February 2009 - Posts

Thu, Feb 26 2009 9:41

Bogus Video Decryption Tool

Landing on the following site the visitor is presented with a (bogus) message:
These Malware writers sure have a vivid imagination when it comes to messages to fool the public ...

As you can see you are redirected to "xp-police-09" for the download ... which my AV (NOD32) blocked ...

Also on the same IP block ... we find yet another bogus prompt ... look close it's an image not a prompt ... anyway this one falsely shows it from Microsoft. Yeah right! ... Microsoft's install prompts certainly do not look like that ... but I imagine some people will fall for this trick ...

However the download (DivX.Codec.8.0.beta.exe) is from "titmix. net"
The Google Diagnostic reports: "Malicious software includes 63 trojan(s)"

The Google Diagnostic report for "0dax" = "Malicious software includes 50 trojan(s)"

Posted by winhelp2002 with 2 comment(s)

Wed, Feb 25 2009 4:46

pcbutts1 now serving up Malware?

Recently I was advised of a new site (ms-mvp.org) that is redirecting to pcbutts1 .com ... which I have mentioned before, due to the fact that it was a rip-off of my HOSTS file ... as well as many other files that Butts falsely lays claim to ...

Let's take a "Google" look ... shall we ...

However when I attempt to download (npremove-itsetup.zip) my Antivirus NOD32 jumps up with the following warning then breaks the connection to prevent possible infection ...

It makes me laugh the Butts doesn't even deny hijacking my HOSTS file ... then modifying it to include legitimate security sites. Oh I see these are the ones that constantly expose Butts about what is really going on ...

The "ms-mvp.org" site is just another blatant attempt to legitimize Butts' false claim to being a Microsoft MVP ...

Posted by winhelp2002 with 4 comment(s)

Mon, Feb 23 2009 2:54

MyWebSearch goes Hardcore Adult

Sometimes while researching you end in in some surprising places ...

Clicking the above Google search link ... look what we find!

(Image edited)

MyWebSearch (MyFunCards) using the Microsoft format for an Information Bar prompt ... can't you people come up with anything better that copying someone else's idea? ... Anyway look at the type of content (adult video) that they are trying to attract new customers from ...

Not only that ... the prompt is a complete lie! ..."The video will start after you download it ..." simply clicking the embedded link in the video will allow the video to play without installing anything from MyWebSearch ... if you do fall for this deceptive prompt you end up at their Toolbar install ...

hxxp://ads.digitalalchemy.tv/hs.php?o=175
redirects to:
hxxp://www.myfuncards.com/dl/index.jhtml?partner=ZUxdm265&sub_id=29062&spu=true&theme=winter&ac=0

"Download the MyFunCards toolbar and you will be able to find and send a e-card for any holiday... Birthday's, Christmas, Mother's Day and much more. ..." and apparently Adult Videos too! It really makes you wonder "what were they thinking" ...

Posted by winhelp2002 with no comments

Filed under: MyFunCards

Mon, Feb 16 2009 4:40

How Malware is invading YouTube

While researching several codec type sites I happened to notice several links to YouTube for these sites

Although the video itself is safe to view ... notice the highlighted link to "view the full video" ...

These are teaser videos to get you to click the link ... and you guessed it = infected ...

(Images edited for display purposes)

Notice the message embedded in the teaser video ... yeah right ... "playofsex. com" redirects to "uporntube2009. com"

There are several other sites related to the above ... all are to be avoided ...

Google Diagnostic report for uporntube2009.com
Of the 52 pages we tested on the site over the past 90 days, 41 page(s) resulted in malicious software being downloaded and installed without user consent.

Google Diagnostic report for porntubenew.com
97 page(s) resulted in malicious software being downloaded and installed without user consent.

Google Diagnostic report for porn-tube09.com
22 page(s) resulted in malicious software being downloaded and installed without user consent.

Google Diagnostic report for tubeporn08.com
15 page(s) resulted in malicious software being downloaded and installed without user consent.

Google Diagnostic report for tubeporn09.com
20 page(s) resulted in malicious software being downloaded and installed without user consent.

Google Diagnostic report for xxxporn-tube.com
75 page(s) resulted in malicious software being downloaded and installed without user consent.

All of the above are hosted at Worldstream:

Hopefully Google/YouTube can find a way to keep these culprits from increasing this trend ... although you would think that Google would be able to cross-reference their own Diagnostic reports against submitted videos and links ...

Posted by winhelp2002 with no comments

Sun, Feb 15 2009 1:11

A double-wammy fake PornTube site

Landing on the following site not only prompts you with a fake "video decoder" ... look at the fake Antivirus scanner that tries to trick the visitor into thinking they are infected ... well you will be if you click either of these ...

As usual this download is not very well detected ... VirusTotal results here ... ThreatExpert has a detailed report of what happens to your machine should you become infected ... this one is very nasty!

"vidsxxxtube. com" redirects the download (3913181.exe) to a IP address - detected as "Win32/Adware.IeDefender.NIC"
"xp-police-av. com" (fake scanner) is detailed in the ThreatExpert report above ...

Although the Registrars and Hosting services shutdown hundreds of these type sites each week ... it seems that even more pop-up to take their place. As usual it's all about the almighty $$$ ... these Registrars charge these culprits for registering, then shut them down several weeks later ... only to claim that they are doing their part to combat the spread of malicious sites ... yeah right! ... then why do they continue to do business with the same culprits over and over? = $$$

Posted by winhelp2002 with no comments

Wed, Feb 11 2009 22:22

MVPS HOSTS File Update February-11-2009

The MVPS HOSTS file was recently updated [February-11-2009]
http://www.mvps.org/winhelp2002/hosts.htm

Download: hosts.zip (144 kb)
http://www.mvps.org/winhelp2002/hosts.zip

How To: Download and Extract the HOSTS file
http://www.mvps.org/winhelp2002/hosts2.htm

HOSTS File - Frequently Asked Questions
http://www.mvps.org/winhelp2002/hostsfaq.htm

Note: the "text" version makes a great resource for determining possible culprits ... (597 kb)
http://www.mvps.org/winhelp2002/hosts.txt

Sign up for HOSTS file update notices
http://www.mvps.org/winhelp2002/updates.htm

Posted by winhelp2002 with 1 comment(s)

Hosts News

This Blog

Syndication

Search

Tags

Community

Archives