MalwareIntelligence is a site dedicated to research on all matters relating to anti-malware security, criminology computing and information security in general, always from a perspective closely related to the field of intelligence.

17.2.09

AntiSpyware 2009 has expanded its offers malicious and use domains .pro

AntiSpyware 2009 is a known scareware (or rogue) the shares characteristics include, among others, the saturation of the Internet connection and deployment of annoying pop-ups dramatically alluding to the infection of our team, offering to buy the version "pay" of malware on the Internet.

This scareware is operating since 2007, when it was known under the name AntiSpyware and in 2008 as AntiSpyware2008, and has now expanded its range of proposals for disseminating misleading a large number of websites that host it using, even to domains .pro (professional).

Under the IP 74.54.156.235, hosted Dynapp Inc - Georgia.U.S., hide the following domains:

drivers. pro
InternetExplorer. pro
javascript.pro
mediaplayer.pro
fixfileextension.com
2squared.com
adwarealert.com
adwarebot.com
antispyware.com
antispywarebot.com
erroreasy.com
errorfix.com
errorkiller.com
errorsmart.com
errorsrepair.com
errorstool.com
errorsweeper.com
evidenceeraser.com
macrovirus.com
malwareremovalbot.com
privacycontrol.com
regfixpro.com
registryfox.com
registrysmart.com
regsweep.com
smitfraudfixtool.com
spywarebot.com
spywarestop.com
updatesregistry.com
paretologic.com
nuker.com
mykeylogger.com
Activexrepair.com
Aolerrors.com
Audiodeviceerrors.com
noadware.net


Most design domains share changing only the name of false security or optimization tool.

Finally, we find two facts that are worth highlighting, one interesting and a more than interesting, disturbing.

The first is that this scareware also uses the compression power of the program 7zip to compress thus reducing their harmful binary size by almost 70%. The original size of the downloaded malware is 2.50MB (MD5: c148174afe2e9e36e56a6ffd7fc68cb6), however, to decompress, the weight amounts to 33.3MB (MD5: 02cd088fd922197d9d5fda9890de911c).

The second interesting fact but also very worrying is that the detection rate of this malware is extremely low, a figure we can see through the VT report done on the downloaded binary.

Related information
A recent tour of scareware III
New strategy to disseminate scareware IS
Attacking Mac systems through false security tool

Jorge Mieres

0 comentarios:

Post a Comment