http://msmvps.com/blogs/hostsnews/archive/tags/Pandora+Software/default.aspxTags: Pandora SoftwareenCommunityServer 2008.5 SP2 (Build: 40407.4157)http://msmvps.com/blogs/hostsnews/archive/2008/08/26/1645917.aspxWed, 27 Aug 2008 04:09:00 GMTd67277c4-116b-43f1-b688-e9ef184ea916:1645917winhelp20024http://msmvps.com/blogs/hostsnews/archive/2008/08/26/1645917.aspx#comments<p>I&#39;ve commented about this subject before ... and I have still not changed my mind ... NO No No ...</p> <p>Recently the <a target="_blank" href="http://sunbeltblog.blogspot.com/2008/08/continuing-problem-of-malware-being.html">SunBelt blog</a> touched on this, and I thought I&#39;d provide a good example ...</p> <p><img width="503" src="http://mvps.org/winhelp2002/blog/avxp-2008.gif" height="501" style="border:1px solid black;" alt="" /></p> <p>&quot;<em>Tested by g0Ogle</em>&quot; ... I think not! ... if a user happens to click that &quot;Sponsored Link&quot; ... they end up here ...</p> <p><img width="565" src="http://mvps.org/winhelp2002/blog/avxp-20082.gif" height="553" style="border:1px solid black;" alt="" /></p> <p>So not only do these culprits want to whack you with a infectious ActiveX (<em>virusremover.dll</em>) they also want you to click the &quot;Remove All&quot; button to install their fake antispyware program and all the other nasties that come with it ... my AV NOD32 v3 however doesn&#39;t think that would be a good idea ...</p> <p><img width="300" src="http://mvps.org/winhelp2002/blog/avxp-20083.gif" height="144" style="border:1px solid black;" alt="" /></p> <p>Submitting &quot;<em>virusremover.dll</em>&quot; to <a target="_blank" href="http://www.virustotal.com/analisis/8758b1d10f81d5bfe002b2919ce94fb5">VirusTotal</a> gives the following <strong>Result: 23/36 (63.89%)</strong> </p> <p><img width="527" src="http://mvps.org/winhelp2002/blog/avxp-20084.gif" height="235" style="border:1px solid black;" alt="" /></p> <p>Notice that <strong>Ask</strong> routes their Sponsored Result thru Google then redirects to the (un)desired site ...<br />&quot;avxp-2008(dot)net&quot; is yet another site maintained by the &quot;Pandora Software Group&quot;</p> <p>I could provide many more examples ... but you get the idea ... even these &quot;<a target="_blank" href="http://en.wikipedia.org/wiki/Domain_parking" title="Wikipedia description of Parked Sites">Parking Services</a>&quot; use these type of practices in their fake Sponsored Results on &quot;Parked&quot; sites ... and that why I include many of their sites as entries in the <a target="_blank" href="http://www.mvps.org/winhelp2002/hosts.htm">HOSTS file</a> ... everyone is glad to take the <strong>$$$</strong> provided by these clients, but very few services are willing to investigate these clients prior to hosting their content ...</p><div style="clear:both;"></div><img src="http://msmvps.com/aggbug.aspx?PostID=1645917" width="1" height="1">Pandora Softwarehttp://msmvps.com/blogs/hostsnews/archive/2008/04/16/1591440.aspxThu, 17 Apr 2008 01:02:00 GMTd67277c4-116b-43f1-b688-e9ef184ea916:1591440winhelp20020http://msmvps.com/blogs/hostsnews/archive/2008/04/16/1591440.aspx#comments<p>Following up on a article from our friends at BleepingComputer &quot;<a class="" href="http://www.bleepingcomputer.com/malware-removal/malware-bell" target="_blank">How to remove Malware Bell</a>&quot; we find:</p> <p>&quot;<em>Malware Bell is a rogue anti-spyware from the same developers as IE Defender and Files Secure. Malware Bell is installed and advertised through the use of Trojans that are installed as Internet Explorer Browser Helper Objects</em>.&quot;</p> <p><img height="436" alt="" src="http://mvps.org/winhelp2002/blog/malwarebell3.gif" width="599" border="0" /></p> <p>These people are so lame they can&#39;t even write their own detections ... (highlighted in red) it&#39;s actually from McAfee ... </p> <p><img height="454" alt="" src="http://mvps.org/winhelp2002/blog/malwarebell2.gif" width="516" border="1" /></p> <p>As you can see there are several redirects when you [choke] attempt to purchase their bogus product ... the sad part is here is <a class="" href="http://msmvps.com/blogs/hostsnews/archive/2008/04/11/1582513.aspx">another example</a> of &quot;ipsCA&quot; issuing certificates to known bogus products ...</p> <p><img height="332" alt="" src="http://mvps.org/winhelp2002/blog/malwarebell.gif" width="432" border="1" /></p> <p>I found the exact same thing with &quot;VirusIsolator&quot; which Symantec <a class="" href="http://www.symantec.com/security_response/writeup.jsp?docid=2008-041610-1005-99" target="_blank">detects and describes</a> as:<br />&quot;<em>The program reports false or exaggerated system security threats on the computer.&quot;</em></p> <p>So I have to ask ... <strong>ipsCA what are you thinking!</strong></p> <p>&quot;installed and advertised through the use of Trojans&quot; ... &quot;reports false or exaggerated system security threats&quot;</p> <p>Yes I did contact ipsCA previously and all I got back was an automated reply with a &quot;<em>Support:276800</em>&quot; ...</p><div style="clear:both;"></div><img src="http://msmvps.com/aggbug.aspx?PostID=1591440" width="1" height="1">Pandora Software