03
Nov
08

Antivirus Pro 2009 – Exploiting Human Weakness for Money

post info

By lithium
Categories: Database Update, Malicious Domains, Rogue Security Software and Rogue Software
0 Comments

Note: Thie sites we talk about in this post distribute Rogue “Fake” Anti-Malware product.  Do not visit, pay, or download the software discussed below.

Almost everyday our viewers ask us about Rogue anti-malware software.  Out of all of the questions we receive, the most common is “When will these attacks stop?”  The sad truth is that we cannot see an end to this problem in near sight.  As long as the malicious individuals are able to trick or force users into downloading, installing, and eventually paying for their fake “Rogue” anti-malware products, they will continue to develop and push the envelope.

AntivirusPro 2009

Antivirus Pro 2009

The user will be prompted with the following message in the event that the browser blocks the download.  When the user clicks on “Click here to get full advanced real-time protection and continue browsing”, it will automatically forward them to the payment gateway page.

“Insecure Internet Activity. Threat of Virus Attack!  Due to the insecure Internet browsing your PC can easily get infected with viruses, worms and trojans without your knowledge, and that can lead to system slowdown, freezes and crashes”

Antivirus Pro 2009 Browser Warning

Installer:

There are three possible options to the Antivirus Pro 2009 Installer. Continue, Terms of Service and Cancel.

Antivirus Pro 2009

Canceling the Installation:

When attempting to exit the installer via the cancel button, the setting defaults to “Continue with installing and running free scanner.”

Antivirus Pro 2009 Cancel Install

Terms of Service:

Antivirus Pro 2009 Terms of Service

Interface:

The interface may look convincing to unsuspecting victims.

Antivirus Pro 2009 Interface

Scare Messages:

Victims are presented with various scare messages to entice a purchase.

“WARNING! Antivirus Pro 2009 has found 27 useless and UNWANTED files on your computer!”

Personal data at the reach of anyone’s hand

Internet history records available

Compromising and adult material stored on your system

Chat sessions’ logs and personal Emails easily reachable

Antivirus Pro 2009 Scare Tactics

Payment Gateway:

hxxps://secure.soft-payments.com via AS20495 (WEDARE We Dare BV Autonomous System)

secure.soft-payments.com

Antivirus Pro 2009 Payment Gatweay

SharedNS:

Antivirus Pro 2009 Shared NS

VirusTotal:

7/36 (19.44%) –>hxxp://www.av-pro-2009.com

7/36 (19.44%) –> hxxp://xp-as-2009.com

11/36 (30.56%) –>hxxp://xpas-2009.com

16/36 (44.44%)–> hxxp://av-pro2009.com

16/36 (44.44%)–>hxxp://avpro-2009.com

16/36 (44.44%)–>hxxp://avpro2009.com/

Removal Information:Need help removing this malware?
Click here for more information on the removal process.

Don’t forget to ask for help in our user forums!

0 Responses to “Antivirus Pro 2009 – Exploiting Human Weakness for Money”

Feed for this Entry Trackback Address View blog reactions
  1. No Comments

Leave a Reply

You must login to post a comment.

« Prodigy Antivirus – 5 files added – 1 domain added [Low Detection]
Antispyware 2008 Rogue Served Through Download.com Ads »
SANDBOX

SANDBOX ANALYSIS PAGE




 

November 2008
M T W T F S S
« Oct   Dec »
 12
3456789
10111213141516
17181920212223
24252627282930