Bharath's Security Blog: March 2009

Friday, March 27, 2009

Privacy Center

Privacy Center is a new rogue from XLG Security Center rogue Family.

Privacy Center removal instructions here

Bharath M N

The Active Rogue Family

Currently Virusdoctor rogue security family is busy clonning its rogue security application.

First came Virusdoctor then it was VirusMelt and now its VirusAlarm which will be replaced by Ultra Antivir 2009.

We have also observed that this rogue family is housing its installers on Google Code. This was reported here and here

Currently the Google Code project housing Ultra Antivir 2009 is still active. Google Code Team has done a good job in taking down the malicious project in a short span of time.

Virusdoctor removal instructions here
VirusMelt removal instructions here
VirusAlarm removal instructions here
Ultra Antivir 2009 removal instructions here

Sites assosiated with the new rogues

206.53.61.76 Virusalarm-scanvirus net
64.86.17.9 Virusalarmpro com
64.86.17.9 Ultraantivirus2009 com

Stay away from this rogue family.

Bharath M N

Tuesday, March 24, 2009

Rogue Repository

Google Code Project is once again being absued by scammers. This time the scammers are using Google Code to store/deliver rogue installers.

We observed that one of the Trojan downloader designed to infect the system with VirusMelt rogue security application was connecting to Google code to download the actual rogue installer.

Screenshot of the VMLT project on Google Code

The scammers have put up the code on Google code not to get highly ranked in the Google search index but to deliver malware to unsuspected users from a trusted source.

I am positive that Google will take care of such projects in a very short time.

Edit: Thanks to Google Code Team the project has been taken down!!

Bharath M N

Friday, March 20, 2009

Total Security

Thanks to Jaxryley @ Malwarebytes and Grinler @ BleepingComputer for the heads up.

Total Security is a new rogue security application. This is a clone of Antivirus 360 rogue security application.

Screenshot of Total Security application

Screenshot of Total Security site

You can find the removal instructions here.

Site involved:

194.165.4.7 Fullantispywareonlinescane.com
89.149.217.205 Antispywareupdateservice.com
212.117.165.126 Platinumsecurityupdate.com
78.47.248.113 Thankyouforinstall.cn
78.47.248.113 Powerfullantivirusproduct.com

Stay away from these sites.

Bharath M N

WinPC Defender

Thanks to S!Ri

WinPC Defender is a new rogue security application which is a clone of XP Police Antivirus

You can find the removal instructions here.

Site involved:

213.163.65.10 Win-pc-defender com

Stay away from this site.

Bharath M N

Wednesday, March 18, 2009

Renus 2008 Pro

Renus 2008 Pro is the new rogue security application.

More info here.

Bharath M N

Spyware Fighter

Spyware Fighter is a rogue security application.

Fake/Scare Scanner page used by Spyware Fighter

Screenshot of Spyware Fighter application

You can find the removal instructions here.

This group has also come up with a new rogue security application Spy Fighter. Spy Fighter is clone of Spyware Fighter.

Screenshot of Spy Fighter application

Sites involved:

92.62.101.123 Spw-fighter.com
92.62.101.123 Spwfighter.com
92.62.101.123 Spyware-fighter.com
92.62.101.130 Spwfight.com
92.62.101.132 Spw-fight.com
92.62.101.132 Spywarefighter2009.com
92.62.101.132 Spywarefighter2k9.com
92.62.101.132 Spyfighter.biz
92.62.101.132 Spyfighter.org
92.62.101.133 Spywarekick.com
92.62.101.133 Spywaresfighter.com

Stay away from all these sites.

Bharath M N

Sunday, March 15, 2009

Anti-Virus Number-1

Anti-Virus Number-1 is anew rogue security application. Its a clone of Anti-virus-1.

Sites Involved:

70.38.19.205 Checkclick-site info
70.38.19.205 Checkclick-download info

Stay away from these sites.

Bharath M N

Saturday, March 14, 2009

VirusMelt

VirusMelt is yet another rogue security application. Its a clone of Virusdoctor.

Sites Involved:

64.86.16.161 Virusmelt com
64.86.133.91 Virusmeltpro com
64.86.16.160 Payvirusmelt com
64.86.16.212 Updvms net
64.86.16.175 Updvms cn

Stay away from these sites.

Bharath M N

New rogues

General Antivirus and Personal Antivirus are the new rogues more info here.

Bharath M N

Friday, March 13, 2009

Calling All Graphic Artists

Malware Domain List (MDL) is a site which keeps track of Malware domains. Currently our friends at MDL are looking for a new favicon. If you fancy creating a few, please feel free to submit them to the MDL forums here.

There's no competition here, no prizes to win - just the knowledge that you're helping out a security forum.

Bharath M N

Thursday, March 12, 2009

ANG AntiVirus 09

ANG AntiVirus 09 is a new rogue security application. This rogue is a clone of TotalVirusProtection.

Screenshot of ANG AntiVirus 09 application

Sites involved:
70.38.73.26 Angantivirus-2009 com
70.38.73.26 Angantivirus2009 com

Stay away from these sites. Removal instructions here.

Bharath M N

Sunday, March 8, 2009

Antispyware Pro 2009

Antispyware Pro 2009 is another rogue security application.

More info here.

Bharath M N

Saturday, March 7, 2009

Malware Defender 2009

Malware Defender 2009 is a new rogue security application

More info here.

Bharath M N

Bharath's Security Blog