MalwareDisasters is a division of MalwareIntelligence. In the same test information is captured about the behavior of malicious code, and also offering the necessary countermeasures to mitigate the malicious actions in question.

2.21.2011

New whitepaper about Carberp Botnet

Is available a new whitepaper that describes the operation of one of the botnets "wanted" by the security community: Carberp.

The article, called Inside Carberp Botnet and written by Francisco Ruiz, Crimeware Research of MalwareIntelligence, details the different parts of this crimeware, leaving evidence of its full operating mode.

In recent weeks, has returned to Carberp impact due to the revival of several of his former C&C. However, experts believe MalwareIntelligence have concrete evidence that would demonstrate that in fact the original group that was behind the first generation of Carberp is broken, and that some of the new botnets that spread banking trojan Carberp are managed through a modified version of the original.

MalwareIntelligence have a Carberp Working Group, responsible for private research and demand of this particular threat. In the main blog, Ruiz also said that a botnet Carberp private market in a very closed environment, but since a few days ago, the marketing model has been released, giving some details of its current features and costs.

Ver más

2.14.2011

Facebook rogue applications still lurking around

For quite some time now there are rogue applications  trying to convince you that you are able to check whoever viewed your profile. There are a lot of different names for this rogue application, some but not all include:

  • creep exterminators
  • catch them being creepy
  • creepy profile peekers
  • privacy bros
  • we catch stalkers
So what will this fake application do? For starters, it will surely NOT show you who's been viewing your profile.  If you land on this application, you will be presented with the following screen:

Profile Creeps application

Request for permission

You then have to allow access from the application so they can show you who's been lurking around your profile. But wait ! You first have to complete a survey and then you are able to check it out. Simple, right?

Facebook verification

Not exactly. These fake surveys are pretty common on the internet. It is a typical scam. For example, I had one particular survey that urged me to download SmileyCentral, the other tried to deliver me Webfetti.

Another fake survey wanted me to fill in my phone number, and afterwards send an (expensive) text message to 'unlock' the application. In addition to letting you fall into one of these scams, the rogue application also promotes itself on all of your friends’ walls:





Rogue application spreading itself on other people’s wall


If you would like to remove it, follow the steps below:
  • Go to your Facebook profile. Find the post that mentions the "stalker" application
  • Skim over it and you will see an X appear. Click on it and choose "Remove (name of the fake application here)".
  • Additionally, you can also report it as abusive to help in stopping these type of applications.
  • Next step is to click on My Account and choose Privacy Settings. Down below you can see "Apps and websites". Click on Edit your settings.
  • Select Remove unwanted or spammy apps. You can now Edit the application and remove it.

MalwareIntelligence Team

Ver más