Pieter Arntz – Page 8 – WindowsTechs.com

Forced into installing a Chrome extension

Posted on November 29, 2016 by Pieter Arntz

We have found several sites created for the sole purpose of attempting to force users to install a Chrome extension. These sites are usually redirects from domains that offer cracks, keygens, and adult entertainment.Categories: Cybercrime
Social engin… Continue reading Forced into installing a Chrome extension→

Configuring the Windows firewall

Posted on November 23, 2016 by Pieter Arntz

While the built-in Windows firewall may offer adequate protection, this is only true if you check the settings on a regular basis, and certainly immediately after removing an infection.Categories: 101
How-tosTags: allowed programsfrstmalwarenetshPiete… Continue reading Configuring the Windows firewall→

Fake pharma sites are getting even more obnoxious

Posted on November 8, 2016 by Pieter Arntz

Recently, we have noticed that pharma sites seem to have discovered the use of JavaScript to change the “Stay or Leave” messages that you see, when you try to close or leave their sites.

Categories:

Tags: fake pharma JavaScript pharma Pieter Arntz Skype spam

Get your RAT on Pastebin

Posted on October 28, 2016 by Pieter Arntz

A dropper we analyzed downloaded the code for part of its payload from Pastebin on the fly. The payload turned out to be a RAT with keylogging capabilities.Categories: Cybercrime
MalwareTags: keyloggerpastebinPieter Arntzrattempwinlogontrojan(Read mor… Continue reading Get your RAT on Pastebin→

PUP Friday: Content Protector

Posted on October 21, 2016 by Pieter Arntz

Content Protector is an adware that is offered as a netfiltering program. This seems a bit strange for ad-supported software. It also comes with it’s own certificate.Categories: PUPs
Threat analysisTags: adwarecontent defenderContent protectornetfilte… Continue reading PUP Friday: Content Protector→

Youndoo creates new Chrome profile

Posted on October 11, 2016 by Pieter Arntz

A new Youndoo hijacker from the Elex family copies most of the settings from an existing Chrome user account to create a fake, infected one.Categories: Cybercrime
MalwareTags: browser hijackerchromeelexfake Chrome profilePieter ArntzPUPPUPsYoundoo(Rea… Continue reading Youndoo creates new Chrome profile→

Explained: WMI hijackers

Posted on October 5, 2016 by Pieter Arntz

This post describes how WMI hijackers work and why they are hard to find on an affected system. It also shows an example of such a hijacker called Yeabests after the domain it hijacks to.Categories: Cybercrime
MalwareTags: elexhijackerPieter ArntzPUPs… Continue reading Explained: WMI hijackers→

Hosts file hijacks

Posted on September 21, 2016 by Pieter Arntz

The hosts file is the internet variant of a personal phonebook. We discuss a few malware variants that replace or change that phonebook, so you end up calling the wrong sites. The ones they want you to call.Categories: Cybercrime
MalwareTags: dnshijac… Continue reading Hosts file hijacks→

Surfacing HTA infections

Posted on September 13, 2016 by Pieter Arntz

We show two examples of HTA induced infections we have seen recently. Nothing fancy, but feel free to consider it a general warning, that malware authors are expanding the number of file extensions they are using, to spread their payload.Categories: Cy… Continue reading Surfacing HTA infections→

File-in-the-middle hijackers

Posted on August 23, 2016 by Pieter Arntz

This may be a new trend among browser hijackers, but it seems more than a coincidence that we found two browser hijackers using a very similar approach to reach their goal of taking victims to the sites of their choice.Categories: Cybercrime
MalwareTa… Continue reading File-in-the-middle hijackers→