19
Oct
08

AntiMalware 2009 – 1 domain added – 1 file added (24/36)

post info

By lithium
Categories: Database Update
1 Comment

Note: This site is distributing Rogue “Fake” Anti-Malware product.  Do not visit, pay, or download the software discussed below.  See how to remove AntiMalware 2009 below.

We came across a new domain today pushing AntiMalware 2009 (Web Spy Shield).   The site automatically reduces to a popup and then goes directly to a fake scan.  This leads us to believe that this domain will be used in ad affiliate abuse similar to the motigo incident.

Site: http://www.online-antivirus.net/
Related: http://scanner-protection.com/

The site is reduced to the following popup:

Online-Antivirus.net Popup

Fake scan page:

AntiMalware 2009 Site

Shared NS:

Shared NS for Online-Antivirus.net

File: AntiMalware2009Installer.exe
VirusTotal: Result: 24/36 (66.67%)
File size: 185856 bytes
MD5…: 8034e6173dc96d06af86d40fd3b5210d
SHA1..: 7d01d523950bb9e574d46676597b15730f68ae09
SHA256: 440539c77605e1fbc8b4d62b7f552a9875d609b06860a0dbbf10bfb07db7c450
SHA512: 7086dc8f48469cbe8945b0123db77ea063cf74452476bf5221575a6675fe690e
ed2b3ddc68d378fe988030a6797dc494981068746a92323eff749d279725327e

Removal:

Remove this threat with MalwareBytes!

1 Response to “AntiMalware 2009 – 1 domain added – 1 file added (24/36)”

Feed for this Entry Trackback Address View blog reactions
  1. 1 elhoim Oct 21st, 2008 at 2:47 am

    Which tool do you use to see shared NS and have such a nice visualization?

Leave a Reply

You must login to post a comment.

« Malware distributors give “flu shot” to prevent viruses!
Smart Antivirus 2009 – 1 Site Added – 1 File Added (0/36) »


 

October 2008
M T W T F S S
« Sep   Nov »
 12345
6789101112
13141516171819
20212223242526
2728293031