Campaign Police Antivirus XP spreading through social engineering visual

The strategies of deception through visual social engineering, as are the cases that simulates viewing video online and tries to download malware under the guise of lack of the required codec, have become commonplace and almost always the case should bear in mind the user to escape from a potential infection.

On another occasion he told them how the IE Defender scareware used a similar campaign to spread your installer using the same strategy of deception. This time, the shift to exploit this technique is for XP Police 2009.

All domains that involve campaign routed to http://sexybabes18.com/video/ under the IP address 84.243.197.10. In this instance you download a binary file called setup.exe (MD5: 6ba25f5f8ed91db92305f92beef1fe84) from the Web site Police XP 2009.

By accessing the website of scareware, which uses IP addresses 213.163.65.10, 213.163.65.10 and 206.125.44.28, we can verify that the file being downloaded is the same.

The domains are currently operated by Police XP 2009:

xp-police-09. com
xp-antivirus-police. com
xp-police-engine. com
xp-police. com
xp-police-2009. com
xp-police-av. com
mail.xp-police-antivirus. com
ns1.xp-police. com
ns2.xp-police. com
ns3.xp-police. com
ns4.xp-police. com
www.xp-police-09. com
www.xp-police-antivirus. com
www.xp-police-av. com
www.xp-police-engine. com

This attack technique is actively exploited by one of the many scareware there, so it is possible to see more false security programs using this strategy.

Related information
A recent tour of scareware IV
AntiSpyware 2009 has expanded its offers malicious...
New strategy to disseminate scareware IS
Attacking Mac systems through false security tool

Jorge Mieres