Malware Database

A few months ago we warned of Google sponsored results pointing to rogue anti-malware applications  (read: Sponsored Result != Safe) and more recently we talked about malicious ad content being displayed through pop-up ads hosted by Motigo’s free analytic services (read: Antivirus 2009…brought to you by Motigo).  Today we received word from a fellow security researcher, mwdisector, that a rogue anti-malware application was being served via ads in the bottom right corner of the Download.com website.

In our previous post regarding a related incident where Motigo served Antivirus 2009 rogue pop-up ads we told website Owners to  make sure they fully understand the all of the risks involved in implementing third party tools, ads, or services.

It’s obvious that the ad companies are not doing a good enough job at making sure their links are safe.  For this very reason, you do not see Google Adsense or similar types of advertisements on Malware Database. It would result in our viewers being infected and that is something we cannot have.  MalwareBytes and Panda Security are two companies that we stand by and those are the only type of ads you will see here, ads that we can guarantee not to lead to infections.

Download.com does have an initiative for malware free downloads but they state nothing about making sure their text based and image advertisements are malware free.  We are hoping the people at Download.com read this and take a stand against current and future threats promoted through their sponsored ads!

Rogue sponsored link served via download.com

Points to the Antispyware 2008 Rogue

*Do not attempt to visit this site or download the software*

What it looks like

File: setupxv.exe
VirusTotal: Result: 12/36 (33.33%)
File size: 5620057 bytes
MD5…: 15134735aff21a9162bef607684b9ca4
SHA1..: 72eff32a2187c339115e6842f80f6aa2273c48be
SHA256: f438f8c9b9f04fb4ee4fbbd2b215abbffb863c99e4a7f28012b0b45c8fe628ed
SHA512: f1e6b742c32c2931697d3ac9c06010d91bb4014d87d5d3a7ac8b6f667e5a08d0
f52ab7bb7864d87ad1ee7d9e1f664713b2c59f529869719294f0b380d27f4e44
PEiD..: Armadillo v1.71
TrID..: File type identification
Win32 Executable MS Visual C++ (generic) (75.0%)
Win32 Executable Generic (16.9%)
Generic Win/DOS Executable (3.9%)
DOS Executable Generic (3.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0×412c8f
timedatestamp…..: 0×4466b13c (Sun May 14 04:25:32 2006)
machinetype…….: 0×14c (I386)

Removal Information:Need assistance removing this malware?
Click here for more information about malware removal.
Don’t forget to ask for help in our user forums!