Select Page

I’m sure you all know by now that there’s a storm out there.

And some new malware sites recently popped up very recently:

Rogue antispyware pushers:

gatemc(dot) com

Sample: gatemc(dot)com/gatevc(dot)php?id=icn02 redirects to push the fake trojan VirusRanger:

Virusranger1293812312

gatedl(dot)com

Sample: gatedl(dot)com/gatech(dot)php?pn=srch0p23total7s2 redirects to push various trojans, made to look convincingly like a Windows dialog box:

Virusranger25293812312

Also, add protectionalerts(dot)com (sample at protectionalerts(dot)com/2/01-byu8kl/xp/index(dot)php) and ahomepcsafety(dot)com as new fake security scam pages.

And another new site, toolbaractivity(dot)com pushes fake antispyware (sample: toolbaractivity(dot)com/go.php?step=1, resolves to rdr(dot)hitmngr(dot)com/accs=147 and step=2 resolves to antispyshield(dot)com/advid=177)

Fake codecs:

avsmanufacture(dot)com (sample avsmanufacture(dot)com/download(dot)php?id=4075)
sysprocedure(dot)com (sample: sysprocedure(dot)com/download(dot)php?id=1737)

Fake 404 page:

dnserrortool.com (examples have been observed at either dnserrortool.com/ie6/ dnserrortool.com/ie7).

Please don’t go downloading and playing with these trojans unless you know what you’re doing. They’re real and quite dangerous.

Alex Eckelberry
(Thanks to Patrick Jordan)