MalwareIntelligence is a site dedicated to research on all matters relating to anti-malware security, criminology computing and information security in general, always from a perspective closely related to the field of intelligence.

6.1.09

A recent tour of scareware

The so-called scareware, also known as rogue, are a series of programs that seek to cause fear in the users through false messages or exaggerated warnings about infections or critical problems in the system that does not really exist on the computer.

In most cases they simulate legitimate security antivirus program geared to Windows platforms (most used) but there are also cases of Mac platforms scareware Its particular objectives are focused, first, downloading other malicious code and on the other, looking for the user to "buy" the fake product.

The only means available for purchase is the Internet, which implies that the user needs to access from the same website scareware to a form and enter confidential information as there is the credit card. Needless to say that the user never receives the alleged proceeds.

But do a little tour of the scareware of last week:

Astrum Antivirus Pro
MD5: f5efcde3fd38255e00c3c69a31709c56
IP: United States USA - Noc4hosts Inc
Associated domains:
74.50.119.187 Astrumavr.com =
Astrumavrpro.com = 74.50.119.187
Astrumsup.com = 74.50.119.187

VTReport: Result: 17/ 38 (44.74%)




Express Antivirus 2009
MD5: 614601490986f7bd1687c63bf5381cef


IP: Germany Germany - Netdirekt E. K

Associated domains:
 Expressantivirus2009.com = 217.20.112.98

VTReport: Result: 11/ 38 (28.95%)



Antivirus Security
MD5: d7282fa6b657a1db2da3bfc64371785c


IP: Germany Germany - Netdirekt E. K

Associated domains:
Antivirussecurity-solution.com = 89,149,255,191

VTReport: Result: 30/ 38 (78.95%)




Total Protect 2009
MD5: 5deacc3d6662b8cad0c53a712f97245e


IP: Latvia Latvia - Zlkon

Associated domains:
Totalprotect2009.com = 94.247.3.60 Securitysolutionsnetworks.com = 94.247.3.61

VTReport: Result: 19/ 38 (50%)




Internet Antivirus Pro
MD5: 6a4337a335e5445892190de3470bb296


IP: Latvia Latvia - Zlkon

Associated domains:
Avpaymentpro.com = 94.247.3.41
Cokiran.com = 94.247.3.41
Go-scan-pro.com = 94.247.3.41

VTReport: Result: 5/ 38 (13.16%)

iSafe AntiVirus
MD5: b5fb5e2cc0aefa942ff1b6b860ff24ad

IP: Latvia Latvia - Zlkon

Associated domains:
ISAF-antivirus.com = 94.247.3.240
Isaferantivirus.com = 94.247.3.240
Isafeantivirus.com = 94.247.3.240

VT Report: Result: 17/ 38 (44.74%)

Jorge Mieres

0 comentarios:

Post a Comment

Subscribe to: Post Comments (Atom)