Select Page

malwarealarm(dot)com downloads a variant of rogue antispyware application SpySheriff.

Malwarealarm1293888

Here’s an interesting thing. By traversing through scanner(dot)malwarealarm(dot)com/, we see a cornucopia of vile and misleading pages used in advertising by these enterprising criminals.

MalwarealarmA12938888

Malwarealarmb2394888

MalwarealarmC2394888

MalwarealarmD2394888
Malwarealarme2394888
MalwarealarmF2394888
Malwarealarmh2394888

When the online scanner does a “system scan”, it’s just pulling file names from scanner(dot)malwarealarm(dot)com/5/fileslist.js (you can see the contents here). In other words, no scan is actually occurring, just file names are being displayed.

Not very surprising, but pretty sick, eh?

Alex Eckelberry
(Thank to Sunbelt researchers Patrick Jordan and Adam Thomas)