Wednesday, August 15, 2007

NewMediaCodec





[Newmediacodec.com] Definitely a malicious website. The website claims to avail a free entertainment community that empowers users to create, view and organize compelling and original rich-media content, but actually it distributes Trojans.

The website allows user to view videos online, but the catch is; the site displays a message stating that you need to download a codec to view the video. The download which purports to be a necessary upgrade to Windows Media Player for viewing porn or adult oriented videos on the website installs Trojan and rootkits on the system. The Trojan further downloads and installs additional malware on the infected system.

The site Registration details:

Registrar: DIRECT INFORMATION PVT LTD D/B/A PUBLICDOMAINREGISTRY.COM
Whois Server: whois.publicdomainregistry.com
Referral URL: http://www.publicdomainregistry.com/

Expiration Date: 2008-01-05
Creation Date: 2007-01-05
Last Update Date: 2007-03-07

For additional information on the installer files available on newmediacodec.com site follow the links:

Sunbelt Bit9 Prevx

Stay away from this website.

Bharath M N

Tuesday, August 14, 2007

YET ANOTHER NEW FAKE CODEC SITE ON THE LOOSE


The downloads from the site [fast-ticket.net] informs the user that it will improves video and audio quality or permit you to view free porn videos on line, but installing this codec will actually install harmful Trojan horse program on the system.

Usually these sites install fake zlob codec Trojan on the system.Stay away from these sites.

The site Registration details:

Registrar: ESTDOMAINS, INC.
Whois Server: whois.estdomains.com

Expiration Date: 2008-04-25
Creation Date: 2007-04-25
Last Update Date: 2007-08-09

Bharath M N

Monday, August 13, 2007

ANOTHER NEW FAKE CODEC SITE ON THE LOOSE





The downloads from the site [yourcodec.com] informs the user that it will improves video and audio quality or permit you to view free porn videos on line, but installing this codec will actually install harmful Trojan horse program on the system.

Usually these sites install fake zlob codec Trojan on the system. The installer from this website also uses %program files%XXXplugin folder to dump the malicious DLL's. The detection is really poor for the download avaliable on yourcodec.com. Stay away from these sites.

The site Registration details:


Registrar: ESTDOMAINS, INC.
Whois Server: whois.estdomains.com
Referral URL: http://www.estdomains.com/


Expiration Date: 2008-04-16
Creation Date: 2007-04-16
Last Update Date: 2007-08-11


Bharath M N

Wednesday, August 8, 2007


Another New Rogue Security Applciation On The Loose





AntiSpyGolden





A new rogue security application is on the loose. The applciation is a clone of AntiVirusGolden family of rogue Security applciations. The applciation is installed on the user system through various trojan horse programs and other suspicious means.


The site Registration details:


Registrar: ESTDOMAINS, INC.

Whois Server: whois.estdomains.com



Expiration Date: 2008-07-16

Creation Date: 2007-07-16

Last Update Date: 2007-07-18


ScreenShot of AntiSpyGolden Applciation



Once AntiSpyGolden trial version is installed on the system it mimics a system scan and reports large number of fake spyware infection. It then offers the user to buy the full version to remove the reported risks. Right now only SunBelt is capable of detecting and removing the Rogue security applcaiton.




Stay away from these scammer sites.



BHARATH M N

Tuesday, August 7, 2007

ANOTHER FAKE CODEC SITE ON THE LOOSE




The downloads from the site [totalcodec.com] informs the user that it will improves video and audio quality or permit you to view free porn videos on line, but installing this codec will actually install harmful Trojan horse program on the system.

Usually these sites install fake zlob codec Trojan on the system. The installer from this website uses %program files%XXXplugin folder to dump the malicious DLL's. The detection is really poor for the download avaliable on totalcodec.com. Stay away from these sites.

Bharath M N

Sunday, August 5, 2007

A Suspicious Looking New Security Application


A new security application is launched on the last week of July. The application is named as WinXDefender.

Screen shot of WinXDefender website:



Screen shot of WinXDefender application:



The application scan displayed a few spyware infections (some were imaginary and some were false detection), the trial version of the application doesn’t provide any option to remove the threat detected on the system. This is a routine technique used by rogue security application to hoax users into purchasing the full version of the application..

The application should be further evaluated to flag it malicious. When the installer file was scanned in virustotal.com, none of the 30 scanners flagged this application as malicious.

New security application but sure is suspicious… think twice before installing or purchasing the application.

Bharath M N

NEW FAKE CODEC SITE

NEW FAKE CODEC SITE


The download from the site [hotelcodec.com] pretends to be a video codec for viewing porn online. Actually installing this codec will actually install harmful Trojan horse program on the system.

Usually these sites install fake zlob codec Trojan on the system. Stay away from these sites.

Bharath M N