I'm completing some research on what we feel will be the most important security issues in 2009. Please take a minute to respond to our poll.
Almost everyday our viewers ask us about Rogue anti-malware software. Out of all of the questions we receive, the most common is “When will these attacks stop?” The sad truth is that we cannot see an end to this problem in near sight. As long as the malicious individuals are able to trick or force users into downloading, installing, and eventually paying for their fake “Rogue” anti-malware products, they will continue to develop and push the envelope.
Today I came across a new Antivirus 2009 binary with a 1 out of 36 detection ratio on VirusTotal. The session starts at antivirus-best.com and that page is reduced to a pop-up message, as usual. Then we are briefly taken to voodoorevenue.com where the affilliate information for the malware creators is sent and then redirected to the point of download, protection-overview.com.
We came across a fully undetected Antivirus 2009 installer today.
* hxxp://188.8.131.52/go/?cmp=nm_ron2&uid=f8a0d9628fbb11dd95e4166350cfffff&rid=gl2vmclr&guid= 5b20e5c3232d4440b6234368749a6d3a&affid=166350&lid=http&url=http:%2F%2Fwww.google.com%2F&v=1145&m=an2g
Today we discovered a new rogue called eAntivirusPro. After researching the new rogue we found that the template for the site was sold on a Russian Freelance site, which is one of the first templates we have seen contracted from a public freelance site.
A few days ago, the team at Sunbelt discovered a new rogue called Smart Antivirus 2009. Today we discovered new Smart Antivirus 2009 domains. We inspected the file (setup.ver1_1000.0_.exe) and found that only 2 out 36 companies detected it via VirusTotal.
A colleague called me today stating that his website was the victim of a hack and he did not know what to do. He was frantic and said that his website was distributing Antivirus 2009, so I decided to take a look at it and Lo and behold, we found Antivirus 2009 being distributed from their ad system. For those who don’t know what Antivirus 2009 is, it’s a rogue (fake) security product.