Friday, March 6, 2009

Aggressive strategy of XP Police Antivirus infection

After commenting on the campaign of social engineering visual used by the scareware Police XP Antivirus, we find an extra condiment also trying to exploit fully the social engineering in the natural features of the human factor.

The same domain from which you download the binary install.exe is used to disseminate another trojan, through a fake PornTube page; codec.exe (MD5: a90e8a945f5cce31db00cac14a26418c), also belonging to the family of Police XP Antivirus.

When the infected computer, the trojan makes shortcuts on the desktop of the user referring to the following websites to spread spam by:

Cheap Pharmacy Online >> http://www.quality-rx .com/?fid=1056
Cheap Software >> http://allisoftware .com
VIP Casino >> http://affiliate.goldvipclub .com/remote/SmartDownload.asp?affid=760
MP3 Download >> http://www. mp3sale .ru/?pid=507
SMS TRAP >> http://www.smstraper .com/go/MTEzOjA=/
Search Online >>http://www.adultwebfind .com/search .php?aid=16851&keyword=sex

When you open the shortcut VIP Casino download the executable SmartDownload.exe (MD5: 0f47f132f9e3d2790a6b27ffc2c502b0), and MP3 Download direct access to the http://xp-police-09 domain .com/lands/error/ from where one is deployed new strategy of deception by simulating an error.

After a few seconds, you begin to experience the pop-up windows to display alerts on suspected infections and applications to register the fake program.

However, until this instance, actions can be viewed by the victim, but still happening in the background of other actions that directly involve the downloading of the components of the scareware XP Police Antivirus.

Related Information
Campaign spreading XP Antivirus Police through Visual Social Engineering - Spanish version
New strategy of social engineering to spread IE Defender - Spanish version

# Jorge Mieres

1 comment:

Gaurav Marjara said...

Nice post.Your post is very iformative.Thanks for sharing useful information Police XP Antivirus. This is nice antivirus but my point of view Antivirus Wizard is good for security software. I am using Antivirus Wizard from last month and I have never any problems in my computer because i am using of Antivirus Wizard Software .

Free Antivirus Comparison
Free Antivirus Comparisons
Full antivirus