New Member to MalwareWipe Family

New Member to MalwareWipe Family

Time to introduce a new member of MalwareWipe family; MalwareCore is the latest entry to MalwareWipe family of Rogue security application.

Screenshot MalwareCore.com Website:

MalwareCore is new rogue security application and a clone of MalwareWipe family of rogue Security applications. MalwareCore application is installed on the user system through Zlob Trojan programs, may be installed through exploits in the Windows Operating system and other dubious means.

Other Rogue Security applications of this family:
-->MalwareWipe
-->MalwareBurn

Site Name: MalwareCore.com
IP Address: 85.255.120.20
Registrar: ESTDOMAINS, INC.
Name Servers:
managedns1.esthost.com [69.50.182.18]

managedns2.esthost.com [69.50.183.26]

managedns3.esthost.com [69.50.182.18]

managedns4.esthost.com [69.50.183.26]

The site shares its IP with the following sites:

1. Malwareburn.com
2. Malwarewiped.com
3. Malwareray.com

All these sites distributes MalwareBurn Rogue security application.

Screenshot of MalwareCore Application:

Once you install MalwareCore trial version on the system, the application mimics a system scan and reports large number of imaginary spyware infection. It then offers the user to buy the full version to remove the reported risks.

The installer from the site was scanned and here are the results:

Virustotal Scan Result: 6/32 (18.75%)

Avast 4.7.1098.0 2008.02.02 Win32:Spycrush
Ikarus T3.1.1.20 2008.02.03 Virus.Win32.Spycrush.B
Kaspersky 7.0.0.125 2008.02.03 not-a-virus:FraudTool.Win32.MalwareWipe.q
Prevx1 V2 2008.02.03 Generic.Malware
Sophos 4.26.0 2008.02.03 Sus/ComPack-C
Symantec 10 2008.02.02 MalwareBurn

Stay away from these site.

Bharath M N