Friday, January 30, 2009

System Guard 2009

System Guard 2009

System Guard 2009 is a rogue security application. Its a near clone of Spyware Guard rogue Security application.

Thanks to Malekal for the screeny.


More info on Malekal forum here.

Bharath M N

SysAntivirus 2009

SysAntivirus 2009

SysAntivirus 2009 is a new rogue security application from WinSpywareProtect family.

More info here.

Bharath M N

Tuesday, January 27, 2009

IE Security

IE Security

IE Security is the new rogue security application from IEDefender family.

More info here.

Bharath M N

Sunday, January 25, 2009

Total Defender

Total Defender

Total Defender is a new rogue security application. More info here

Bharath M N

Saturday, January 24, 2009

Zlob Trojan is it the END?

Zlob Trojan is it the END?

Andy @Security Cadets wrote a blog post about a potential end of Zlob Trojan.

I have been following up on this Trojan for quite some time, SpyAxe being the first Zlobvertised rouge and Astrum Antivirus Pro being the last one.

iSafe AntiVirus another rogue from this gang was supposed to be replacing Astrum Antivirus Pro but fortunately termination of Zlob dint see this rogue getting Zlobvertised.

Vcodec.com is said to be the first site to begin the fake codec scam and Bspltools.com seems to be the last site used for the fake codec scam (not sure if this was the last site)

S!Ri’s SmitfraudFix is one of the tool the was instrumental is assimilating this scam. Patrick Jordan’s site has the historical records of various sites used in Zlob scam. You can find the site here.

Recently S!Ri found an message left by Zlob developers in reply to Microsoft’s blog post.

Hidden Message:

For Windows Defender's Team:
I saw your post in the blog (10-Oct-2008) about my previous message.
Just want to say 'Hello' from Russia.
You are really good guys.
It was a surprise for me that Microsoft can respond on threats so fast.
I can't sign here now (he-he, sorry), how it was some years ago for more seriously vulnerability for all Windows ;)
Happy New Year, guys, and good luck!

P.S. BTW, we are closing soon. Not because of your work. :-))
So, you will not see some of my great ;) ideas in that family of software.
Try to search in exploits/shellcodes and rootkits.
Also, it is funny (probably for you), but Microsoft offered me a job to help
improve some of Vista's protection. It's not interesting for me, just a life's irony.

It’s really good news that 4 years of Zlob trojans malicious trot finally comes to an end . The malware author also mentions “Try to search in exploits/shellcodes and rootkits”

So look out for the new scams that is on its way.

Bharath M N

P.S if you find any mistake in the Zlob history outlined please feel free to drop in a comment.

Friday, January 23, 2009

Antivirus XP Pro

Antivirus XP Pro

Antivirus XP Pro is a new rogue security application. Antivirus XP Pro is a clone of Real Antivirus rogue security application. This rogue is distributes through VxgameTrojan infection

Site Associated:
77.91.225.235 Antivirusxppro2009 com

More info here on Malekal forum.

Bharath M N

Thursday, January 15, 2009

Spyware Protect 2009

Spyware Protect 2009

Spyware Protect 2009 is new rogue security application.

Screenshot of Spyware Protect 2009 application


Information on Malekal forum

Sites involved:

94.247.3.17        Av10antivir com
91.207.117.244   Sp-protect2009 com
91.207.117.244   Spwprotect2009 com
91.207.117.244   Spyprotect2009 com
91.207.117.244   Spywprotect2009 com
91.207.117.244   Swp2009 com
91.207.117.245   Spywprotect com

Stay away from all these sites.

Bharath M N

Saturday, January 3, 2009

Total Protect 2009

Total Protect 2009

A new and unique rogue. More info here.

Bharath M N

Thursday, January 1, 2009

New Rogues

New Rogues


More rogue security application seen in December.

Astrum Antivirus Pro

iSafe AntiVirus

Express Antivirus 2009

More info here

Bharath M N