MalwareIntelligence is a site dedicated to research on all matters relating to anti-malware security, criminology computing and information security in general, always from a perspective closely related to the field of intelligence.

24.2.09

A recent tour of scareware IV

As usual, new variants of known scareware (rogue) are emerging every day using the usual methods of deception (false alerts, domain names alluding, false scans, etc.)..

Some of the latest malware of this style are:

XpyBurner *
MD5: eb8f9f40c563250f53b404b61dbfb491
IP: 72.232.186.20
United States United States Las Vegas Dwd Technologies Llc
Platform: Windows
Associated domains:
Xpyburner. Com
Xpyburnerpro. Com
VT Report: 19/ 38 (50.00%)

Security System *
MD5: 45bcdb17659fc0f6f6277e9e027441cc
IP: 72.232.186.18
United States United States Las Vegas Dwd Technologies Llc
Platform: Windows
Associated domains:
System-tuner. Com
Systemsecurityse. Com

VT Report: 19/ 39 (48.72%)

HDrive Sweeper *
MD5: c1fc9887457353607062fd8df689fde0
IP: 72.232.186.21
United States United States Las Vegas Dwd Technologies Llc
Platform: Windows
Associated domains:
Hdrivesweeper. Com
Hdrivesweeperpro. Com
VT Report: 21/ 39 (53.85%)

System Tuner *
MD5: fa36c3b1d61b6e9d7b2f6b0ee645806d
IP: 72.232.186.18
United States United States Las Vegas Dwd Technologies Llc
Platform: Windows
Associated domains:
System-tuner. Com
Systemsecurityse. Com
VT Report: 22/ 35 (62.86%)

* Encunetran is on the same IP range.

AntiSpyware 3000
MD5: 945725b374fad6a35e24e2e8543a5d85
IP: 210.51.37.113
China Shanghai China-stock-ltd Xindongli
Platform: Windows
Associated domains:
antispyware3000. net
duocw. com
VT Report: 38/ 39 (97.44%)

Virus Doctor
MD5: 82e6594e1d241f23eb2c524beecc9963
IP: 64.86.17.9
Canada Teleglobe Inc. Montreal Canada
Platform: Windows
Associated domains:
mysupervisor. net
virus-doctor. com
pay-virusdoctor. com
trdatasft. com
Online virusdoctor. com
VT report: 21/ 39 (53.85%)

Total Virus Protection
MD5: 84e782738fcef71a8701da221fed94c5
IP: 83,133,123,166 / 92,241,176,220
Germany Wuppertal Germany LNC-dsl-discounter
Russian Federation Russian Federation Wahome Colocation
Platform: Windows
Associated domains:
t61.1paket. com
totalmalwareprotection. com
xpvirusprotection. com
xpvirusprotection2009. com
VT Report: 3/ 39 (7.69%)

MalwareDoc
MD5: af5f63cdaed1e619b65d7bf506e40e3a
IP: 193.138.172.5
Russian Federation Moscow Russian Federation New Communication Technologies
Platform: Windows
Associated domains:
antispyknight. biz
474.metago. Cn beforethehost. Com, bobthejoker. Info atingloves. Ru, farmhut. Net, femoffice. Net, foxtrot1. Biz, friendis. Us, gaysagays. Com, gogogogogogogogogogogo. Cn google-analutuk. Com, iframestat. org, intellpoint. org, avascript. bz, kva-kva. net, Lencom. com, live69. ru, matchwow. us, mycashnew. ru, mynewcards. ru, odnoklassniki-newyear2009. ru, ownroom. org, oy4b-oykb. ru, piontor. com, Pompova. ru, pop.yandex2. cn pornuha. cc, smsgogo. cn topsale. us
VT Report: 7/ 38 (18.42%)

Antivirus 1
MD5: 27a882668aeda52450ef78a0d6e42a30

IP: 70.38.19.201
Canada - Ontario - Toronto - Alexandre Lussier
Platform: Windows
Associated domains:
2010.info anti-virus, antivirus-2010.info, av1-download.info, av1-site.info, downloads.anti-virus-2010.info, tagsdirect.winfamilyholiday.com, Anti-virus1-installs.info
VT Report: 5/ 39 (12.82%)

Related information
A recent tour of scareware III
A recent tour of scareware II
A recent tour of scareware

Jorge Mieres

0 comentarios:

Post a Comment

Subscribe to: Post Comments (Atom)