.com
More fake codecs from faretransy.com:
I will keep monitoring those links and pass on the information to other security folks.
Those links are dangerous, so proceed with caution.
Jerome Segura
|
Mac users from Germany
The Jahlav-C Mac Trojan has generated a lot of buzz in the Mac community.
Normally, this blog does not get a single visit from Mac users. After all, most things I talk about here are related to PC security.
After I discovered this new Trojan and blogged about it, we saw a spike in traffic coming from Mac users:
Mac users, daily visits prior and after the blog post.
Other thing that I noticed, most Mac users seem to come from Germany:
In fact, Germany is the second country, after the USA that accounts for the most visits to MalwareDiaries.
This reminds me that this blog should be about security in general, not just Windows security.
Jerome Segura
|
Money talks
I have been using this free Firefox add-on called Fast Video Download for a while to save videos from YouTube.
It was really nice and easy to use, all you had to do was click on a icon
on the current page, and it would save your video.
I was quite disappointed when I saw this message:
Here comes the Ask Toolbar again.
Suffice to say, I am not longer using this product and I found a better one for free (without the catch).
Jerome Segura
|
Zheng technology overview
I just made a little video on YouTube that shows our latest free online file scan service.
Check it out here
Jerome Segura
|
Hot day chasing malware away
Today is pretty hot for Victoria BC flirting with 30 degrees Celsius.
But in our office, the temperature is nice and cool at about 22 C.
I am busy finding new malware, preparing a PowerPoint preso, and writing down some new ideas.
We had an excellent lunch today, from of one our SWAT guys, Josh. He made some Greek food
This is my desk:
Why 4 monitors you may ask? Well, the laptop is what I am currently using to write this blog post. The two silver screens are dual monitors for my AV testing box, running Ubuntu 9.04. Finally the monitor on the right is for my company’s email and other documents (SVN etc.).
Back to analyzing some stuff now.
Jerome
|



























