Skip navigation.
Home

lithium's blog

What do you consider to be the most important security issue for 2009?

I'm completing some research on what we feel will be the most important security issues in 2009. Please take a minute to respond to our poll.

Take poll:
http://polls.linkedin.com/p/13823/mbnhg

Thanks!

Exploiting human weakness with AntivirusPro 2009

Almost everyday our viewers ask us about Rogue anti-malware software. Out of all of the questions we receive, the most common is “When will these attacks stop?” The sad truth is that we cannot see an end to this problem in near sight. As long as the malicious individuals are able to trick or force users into downloading, installing, and eventually paying for their fake “Rogue” anti-malware products, they will continue to develop and push the envelope.

More information here...

751f86d2e478387fe0a507a1e6fd7b2d

Antivirus 2009 - 2 files added - 5 domains added (Low Detection) 1/36

Today I came across a new Antivirus 2009 binary with a 1 out of 36 detection ratio on VirusTotal. The session starts at antivirus-best.com and that page is reduced to a pop-up message, as usual. Then we are briefly taken to voodoorevenue.com where the affilliate information for the malware creators is sent and then redirected to the point of download, protection-overview.com.

more info here...
b0674e8e6c99de286a62b2fde5358110

e-card.exe threat (Braviax + XP AntiSpyware 2009)

A new wave of e-card malspam is going out. The e-mail arrives spoofed as 123greetings.com and installs XP Antivirus 2009 once on the computer.

906d95a9d5aa5db06ebb24f7168de0fe

Full details here...

Another Antivirus 2009 installer (0/36 on VirusTotal)

We came across a fully undetected Antivirus 2009 installer today.

Site:

* hxxp://85.17.166.170/go/?cmp=nm_ron2&uid=f8a0d9628fbb11dd95e4166350cfffff&rid=gl2vmclr&guid= 5b20e5c3232d4440b6234368749a6d3a&affid=166350&lid=http&url=http:%2F%2Fwww.google.com%2F&v=1145&m=an2g
o hxxp://freeonlinescanner9.com/_download.php?aid=77052204&dlth=19
+ hxxp://vassariumbig.com/download/av_2009.exe

c074384af50971632df88de847c89233

More info here...

New Rogue - eAntivirusPro

Today we discovered a new rogue called eAntivirusPro. After researching the new rogue we found that the template for the site was sold on a Russian Freelance site, which is one of the first templates we have seen contracted from a public freelance site.

more info here...

8c396fbdacce214de2e86354a77350d2

Total Secure 2009

We discovered a new Total Secure 2009 domain today. The binary the site distributes is only detected by 3 out of 36 AV engines according to VirusTotal.

206d7b4425c01d9b5e839e7604da5531

more information here...

New Rogue - Smart Antivirus 2009

A few days ago, the team at Sunbelt discovered a new rogue called Smart Antivirus 2009. Today we discovered new Smart Antivirus 2009 domains. We inspected the file (setup.ver1_1000.0_.exe) and found that only 2 out 36 companies detected it via VirusTotal.

8482252a4293d5f4ba1f39b77b447920

More info on the site...

Antivirus 2009...brought to you by motigo?

A colleague called me today stating that his website was the victim of a hack and he did not know what to do. He was frantic and said that his website was distributing Antivirus 2009, so I decided to take a look at it and Lo and behold, we found Antivirus 2009 being distributed from their ad system. For those who don’t know what Antivirus 2009 is, it’s a rogue (fake) security product.

See the full post here....

0570484b66e9a139d8fd0a71f5448957

Antivirus 2009 (video)

Sites: hxxp://antivirusworld9.com -> hxxp://scanthnet.com -> hxxp://innovagest2000sl.com
Files: AV2009Install_*.exe (0570484B66E9A139D8FD0A71F5448957)
VirusTotal Result: 4/36 (11.11%)
MDB: /lithium-malware/AV2009Install.zip

See the full post...

0570484b66e9a139d8fd0a71f5448957

Syndicate content