22
Apr
10

new rogue domain: safetypcwork4.com

post info

By bartblaze
Categories: Blackhat SEO, Database Update and Rogue Security Software
0 Comments

Today, I was browsing Google for the recent False Positive from McAfee. Blackhat SEO has been targeting the keywords for this subject. Some related keywords are: McAfee, wecorl, patch, DAT5958
Suddenly, I got redirected to a fake scanner page.

Whois record for safetypcwork4.com

Registrant Contact:
Name: Garritt Kooken
Phone: +86.592257788 fax: +86.592257788
Address: Rue de Virton 237
City: Evegnee 4631
Country: Belgium

packupdate_build107_287.exe
Result: 8/40 (20.00%)
MD5: 9d44165fa043a2f9674055055233598e
VirusTotal
Anubis Report
ThreatExpert Report
Fake Scanner Page: hxxp://www2.safetypcwork4.com

This rogue is called “Windows Performance Center“.

Some screenshot examples:


The Fake Scanner Page

When executing the dropped file ( packupdate_build107_287.exe ):
Setup of the Rogue Program
Setup of the Rogue Program

0 Responses to “new rogue domain: safetypcwork4.com”

Feed for this Entry Trackback Address View blog reactions
  1. No Comments

Leave a Reply

You must login to post a comment.

« Demonstrating the latest IE vulnerability
United States Treasury Website Hacked to Spread Eleonore Exploit Pack Malware »
SANDBOX

SANDBOX ANALYSIS PAGE




 

April 2010
M T W T F S S
« Mar   May »
 1234
567891011
12131415161718
19202122232425
2627282930