New Malware v19

M

Matt

New member
Alpha Testers OpenSBI Expert
I've collected detection rules for the following Malware:
  • Adware.FunWebProducts
  • Adware.GameVance
  • Adware.Unknown
  • Adware.Zango
  • Keylogger.RealSpy
  • Keylogger.SoftForYou
  • Malware.Smitfraud
  • PUPS.MYWebSearch
  • Rogue.AntiMalwareSuite
  • Rogue.AVCare
  • Rogue.BugDoctor
  • Rogue.PersonalAntivirus
  • Rogue.ProtectionSystem
  • Rogue.SystemGuard2009
  • Roge.WindowsAntivirus
  • Rogue.WindowsAntivirusPro
  • Rogue.WinAntiVirusPro2007
  • Rogue.XP Deluxe Protector
  • Spyware.AdRotator
  • Spyware.Marketscore.RelevantKnowledge
  • Suspicious(8)
  • Trojan.Agent(13)
  • Trojan.Backdoor.Jupdate
  • Trojan.BHO
  • Trojan.Clicker
  • Trojan.Downloader
  • Trojan.FakeAlert
  • Trojan.Podnuha.Rootkit
  • Trojan.Unknown(8)
  • Trojan.Virtumonde
  • Worm.Koobface
  • Worm.VB
  • Worm.Voumit.A
 
Wow, Youku's iKu application contains Smitfraud? I'm rather surprised, seeing how Youku is like the Youtube of China (i.e. it's a big company in China).

Are you sure this is not a false positive?
 
Matt rated the software naming itself after Youku iKu as suspicious, it has not been targeted as part of Smitfraud-C.

Since Youku's website does not appear to feature a downloadable software of this kind, a software naming itself as part of Youku and starting in autorun is very suspicious.

If you have a download link for Youku iKu software please provide it and we can check it out.
 
Yodama said:
Matt rated the software naming itself after Youku iKu as suspicious, it has not been targeted as part of Smitfraud-C.

Since Youku's website does not appear to feature a downloadable software of this kind, a software naming itself as part of Youku and starting in autorun is very suspicious.

If you have a download link for Youku iKu software please provide it and we can check it out.
Click to expand...

Here you go: http://desktop.youku.com/iku/iku_setup.exe
 
Last edited by a moderator:
Thank you for providing the download link.
I have checked the software and confirm a false positive, it will be fixed with the next update scheduled for Wednesday 2009-10-21.
 
You must log in or register to reply here.
Back
Top