Malware Database

PandaLabs reports that a new Rogue Antivirus program called Total Defender appeared over the weekend.

_{The following data is included for informational purposes only. Please do not attempt to view or download files from the website.}

Domain: Total-Defender. com
IP: 94.247.2.41
Country: Latvia
Host: DATORU EXPRESS SERVISS Ltd.
Organization: ZlKon

File: total-defender-setup.exe

Connects to:

0    200    HTTP    94.247.2.41    /ck.php    21
1    200    HTTP    94.247.2.41    /tdd.php?i=1
2    200    HTTP    94.247.2.41    /ck.php
3    301    HTTP    94.247.2.41    /tdp.php?ak=24DIGITHASH
4    200    HTTP    CONNECT    pp-pay.net:443
5    200    HTTP    CONNECT    pp-pay.net:443
6    200    HTTP    CONNECT    pp-pay.net:443
7    200    HTTP    CONNECT    bill-support.com:443

Additional Info:

An interesting thing we noticed is that the Rogue did not attempt to scare us into purchasing it, rather telling us that the computer was secure after the scan.  The Rogue authors are probably doing this to keep a high amount of Rogue installations active for the purposes of data theft or for hire services.