malwarealarm(dot)com downloads a variant of rogue antispyware application SpySheriff.
Here’s an interesting thing. By traversing through scanner(dot)malwarealarm(dot)com/, we see a cornucopia of vile and misleading pages used in advertising by these enterprising criminals.
When the online scanner does a “system scan”, it’s just pulling file names from scanner(dot)malwarealarm(dot)com/5/fileslist.js (you can see the contents here). In other words, no scan is actually occurring, just file names are being displayed.
Not very surprising, but pretty sick, eh?
(Thank to Sunbelt researchers Patrick Jordan and Adam Thomas)