Malware News Beware of Cancer trollware, might shut down your favorite AV, too

[Der.Reisende]

Security researcher MalwareHunter discovered today a new malware that he initially believed to be ransomware but ended up being just another annoying piece of junk that falls in the category of trollware, also known as crapware.

This piece of software, appropriately named "Cancer," doesn't destroy any files like ransomware, but merely makes your computer go bonkers by playing annoying music, blocking access to several applications, moving your windows and images across your screen, and popping up all sorts of windows out of nowhere.

This malware is what some security experts would call trollware, malware made with the sole purpose of annoying users and making their computer unusable.

Past examples include CainXPiiCleaner, discovered by GData malware analyst Karsten Hahn last November.

Read more @ the article source.

 

[In2an3_PpG]

Sounds like fun.

 

[Like a Western!]

do you have the sample file Ben?

thanks for article by the way <3

 

[Parsh]

The security goodguys too need some entertainment at work, don't they?
While some activities like windows-bombs can be really annoying and bit difficult to handle, this should not be something to worry about, unless one can not get access to process monitors or so.
I'd a scaled down experience of such windows bomb with a startup entry. Took some patience to kill it first, to remove it.

 

[Parsh]

do you have the sample file Ben?

thanks for article by the way <3

Try it sandboxed or VMed only, if you wish to. It may get worse

 

[Like a Western!]

Try it sandboxed or VMed only, if you wish to. It may get worse

what about Shadow Defender?

 

[Deletedmessiah]

This is some funny malware.

 

[Like a Western!]

its still a malware. do unwanted things/changes without our premission ! if your antivirus be really watching your system changes, should be able to stop this malware from do these troll things.. !

i like to see how Kaspersky SystemWatcher will react to this trollware.

 

[Parsh]

what about Shadow Defender?

Yes, that's awesome!
It's not much common, so didn't mention it.
I'd got a similar but simpler prankware when I had the very old Avast in my Win 98. It didn't do anything then. I guess Avast was not much educated back then.

 

[Like a Western!]

i found the sample from hybrid-analysis, Dr.Web failed
i submit the sample for them, once they analys it , their behavior blocker should learn this behavioral algoritm, we'll see what happens
@Parsh as you have Kaspersky, may i ask you test the sample in your VM with Kasper ?

 

[In2an3_PpG]

Reminds me of old virus's that used to annoy the hell out of you.

 

[Parsh]

i found the sample from hybrid-analysis, Dr.Web failed
i submit the sample for them, once they analys it , their behavior blocker should learn this behavioral algoritm, we'll see what happens
@Parsh as you have Kaspersky, may i ask you test the sample in your VM with Kasper ?

Good!
Kaspersky is on my main Host PC.
I'm currently testing malware with different setup in VM. Will let you know though

 

[Solarquest]

i found the sample from hybrid-analysis, Dr.Web failed
i submit the sample for them, once they analys it , their behavior blocker should learn this behavioral algoritm, we'll see what happens
@Parsh as you have Kaspersky, may i ask you test the sample in your VM with Kasper ?

Can you please upload it on zippyshare and post the link in the HUB for us to test it vs our AV?
thank you!
Malware Vault (Samples)

 

[Solarquest]

what about Shadow Defender?

SD is fine too, allowed in the HUB for testing...but I would never run a malware, crapware on my good pc with important data on it.

 

[Like a Western!]

Can you please upload it on zippyshare and post the link in the HUB for us to test it vs our AV?
thank you!
Malware Vault (Samples)

i cannot i'm too lazy for that : ))
i will send the hybrid-analysis link for you, you can download the sample with a free registration.

 

[vemn]

hmmm.... anyone has the sample?
Nice to test it =)