Object Browser Adware

[What]
It's an adware (software that automatically displays or downloads advertising material such as banners or pop-ups when a user is online).
It shows in a browser as an add-on, but actually it is also installed as a Windows program.
Even when the add-on is removed manually from the browser, but it will show up again later when you open again the browser.

Screen capture of Object Browser extension on Chrome.

[When]
Object Browser toolbar is usually installed unintentionally by the user when they install free software, such as video player and download manager program.


[Impact]
It is not malicious related, but it is not safe either because of the stealthy behavior (installing itself automatically on the web browser without notification.)

[Removal]
The following steps should be done:
Step 1: Uninstall "Object Browser" from the Control Panel>Programs>Uninstall a Program
Step 2: Remove add-ons from the web browser (chrome, firefox, and internet explore)
(Step 1 should be done before Step 2)

Dexter Malware

[What]
Dexter Malware compromises point-of sale terminals.
It steals data from payment cards' magnetic strips and sends the information to the criminals who use it to conduct fraudulent transactions by making card clones.

[When]
Dexter was first detected in December 2012.

[Where]
The variant found on devices in South Africa has affected most banks in the country.
The Dexter code was linked to a series of attacks on point-of-sale systems in the UK, US and dozens of other countries towards the end of 2012.
Paymant Association of South Africa (Pasa) believed that the criminals responsible were based in Europe.

[Impact]
Hundreds of thousands of customers have had their payment card data compromised.

[References]
Dexter payment card malware strikes South Africa http://www.bbc.co.uk/news/technology-24550505
“Dexter” malware infects South African restaurants, costs banks millions http://arstechnica.com/security/2013/10/dexter-malware-infects-south-african-restaurants-costs-banks-millions/
Wikipedia: Dexter (malware) http://en.wikipedia.org/wiki/Dexter_%28malware%29

Pioutus Malware

[What]
Pioutus Malware can be used to induce ATMs to dispense cash directly to thieves, bypassing the need for a skimmer and cloned cards.

[Where]
It has been found on machines in Mexico.

[How]
The thieves picked locks to gain access to the machines and physically installed Pioutus on the ATMs

[Editor's Note]
That's pretty crude way to install it.

Nemim Malware

[What]
Nemim malware includes:
- infection
- downloading
- data-stealing components.

[When]
This malware has been spreading since April 2013 and has compromised thousands of computers.

[Where]
The victims have been primarily concentrated in U.S. and Japan.
A smaller number of infections have been detected in India and U.K.

[How]
It spreads through phishing emails and uses stolen digital certificates.
The infector targets Microsoft users by compromising victims' files in the "User Profile" folder and its subfolders.
Before Nemim downloads itself on victims' machines, it collects details about the infected computer, such as its name, operating system version, local IP address and other details.
Once downloaded, it engages its information-stealing components to hijack account credentials from web browsers and email applications (i.e. Internet Explorer, Firefox, Chrome, Outlook, Windows Mail, Google Talk, Google Desktop and MSN Messenger).

Symantec believes that the perpetrators behind Nemim also developed a data-stealing trojan called Egobot, which has been used to target executives at Korean companies via spear phising emails, ruses crafted for specific individuals at organizations.
There are similarites between Nemim and Egobot:
- similarities in the way stolen information was encrypted and gathered by attackers
- both contained a timer mechanism that allowed hackers to remove the malware from infected computers.

[References]
Hackers compromise certs to spread Nemim malware, which hijacks email and browser data http://www.scmagazine.com/hackers-compromise-certs-to-spread-nemim-malware-which-hijacks-email-and-browser-data/article/316607/