Tuesday, March 25, 2008

New Member of SpywareNo\ SpySheriff Family

New Member of SpywareNo\ SpySheriff Family


DataHealer is new rogue security application from the SpywareNo\ SpySheriff Family. The application is installed on the user system through various Trojan horse programs and other dubious means.

Site Name: DataHealer.com
IP Address: 69.50.166.140
Registrar: ESTDOMAINS, INC.


Screenshot of DataHealer.com Site



Once you install DataHealer trial version on the system, the application mimics a system scan and reports large number of imaginary spyware infection. It then offers the user to buy the full version to remove the reported risks.

The scammers are just changing the file, application and site names to push this rogue security application. They are following this method to avoid detection from Security applications.


Screenshot of DataHealer application



The installer from the site was scanned and here are the results:

VirusTotal Scan Result: 9/32 (28.12%)

AhnLab-V3 2008.3.26.0 2008.03.25 Win-Trojan/Bravesent.39424
Ikarus T3.1.1.20 2008.03.25 Application.Win32.AdWare.SpySheriff
Kaspersky 7.0.0.125 2008.03.25 not-a-virus:FraudTool.Win32.SpySheriff.f
Microsoft 1.3301 2008.03.25 Program:Win32/SpySheriff
NOD32v2 2971 2008.03.25 a variant of Win32/Adware.SpySheriff
Norman 5.80.02 2008.03.25 SpywareLocker.A
Panda 9.0.0.4 2008.03.25 Suspicious file
Prevx1 V2 2008.03.25 Trojan.Downloader.Gen
VirusBuster 4.3.26:9 2008.03.25 Adware.SpySherif.Gen.2

Detection of the rogue is poor, Stay away from these scammer sites.

Bharath M N

blog comments powered by Disqus