Friday, December 14, 2007

wincodecdownload.com

Wincodecdownload.com

Another malicious domain. The setup file available on the site is malicious. The setup file installs a malicious BHO which displays the following image below the browser address bar.


BHO Details:

Filename: IECodec.dll
Hijack this entry:
O2 - BHO: IECodecBHO - {4507C219-24AA-4813-9561-A2003F9920C3} - C:\Program Files\IECodec\IECodec.dll


Screeenshot taken after installing the malicious setup file.

Once you click on the link provided in the image it takes you to privacy-tower.com website. The site uses a scare scan tactics to scare the users into purchasing a rogue security application.

The site privacy-tower.com uses the IP address 206.161.200.43, which then redirects users into downloading Anti-Virus-Pro (from anti-virus-pro.com) a well documented Rogue security application.

The Privacy-Scanner.com and PrivacyTower.com are clone sites of privacy-tower.com which also redirects users into downloading Anti-Virus-Pro

Privacy-Scanner.com\PrivacyTower.com\Privacy-Tower.com Scare scan page
Further site vscodecsupport.com (203.121.111.143) works as a data repository for wincodecdownload.com.

Currently none of the security applications on Virustotal flags the setup file as malicious.

Only two scanners detect the BHO as malicious.

Virustotal scan Result: 2/32 (6.25%)

AntiVir 7.6.0.45 2007.12.13 HEUR/Malware
Webwasher-Gateway 6.6.2 2007.12.13 Heuristic.Malware


Stay away from these sites.

Bharath M N

blog comments powered by Disqus