Results 1 to 10 of 1320

Thread: SPAM frauds, fakes, and other MALWARE deliveries...

Threaded View

Previous Post Previous Post   Next Post Next Post
  1. 2015-12-19, 14:19 #34
    AplusWebMaster
    AplusWebMaster is offline
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Thumbs down PUPs Masquerade as Installer for Antivirus and Anti-Adware

    FYI...

    PUPs Masquerade as Installer for Antivirus and Anti-Adware
    - https://blog.malwarebytes.org/online...d-anti-adware/
    Dec 18, 2015 - "... two pieces of programs claiming to be two different security software, being housed in a domain purporting to be a safe antivirus download hub. The destination in question, however, has been known to serve a -fake- Malwarebytes installer. The domain is antivirus-dld[DOT]com, and users must avoid visiting it or -block- it with their browsers. Below are screenshots of its subdomains where users can supposedly download the AVG and AdwCleaner programs:
    1. https://blog.malwarebytes.org/wp-con...015/12/avg.png
    ...
    2. https://blog.malwarebytes.org/wp-con...adwcleaner.png
    ... -both- installers show differences in file names and hashes, they exhibit more identical markings than what we see on the surface... AV engines detect these as variants of the SoftPulse family... As this “Thank you” GUI window is displayed, the supposed program, in this case AVG, is then downloaded and installed automatically. Users can’t see this happening at first because the installer’s GUI is overlaying the real program’s GUI:
    > https://blog.malwarebytes.org/wp-con...5/12/avg05.png
    Immediately after installation, the default browser opens to reveal an advertisement of an online dating site. We reckon that various ads are randomized:
    > https://blog.malwarebytes.org/wp-con...5/12/avg06.png
    Clicking -any- of these links directs users to magno2soft[DOT]com, a domain that the Google Chrome browser blocks, tagging it as malicious. Additionally, we did a quick look up of their “24/7 free support” phone number—(+1) 844 326 2917—to see if something comes up. It turns out that this number is also used by -other- domains... We have also noted that their contents are also identical to Magno2soft’s. Be advised to -not- visit these sites as some of them automatically download an executable file... Domains like antivirus-dld[DOT]com may only appear legitimate, but they’re just hubs distributing pieces of software you may not want lurking in your hard drive."

    antivirus-dld[DOT]com: 23.229.195.163: https://www.virustotal.com/en/ip-add...3/information/

    magno2soft[DOT]com: 178.33.154.37: https://www.virustotal.com/en/ip-add...7/information/
    > https://www.virustotal.com/en/url/58...9b8c/analysis/

    Last edited by AplusWebMaster; 2015-12-19 at 17:13.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules