New rogue found today. Kind of a pathetic attempt at this technique from what we’ve seen.
Installs to:
C:\Program Files\Protector\protector.exe
Connects to:
hxxp://spyware-scaner.com/install.php?id=crossales
Whois entry for f1uq1dfi3qkcm.cn 220.196.59.23
Registrant Organization: n/a
Registrant Name: Robert Kroon
Administrative Email: robertsimonkroon@gmail.com
Sponsoring Registrar: 广东时代互è”科技有é™å…¬å¸
Name Server:ns1.freechinadns.com
Name Server:ns2.freechinadns.com
Registration Date: 2009-05-30 22:28
Expiration Date: 2010-05-30 22:28
Whois entry for spyware-scaner.com 212.117.160.21
Name: Robert Kroon
Address: Engelenburg 44
City: Haarlem
Province/state: HAARLEM
Country: NL
Postal Code: 2036
~C1.exe or protector.exe
Result: 4/41 (9.76%)
MD5: ca6680cd3b0d91d6f6a1e9ac9d73f612
VirusTotal
ThreatExpert Analysis
hxxp://f1uq1dfi3qkcm.cn/ue.php
~C1.dll
Result: 1/41 (2.44%)
MD5: 72a193a54283451b7cf1ec745ce33d84
VirusTotal
ThreatExpert Analysis
1 Response to “New rogue anti-malware program: Terminator 2009”
Leave a Reply
You must login to post a comment.