New Scam Tactics
Till now we have seen scammers using “Video ActiveX Object Error” and “Image ActiveX Object Error” bogus error to bait users into downloading Trojan horse disguised as codec.
Recently they have come up with a new tactic and started using “Virus Scanner ActiveX Object Error” well the scammers seems to directly dump the rogue security application rather than having the Trojan horse to do the dirty work.
The latest Rogue on the internet “LastDefender” has been seen using this tactic.
Here is the list of screenshots of the "Scare scan"/"Fake scan" scam sites used by LastDefender
Bogus "Antivirus Software Error" message
The Rogue uses the following sites:
Site Name: Thelastdefender.com
IP Address: 78.31.211.57
This is the “LastDefender” home page
Site Name: LastDefender.net
IP Address: 78.31.211.45
This is the “LastDefender” scare scan/Fake scan pages.
Site Name: Thelastdefender.com
IP Address: 78.31.211.57
This is the “LastDefender” home page
Site Name: LastDefender.net
IP Address: 78.31.211.45
This is the “LastDefender” scare scan/Fake scan pages.
Screenshot of the “LastDefender” Application
The installer from the site was scanned and here are the results:
Virustotal Scan Result: 10/32 (31.25%)
AVG 7.5.0.516 2008.03.02 Downloader.Generic6.AGDQ
AVG 7.5.0.516 2008.03.02 Downloader.Generic6.AGDQ
CAT-QuickHeal 9.50 2008.03.01 TrojanDownloader.FraudLoad.h
Fortinet 3.14.0.0 2008.03.03 W32/Dloader.CDG!tr
F-Prot 4.4.2.54 2008.03.02 W32/Heuristic-217!Eldorado
F-Secure 6.70.13260.0 2008.03.03 W32/Downloader.JDU
Kaspersky 7.0.0.125 2008.03.03 Trojan-Downloader.Win32.FraudLoad.h
Microsoft 1.3301 2008.03.03 Trojan:Win32/Malagent
Norman 5.80.02 2008.02.29 W32/Downloader.JDU
Symantec 10 2008.03.03 Downloader.MisleadApp
Webwasher-Gateway 6.6.2 2008.03.03 Riskware.Fake.Lastdefe.3
Stay away from these sites.
Bharath M N
