Sunday, March 22, 2009

Campaign scareware infection through false Windows Explorer

The strategies of deception are the main feature that uses the scareware to generate fear in the user and ensure the implementation of your installer. While the excuses that are used for deception are numerous, some more appealing than others, each time is more of an increase in efforts to devise strategies and create more sophisticated.

In this case, deception is focused on presenting a line of scanning equipment that always ends by finding problems of infection, providing the download of the alleged security tool which will solve the problems. All completely false.

When the user first accesses a malicious page, an alert warns about the potential possibility that our team has been the victim of malicious code.

At this time there is a simulation of scanning equipment that is represented by a fake windows explorer and an animated gif that shows the progress bar indicating the progress of the scan, then display a popup window with the nomenclature of alleged threats found in the system.

This image, which offers two options ( "Remove all" and "Cancel") is another layer of deceit, because no matter what sector of the image is clicked, it produces the same effect: download the installer of malware. A file called install.exe md5 which is 8eed59709de00e8862d6ce3d5e19cb4a.

Some of the web addresses that are actively exploiting this malicious activity include:

stabilityaudit.com (209.44.126.22)
websscan.com
goscanbay.com (78.159.101.27)

goanyscan.com
goscanever.com
goscanfuse.com

goscanit.com

goscanonly.com

goscanslot.com

gowayscan.com

in4co.com

in4ik.com

megascan4.com

www.goscanonly.com

www.homescan4.com

easywinscanner17.com (209.249.222.48)

fast-antimalware-scanner.com (194.165.4.7)

fastantimalwarescan.com (78.47.91.153)

However, professionals seeking to refine its creators will try to cover as much of the "public" as possible by deploying a strategy of infection in several languages.

Even downloading malware variants thereof. In this way, the creators of scareware trying to fill the two languages most commonly used worldwide as are English and Spanish.

Spanish version

# Jorge Mieres

No comments: