Generally one has the false belief that malicious code is trivial that any technical problems solved by just formatting the system or acquire any of the known anti-malware market offers today.
However, on the one hand, the reality is that behind the development of malware hides a very large business in which every day must be added more "associates". Moreover, what happens when we plan to buy this antivirus is just the opposite.
This is the case of the
Anti-Virus Live 2010 or what is the same,
Anti-Virus Elite 2010 malware
scareware type (or
rogue), which makes it quite evident that the processes and mechanisms by which deceives order to steal your money are well oiled and well thought out.
At first instance, as is usual in this type of threat, the strategy is supported by a website that is used to "bait" to lure potential victims, saying all sorts of justifications to "prove" some credibility on the false antivirus, which complements a typical
disinformation campaign.
So far, nothing interesting. Except for the possibility of requesting assistance via chat. Interesting. Then check if this condiment is legitimate ... Yes it's.
Consequently, communication was established through this option with the surprise that immediately got response from the other side. You can then take the short conversation via chat.
We basically said Dennis, the merchant, which among other things the course antivirus is compatible with all versions of Windows, its value is
USD 27, which only supports English and no enterprise version and no problems eliminating
conficker.
Let us briefly discuss these points. Obviously, the scareware must be compatible with all versions of Windows as it's this time the audience that the threat is directed. Why? Simply because more than 80% of people use Windows as the main operating system in home environments where the potential for finding a particular victim increases. This way is much more likely "to close business."
For the same reason there isn't version for GNU/Linux, even, not even version oriented businesses; because usually, the companies have a higher level of security where probably the scareware not find results.
Why English and not Russian? Because English is the third most popular language. Its cost,
USD 27, represents a competitive value that's commensurate with the average cost of legitimate antivirus programs. And regarding conficker, whether by
koobface wondering, the answer would have been the same.
A very interesting fact that helps to understand its true magnitude of the illegal business of malware, is the error committed by the "affiliate" Dennis when requesting the URL to buy a false solution. It gives us the url
registryfix.com/purchase and time of comment that is not in question the supposed solution, offering the proviso
antivirus-elite.com/purchase the corresponding url.
However, we were trying to close "business" by
Anti-Virus Live 2010 and not
Anti-Virus Elite 2010, making it clear that this is the same threat under different names. Even the same "partner" manages and markets various alternatives under similar mode. In this case, also offering the fraudulent sale of
Registry Fix, another associated with
NoAdware and scareware
ErrorClean.
From a technical point of view, the domain of this threat is in the IP address
204.232.131.12, hosted by the
ISP Rackspace, located in the city of Hoboken in the United States under
AS27357.
According to the history of this AS, the activities generated by malicious code are important
From the website you download an executable named
setup.exe (MD5: C50DC619E13345DEC2444B0DE371DFD4) which corresponds to scareware installer with a
low rate of detection.
As we see, the cybercriminals don't get tired of spreading increasingly aggressive threats that accompany the infection process through marketing campaigns, even very similar to those used by many antivirus companies.
Related informationA recent tour of scareware XIXGreen IT utilizado para la propagación de scarewar...Scareware. Repositorio de malware In-the-WildScareware. Estrategia de engaño propuesta por Personal AntivirusCampaña de propagación del scareware MalwareRemovalBotJorge Mieres
Ver más