R3v3rs3e's Blog

SEO Poisoning scores a goal at the 2010 Winter Olympics

Posted by Steve Espino on February 23, 2010


Blog entry here

Posted in Malicious Intent, Rogue Apps | Tagged: , , , , , , | Leave a Comment »

Porntube Anyone? Bonus Scareware!

Posted by Steve Espino on February 23, 2010

Blog entry here

Posted in Malicious Intent, Rogue Apps | Tagged: , , , , , , , , , | Leave a Comment »

Social Engineering Tactics Promote “Miracle” Berries

Posted by Steve Espino on January 22, 2010

I received an unlikely Yahoo! IM from a long time friend with whom I have not been in contact with for quite a long time.

Af first I thought, wow this would be a good time to catch up.

She buzzed me and asked me if I was busy, then gave me a URL to try out very quickly and tell her what the results tell me.

Well, here’s the screenshot:

The link was: hxxp://freakyloverresults.com

At this time I was already suspicious about the whole thing. So I tried out the link in a controlled environment. There were a series of redirections and my browser was redirected to:

hxxp://www.acaipowermax.com

It seems that whoever I was talking to was not my friend (possibly a bot). She might have been a victim of a phishing scam, and her Yahoo! IM account was being used as part of this social engineering tactic in order execute the Acai Berry spam which has been bugging people for ages.

This one was a bit harmless as the whole exercise was just another form of spam. But as always, I would like to remind everyone to be careful of clicking links, even if they come from people you know.

Posted in Uncategorized | Tagged: , , , , | 2 Comments »

Scareware uses Fake Windows 7 Action Center

Posted by Steve Espino on December 8, 2009

Privacy Center, Privacy Components and Safety Center are some of the aliases used by this family of scareware that hide under the guise of a fake Windows 7 Action Center.

The scareware installer uses the filename win_protection_update.exe and once installed, this scareware displays fake scan results in an attempt to convince unsuspecting users into buying the fake software.

A lifetime license for this fake app amounts to a hefty $79.95 plus $19.95 for “Premium Support”.

Here are some domains related to distributing this attack:

software-scaner-online.com
scaner-online-malware.biz

PC Tools Spyware Doctor with Antivirus detects this scareware as RogueAntiSpyware.PrivacyCenter.AJ.

Posted in Rogue Apps | Tagged: , , , , , , , , , , , , , , , , , , , , , , | Leave a Comment »

Fake codec used by porn site

Posted by Steve Espino on December 7, 2009

Here’s another porn site distributing malware under the guise of video codecs:

hxxp://adultsvideo.cn/

Unsuspecting users wanting to view the adult videos are tricked into downloading and installing the fake codec.

The fake codec can be downloaded from this url:

hxxp://freebigutilites.com/ActiveX-Video-Codec.45092.exe

The server spits out files that have different MD5s each time.

ThreatExpert report here

PC Tools Spyware Doctor with Antivirus detects this fake codec as Trojan.FakeAlert.

Update:

Here’s another site that purports to host “Free Full Lenght Movie” porn clips and uses fake video codecs in order to lure unsuspecting users into downloading and installing their rogue antivirus software:

hxxp://freeanalsextubemovies.com/video1483/porn/

Clicking anywhere on the video screen area gives us the following link to a file named video.exe:

hxxp://homeamateurclips.com/video/video.exe

The award-winning PC Tools Spyware Doctor with Antivirus blocks this fake software as RogueAntiSpyware.SecurityTool.

Posted in Malicious Intent | Tagged: , , , , , , , , , , , , | Leave a Comment »

Spyware Doctor with AntiVirus 2010 gets 4.5 out of 5 stars from How-to Geek

Posted by Steve Espino on November 6, 2009

PC Tools’ award winning Spyware Doctor with AntiVirus 2010 has done it again, earning a rating of 4.5 out of 5 stars as reviewed by How-to Geek.

Spyware Doctor with Antivirus is a top-rated malware, spyware & virus removal utility that detects, removes and protects your PC from thousands of potential spyware, adware, trojans, viruses, keyloggers, spybots and tracking threats. Spyware Doctor’s advanced Intelliguard technology only alerts users on a true spyware and virus detection. Spyware Doctor with Antivirus has the most advanced update feature that continually improves its spyware and virus fighting capabilities on a daily basis. As spyware gets more complex in order to avoid detection, Spyware Doctor responds with new technology to stay one step ahead.

More details here.

Posted in Uncategorized | Tagged: , , , , | Leave a Comment »

MaCatte scareware fools users by masquerading as McAfee

Posted by Steve Espino on November 3, 2009

rogue2

MaCatte Antivirus is a rogue av that attempts to impersonate McAfee scanners in order to scam users, which PC Tools Spyware Doctor with Antivirus aptly detects as RogueAntiSpyware.MaCatte

This scareware has been seen to be using a bogus My Computer online scan similar to ones we’ve seen here, here and here.

rogue6

The online scan can be seen on this url:

hxxp://proscan5.info/25/26-088wLzQzL1EzL==

The downloader being served from this url is time-sensitive and will not work after a period of time. A session ID of some sort is embedded on the binary executable itself. After such time has elapsed, the downloader tells the user to contact MaCatte Antivirus support people. This prevents reverse-engineers from replicating the infection and gathering samples for analysis.

Presence of these files / folders would signal infection from this scareware:
C:\Documents and Settings\All Users\Application Data\msca
C:\Documents and Settings\All Users\Application Data\msca\MaCatte.ico
C:\Documents and Settings\All Users\Application Data\msca\mcull.exe
C:\Documents and Settings\All Users\Application Data\msca\msc.exe
C:\Documents and Settings\All Users\Application Data\msca\Viruses.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Media\WPtect.dll
C:\Documents and Settings\All Users\Desktop\MaCatte.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\MaCatte
C:\Documents and Settings\All Users\Start Menu\Programs\MaCatte\MaCatte.lnk

Unsuspecting users are set back from their hard-earned money by a hefty $99.

Stay away from these rogue apps.

Posted in Uncategorized | Tagged: , , , , , , , , , , , , , , | 2 Comments »

Sysinternals Releases Disk2vhd v1.0

Posted by Steve Espino on October 20, 2009

Sysinternals has recently released Disk2vhd that “simplifies the migration of physical systems into virtual machines (p2v).”

Disk2vhd is a utility that creates VHD (Virtual Hard Disk – Microsoft’s Virtual Machine disk format) versions of physical disks for use in Microsoft Virtual PC or Microsoft Hyper-V virtual machines (VMs)

More here.

Posted in Tools | Tagged: , , , , | Leave a Comment »

Spyware Doctor with AntiVirus 2010 wins PC Mag Editor’s Choice

Posted by Steve Espino on October 16, 2009

This just in: on 15th October 2009, Spyware Doctor with AntiVirus 2010 wins PC Mag Editor’s Choice award!

The latest Spyware Doctor proved effective in every area of malware removal and blocking. It’s a great product.

The award-winning Spyware Doctor with AntiVirus 2010 can be downloaded here.

Posted in Uncategorized | Tagged: , , , | Leave a Comment »

Sysguard / Winifighter Clones

Posted by Steve Espino on October 15, 2009

Here are some screenshots of the members of this scareware family:

[gickr.com]_6c803672-8a5f-25e4-5109-31b55ebdf362

Beware of these rouge apps.

Posted in Rogue Apps | Tagged: , , , , , , , | Leave a Comment »

« Previous Entries
 
Follow

Get every new post delivered to your Inbox.