MalwareIntelligence is a site dedicated to research on all matters relating to anti-malware security, criminology computing and information security in general, always from a perspective closely related to the field of intelligence.

5.3.09

Strategy aggressive infection Police XP Antivirus

After commenting on the campaign visual social engineering employed by the Police XP Antivirus scareware, we have a extra spice which also seeks to exploit fully the social engineering in the natural characteristics of the human factor.

The same domain from which you download the binary install.exe is used to disseminate another trojan, through a fake PornTube page; codec.exe (MD5:a90e8a945f5cce31db00cac14a26418c), also belonging to the family of Police XP Antivirus.

When infecting the computer, the trojan makes shortcuts on the desktop of the user that refer to the following web sites that are spread by spam:

> http://www.quality-rx .com/?fid=1056">Cheap Pharmacy> http://www.quality-rx .com/?fid=1056"> Online>> http://www.quality-rx. Com /? Fid = 1056
> http://allisoftware .com">Cheap> http://allisoftware .com"> Software>> http://allisoftware. Com
> http://affiliate.goldvipclub .com/remote/SmartDownload.asp?affid=760">VIP> http://affiliate.goldvipclub .com/remote/SmartDownload.asp?affid=760"> Casino>> http://affiliate.goldvipclub .com / remote / SmartDownload.asp? Affid = 760
> http://www. mp3sale .ru/?pid=507">MP3> http://www. mp3sale .ru/?pid=507"> Download>> http://www. MP3Sale. ru /? pid = 507
> http://www.smstraper .com/go/MTEzOjA=/">SMS> http://www.smstraper .com/go/MTEzOjA=/"> TRAP>> http://www.smstraper .com / go / MTEzOjA = /
>http://www.adultwebfind .com/search .php?aid=16851&keyword=sex">Search>http://www.adultwebfind .com/search .php?aid=16851&keyword=sex"> Online>> http://www.adultwebfind .com / search. Php? 16,851 aid = & keyword = sex

By accessing the shortcut VIP Casino is downloaded executable SmartDownload.exe (MD5:0f47f132f9e3d2790a6b27ffc2c502b0), and MP3 Download direct access to the domain http://xp-police-09.com/lands/error/ from where it deploys a new strategy of deception by simulating an error.

After a few seconds, the user begins to experience the deployment of pop-up alerts on suspected infections and false registration applications program.

However, until this instance, actions can be viewed by the victim, but still happen in the background other actions that directly involve the discharge of the components of scareware XP Police Antivirus.

Related information
Campaign Police Antivirus XP spreading through soc...
A recent tour of scareware IV
AntiSpyware 2009 has expanded its offers malicious...
New strategy to disseminate scareware IS
Attacking Mac systems through false security tool

Jorge Mieres

1 comentarios:

Unknown said...

Phentermine Affiliate is best affiliate program.Good to see all the shared information about Online Generic Pharmacy.

Post a Comment