Fake AV malware campaign - 2012-06-19
Last Updated: 2012-06-19 10:26:16 UTC - "... 'vulnerabilityqueerprocessbrittleness . in' is currently one of 600+ domains that link to a quite prevalent "Fake Anti-virus" malware campaign. Currently, the domains associated to this scam all point to web servers hosted in the 204.152.214.x address range, but of course the threat keeps "moving around" as usual... The current set of threats involves frequently changing malware EXEs (or EXEs inside of ZIPs) with low coverage on virustotal. The download URLs usually follow the pattern of http ://bad-domain. in/16 character random hex string/setup.exe or /setup.zip .
Example: http ://fail-safetytestingcontrol. in/fc1a9d5408b7e17d/setup.exe ..."