Skip navigation.

lithium's blog

What do you consider to be the most important security issue for 2009?

I'm completing some research on what we feel will be the most important security issues in 2009. Please take a minute to respond to our poll.

Take poll:


Exploiting human weakness with AntivirusPro 2009

Almost everyday our viewers ask us about Rogue anti-malware software. Out of all of the questions we receive, the most common is “When will these attacks stop?” The sad truth is that we cannot see an end to this problem in near sight. As long as the malicious individuals are able to trick or force users into downloading, installing, and eventually paying for their fake “Rogue” anti-malware products, they will continue to develop and push the envelope.

More information here...


Antivirus 2009 - 2 files added - 5 domains added (Low Detection) 1/36

Today I came across a new Antivirus 2009 binary with a 1 out of 36 detection ratio on VirusTotal. The session starts at and that page is reduced to a pop-up message, as usual. Then we are briefly taken to where the affilliate information for the malware creators is sent and then redirected to the point of download,

more info here...

e-card.exe threat (Braviax + XP AntiSpyware 2009)

A new wave of e-card malspam is going out. The e-mail arrives spoofed as and installs XP Antivirus 2009 once on the computer.


Full details here...

Another Antivirus 2009 installer (0/36 on VirusTotal)

We came across a fully undetected Antivirus 2009 installer today.


* hxxp:// 5b20e5c3232d4440b6234368749a6d3a&affid=166350&lid=http&
o hxxp://
+ hxxp://


More info here...

New Rogue - eAntivirusPro

Today we discovered a new rogue called eAntivirusPro. After researching the new rogue we found that the template for the site was sold on a Russian Freelance site, which is one of the first templates we have seen contracted from a public freelance site.

more info here...


Total Secure 2009

We discovered a new Total Secure 2009 domain today. The binary the site distributes is only detected by 3 out of 36 AV engines according to VirusTotal.


more information here...

New Rogue - Smart Antivirus 2009

A few days ago, the team at Sunbelt discovered a new rogue called Smart Antivirus 2009. Today we discovered new Smart Antivirus 2009 domains. We inspected the file (setup.ver1_1000.0_.exe) and found that only 2 out 36 companies detected it via VirusTotal.


More info on the site...

Antivirus 2009...brought to you by motigo?

A colleague called me today stating that his website was the victim of a hack and he did not know what to do. He was frantic and said that his website was distributing Antivirus 2009, so I decided to take a look at it and Lo and behold, we found Antivirus 2009 being distributed from their ad system. For those who don’t know what Antivirus 2009 is, it’s a rogue (fake) security product.

See the full post here....


Antivirus 2009 (video)

Sites: hxxp:// -> hxxp:// -> hxxp://
Files: AV2009Install_*.exe (0570484B66E9A139D8FD0A71F5448957)
VirusTotal Result: 4/36 (11.11%)
MDB: /lithium-malware/

See the full post...


Syndicate content