Thursday, August 8, 2013

Live Security Professional

Live Security Professional


Couple of days  ago our Friends @ ThreatTrack Security mentioned that Reveton Malware Family replaced Desktop Hijacking with classic Fake AV.

As we continue to see malware hijacking Desktop this particular malware campaign brings back the memory of classic Scareware/Fake AV.

Today we stumbled upon the ExploitKit that is pushing Live Security Professional rogue application.


Screenshot of Live Security Professional application

ExploitKit Details:
Landing page:  
MD5 : 2eeeaa69b70944cac8a30545b3f49b77  VT 2 / 45
URL: hxxp://beg.rocklandgrad.com/forum/wm/keys/board.php?connect=17

JAR Files:
MD5: e3675273325b7f7df3b13fe93cd30fac  VT  1 / 45
MD5: 8a6e45d16c82c4c79cbd7730207183ca VT  4 / 45
URL:  hxxp://beg.rocklandgrad.com/forum/wm/keys/WFolw
URL:  hxxp://beg.rocklandgrad.com/forum/wm/keys/7T8INre2

Payload:
MD5: e5a2409ad36943053135ba9bd3e08ba6 VT  3 / 45
URL:  Encrypted Binary
hxxp://down.jjconway.com/backend.php?nomic=638&main=7&watch=112&energy=1121&beta=400&bugs=134&linux=168&rates=371&apply=677&outdoors=1569755419



Bharath M N