MalwareIntelligence is a site dedicated to research on all matters relating to anti-malware security, criminology computing and information security in general, always from a perspective closely related to the field of intelligence.

13.3.09

Campaign scareware infection through false Windows Explorer

Deception strategies are the main feature that uses the scareware to create fear in the user and ensure the implementation of your installer. While the excuses that are used for the deceptions are many, some more prominent than others, increasingly are being more clearly increased efforts to design and create more sophisticated strategies.

In this case, deception is focused on online scans produce a team that always found problems with infection, offering the download of the alleged security tool that will solve the problems. All completely false.

When the user first accesses the malicious page, an alert warns of the potential possibility that our team has been the victim of malicious code.

At this time there is a simulated scans of the team that is represented by a fake windows explorer and an animated gif that shows the progress bar indicating the progress of the scan, and then displays a popup with the nomenclature of alleged threats found in the system.

This image, which offers two options ("Remove all" and "Cancel") is another layer of deception, because no matter what sector of the image is clicked, the same effect: download the installer of malware. A file called install.exe MD5 which is 8eed59709de00e8862d6ce3d5e19cb4a.

Some of the web addresses that are actively exploiting this malicious activity are:

stabilityaudit.com (209.44.126.22)
websscan.com
goscanbay.com (78.159.101.27)
goanyscan.com
goscanever.com
goscanfuse.com
goscanit.com
goscanonly.com
goscanslot.com
gowayscan.com
in4co.com
in4ik.com
megascan4.com
www.goscanonly.com
www.homescan4.com
easywinscanner17.com (209.249.222.48)
fast-antimalware-scanner.com (194.165.4.7)
fastantimalwarescan.com (78.47.91.153)

However, professionals seeking to refine their creators will try to cover as much of the "public" as possible by deploying the strategy of infection in several languages.

Even downloading malware variantsthereof. Thus, the creators of scareware try to cover the two main languages used worldwide such as English and Spanish.

Related information
Strategy aggressive infection Police XP Antivirus....
Strategy aggressive infection Police XP Antivirus
Campaign Police Antivirus XP spreading through soc...
A recent tour of scareware IV
AntiSpyware 2009 has expanded its offers malicious...
New strategy to disseminate scareware IS
Attacking Mac systems through false security tool

Jorge Mieres

0 comentarios:

Post a Comment

Subscribe to: Post Comments (Atom)