This site brings to you a consolidation of malware articles and alerts, as well as the antimalware solutions to fix and block it all. Please read our About page for more information.

FakeAV has been around awhile. Its infection success can be contributed to its use of social engineering. It typically mimics a security alert that indicates you're infected and offers ways to clean it.

The latest variant is going mostly unnoticed because of the way its spreading... through legitimate sites such as MSNBC.com. A banner advertisement served by msn redirects, and several redirects later we end up with content served by adshuffle1.com. The URLs vary, but this seems to be the most suspicious:

/bdb/fullfrontalfation/728x90.swf

But we don't stop here. Another redirect brings us to domains hosted on 91.213.217.35. So far I've seen:

conduceability DOT com /new/users/root/file/file.exe
which has been tracked by AMaDa: http://amada.abuse.ch/?search=c88c13514cebb65a76d0429ec3879f7d

fairysm DOT com /new/show.php?key=87c1a082278ace8fdf2f63b86db29d6f&u=root

fairysm DOT com /new/2fcf333c783/7909df6ac8d.jar

karolie DOT com /new/forum.php
  Read more...

If you visit a site and you are prompted to install Flash Player 10.37 to view the "video", promptly close that page and do NOT go looking for this download. As of 10/20/2010, Adobe's flash player version is up to 10.1. Version 10.37 is fake.

For confirmation, visit Adobe's forum here:

http://forums.adobe.com/thread/427496

This is a common tactic to get people to install malware. Even if your ISP or company manages to block the initial download attempt, search engines are getting poisoned with links pointing to freeware sites actually hosting the fake flash player.

If you need to install or update your flash player, ALWAYS download it directly from Adobe. Do not get it or accept it from any other site. This also applies to any other professional product you use - don't trust anybody but the original creator of the product.
  

ZeuS is a nasty piece of malware to be compromised with.

This is a generic summary of ZeuS and its origins:

Zeus (also known as Zbot, Kneber, PRG, NTOS, Wsnpoem and Gorhax) is a crimeware kit designed to steal banking information and credentials through various means. The Zeus trojan is spread mainly through drive-by downloads and phishing schemes. First identified in July 2007 when it was used to steal information from the United States Department of Transportation, it became more widespread in March 2009. In June 2009, security company Prevx discovered that Zeus had compromised over 74,000 FTP accounts on websites of such companies as the Bank of America, NASA, Monster, ABC, Oracle, Cisco, Amazon, and BusinessWeek.

http://en.wikipedia.org/wiki/Zeus_%28trojan_horse%29

This trojan has many versions, botnets (each owned by different groups), and vectors of attack. It started out as a Do-It-Yourself kit, purchased and modified with its own features. Some of the more common variants are easier to recognize, but some compromises are very stealthy targeted attacks. The polymorphic nature of ZeuS can be seen over the years:
  Read more...