MalwareIntelligence is a site dedicated to research on all matters relating to anti-malware security, criminology computing and information security in general, always from a perspective closely related to the field of intelligence.


Campaign Police Antivirus XP spreading through social engineering visual

The strategies of deception through visual social engineering, as are the cases that simulates viewing video online and tries to download malware under the guise of lack of the required codec, have become commonplace and almost always the case should bear in mind the user to escape from a potential infection.

On another occasion he told them how the IE Defender scareware used a similar campaign to spread your installer using the same strategy of deception. This time, the shift to exploit this technique is for XP Police 2009.

All domains that involve campaign routed to under the IP address In this instance you download a binary file called setup.exe (MD5: 6ba25f5f8ed91db92305f92beef1fe84) from the Web site Police XP 2009.

By accessing the website of scareware, which uses IP addresses, and, we can verify that the file being downloaded is the same.

The domains are currently operated by Police XP 2009:

xp-police-09. com
xp-antivirus-police. com

xp-police-engine. com
xp-police. com

xp-police-2009. com

xp-police-av. com

mail.xp-police-antivirus. com

ns1.xp-police. com

ns2.xp-police. com

ns3.xp-police. com

ns4.xp-police. com

www.xp-police-09. com

www.xp-police-antivirus. com

www.xp-police-av. com

www.xp-police-engine. com

This attack technique is actively exploited by one of the many scareware there, so it is possible to see more false security programs using this strategy.

Related information
A recent tour of scareware IV
AntiSpyware 2009 has expanded its offers malicious...
New strategy to disseminate scareware IS
Attacking Mac systems through false security tool

Jorge Mieres

0 comentarios:

Post a Comment