AntiSpyware 2009 is a known scareware (or rogue) the shares characteristics include, among others, the saturation of the Internet connection and deployment of annoying pop-ups dramatically alluding to the infection of our team, offering to buy the version "pay" of malware on the Internet.
This scareware is operating since 2007, when it was known under the name AntiSpyware and in 2008 as AntiSpyware2008, and has now expanded its range of proposals for disseminating misleading a large number of websites that host it using, even to domains .pro (professional).
Under the IP 18.104.22.168, hosted Dynapp Inc - Georgia.U.S., hide the following domains:
Most design domains share changing only the name of false security or optimization tool.
Finally, we find two facts that are worth highlighting, one interesting and a more than interesting, disturbing.
The first is that this scareware also uses the compression power of the program 7zip to compress thus reducing their harmful binary size by almost 70%. The original size of the downloaded malware is 2.50MB (MD5: c148174afe2e9e36e56a6ffd7fc68cb6), however, to decompress, the weight amounts to 33.3MB (MD5: 02cd088fd922197d9d5fda9890de911c).
The second interesting fact but also very worrying is that the detection rate of this malware is extremely low, a figure we can see through the VT report done on the downloaded binary.
A recent tour of scareware III
New strategy to disseminate scareware IS
Attacking Mac systems through false security tool