Note: This site is distributing Rogue “Fake” Anti-Malware product. Do not visit, pay, or download the software discussed below.
Site: hxxp://online-xp-antivirus-checker.com
Site: hxxp://u-software-online.com
Site: hxxp://xp-vista-scanner-pro.com
File: antivirus.v.1.0.0.exe (F266042DE7BDC7C331ED6B58DD7CEB76)
VirusTotal: Result: 9/36 (25.00%)
File: antivirus.v.1.0.0.exe (4CCB6BCC93E756228473DFF6E399F984)
VirusTotal: Result: 1/36 (2.78%)
File: isk6zw3g (6DB80E69BAD681E115A30179CDF55262)
VirusTotal: Result: 9/36 (25.00%)
Note: This site is distributing Rogue “Fake” Anti-Malware product. Do not visit, pay, or download the software discussed below.
Time after time we see rogue campaigns change names and morph to evade detection. While researching rogue domains we came across a new one which looks strikingly similar to the “Internet Antivirus” (pictured below) rogue. The interesting thing about this is that Internet Antivirus is a fairly new rogue campaign and it is expanding already.
becomes
Internet Antivirus
Site: hxxp://internet-antivirus.com/
File: InternetAntivirus.exe (2dee323a0ef6f65aa2a2592f6438e499)
VirusTotal: Result: 2/36 (5.56%)
Antivirus Security
Site: hxxp://antivirussecurity-solution.com
File: Install.exe (c61f3df0220e78bd8050e47e7d57085f)
VirusTotal: Result: 6/36 (16.67%)
Note: This site is distributing Rogue “Fake” Anti-Malware product. Do not visit, pay, or download the software discussed below.
Yesterday we posted about the Smart Antivirus 2009 rogue discovery by Sunbelt. Today we observed a new domain pushing a new version of Smart Antivirus Today. Only 1 out of 36 companies detect this one as of this post.
Site: hxxp://smart-antivirus-hq.com
File: setup.ver1_1000.0_.exe (240a916eb37dd70e3bf71e2b986b7e82)
VirusTotal: Result: 1/36 (2.78%)
File: setup.ver1_1000.0_.exe (7837652dcf843ac7fb587f27b238b2ca)
VirusTotal: Result: 2/36 (5.56%)
Removal:
