Wednesday, November 30, 2011

From Porn to Fake AV

From Porn to Fake AV
Recently read a post on Kaspersky blog

While looking at this rogue campaign, we noticed the following. A usual fake porn site asking the user to download the fake codec to view the video

 Fake porn site

On their website we saw template background images of AV's such as Avira, Kaspersky and Norton which are used in this campaign.

Unlike old rogue's what we have seen this campaign is a bit different. The malware file (fake codec) doesn't contain any GUI component in it.

You might ask how does it perform a fake/scare scan which is a crucial part of the rogue application. Well, to achieve this the campaign has used a very simple solution. Open Internet explorer and display a webpage, carry on the fake scanning stuff online through this web page.

 The web page opened by the malware uses one of the above mentioned template background image and mimics a scan.

Avira image scan template

Kaspersky image scan template

Norton image scan template

Once the fake scan is complete they use results.php to display the fake infections found on your system.

 Bare scan result without any AV background image

The final step in any rogue campaign is to make the user pay for the junk. Interestingly this campaign doesn't push the user to buy their product. (so far)

 Interesting???


Bharath M N

Tuesday, July 12, 2011

Facebook


Facebook

The best page I saw for quite sometime! now ppl get back to work :))

And this happens only with my account! Now that's cool.. :))

Cheers

Wednesday, December 8, 2010

Security Shield

Security Shield

Security Shield is the latest rogue that replaces the long running Security Tool rogue campaign.

Screenshot of Security Shield rogue application


Security Shield removal instructions here

Bharath M N

Three new rogues

Three new rogues

PC optimizer 2010, Privacy Corrector, Privacy Guard 2010 are the latest rogue security applications that has replaced ThinkPoint rogue security application.

Screenshot of Privacy Guard 2010 application

Screenshot of PC optimizer 2010 application

Screenshot of Privacy Corrector application


You can find the removal instructions here

Bharath M N

Friday, November 12, 2010

Internet Security Suite

Internet Security Suite

Internet Security Suite is the latest rogue security application from Virusdoctor rogue family.



More info here

Bharath M N

Monday, November 8, 2010

Security Inspector 2010

Security Inspector 2010

Security Inspector 2010 is a new rogue security application from Unvirex rogue family.



Screenshot of Security Inspector 2010 application


oops! some one forgot to change something here!!




Security Inspector 2010 removal instructions here

Bharath M N

Sunday, November 7, 2010

Security Essentials 2011

Security Essentials 2011

Security Essentials 2011 is a new rogue security application from Advanced Virus Remover rogue family. This rogue replaces Security Essentials 2010 rogue security application.

Screenshot of Security Essentials 2011 application


Security Essentials 2011 removal instructions here

Bharath M N

Wednesday, October 27, 2010

Antivirus Solution 2010

Antivirus Solution 2010

Antivirus Solution 2010 is a new rogue security application from Unvirex rogue family.

Screenshot of Antivirus Studio 2010 application


Bharath M N

Monday, October 25, 2010

System Tool

System Tool

System Tool is the latest rogue from System Security. This one is a clone of Total Security rogue security application.

Screenshot of System Tool application


System Tool removal instructions here

Bharath M N

ThinkPoint

ThinkPoint

ThinkPoint is the latest rogue security application that is campaigned through fake Microsoft Security Essentials Alert.

Screenshot of ThinkPoint application



ThinkPoint removal instructions here

Bharath M N