Monday, March 3, 2008

New Scam Tactics

New Scam Tactics

Till now we have seen scammers using “Video ActiveX Object Error” and “Image ActiveX Object Error” bogus error to bait users into downloading Trojan horse disguised as codec.

Recently they have come up with a new tactic and started using “Virus Scanner ActiveX Object Error” well the scammers seems to directly dump the rogue security application rather than having the Trojan horse to do the dirty work.

The latest Rogue on the internet “LastDefender” has been seen using this tactic.

Here is the list of screenshots of the "Scare scan"/"Fake scan" scam sites used by LastDefender

Bogus "Antivirus Software Error" message

The Rogue uses the following sites:

Site Name:
IP Address:

This is the “LastDefender” home page

Site Name:
IP Address:

This is the “LastDefender” scare scan/Fake scan pages.

Screenshot of the “LastDefender” Application

The installer from the site was scanned and here are the results:

Virustotal Scan Result: 10/32 (31.25%)

AVG 2008.03.02 Downloader.Generic6.AGDQ

CAT-QuickHeal 9.50 2008.03.01 TrojanDownloader.FraudLoad.h

Fortinet 2008.03.03 W32/Dloader.CDG!tr

F-Prot 2008.03.02 W32/Heuristic-217!Eldorado

F-Secure 6.70.13260.0 2008.03.03 W32/Downloader.JDU

Kaspersky 2008.03.03 Trojan-Downloader.Win32.FraudLoad.h

Microsoft 1.3301 2008.03.03 Trojan:Win32/Malagent

Norman 5.80.02 2008.02.29 W32/Downloader.JDU

Symantec 10 2008.03.03 Downloader.MisleadApp

Webwasher-Gateway 6.6.2 2008.03.03 Riskware.Fake.Lastdefe.3

Stay away from these sites.

Bharath M N

blog comments powered by Disqus