Select Page

I’m sure you all know by now that there’s a storm out there.

And some new malware sites recently popped up very recently:

Rogue antispyware pushers:

gatemc(dot) com

Sample: gatemc(dot)com/gatevc(dot)php?id=icn02 redirects to push the fake trojan VirusRanger:



Sample: gatedl(dot)com/gatech(dot)php?pn=srch0p23total7s2 redirects to push various trojans, made to look convincingly like a Windows dialog box:


Also, add protectionalerts(dot)com (sample at protectionalerts(dot)com/2/01-byu8kl/xp/index(dot)php) and ahomepcsafety(dot)com as new fake security scam pages.

And another new site, toolbaractivity(dot)com pushes fake antispyware (sample: toolbaractivity(dot)com/go.php?step=1, resolves to rdr(dot)hitmngr(dot)com/accs=147 and step=2 resolves to antispyshield(dot)com/advid=177)

Fake codecs:

avsmanufacture(dot)com (sample avsmanufacture(dot)com/download(dot)php?id=4075)
sysprocedure(dot)com (sample: sysprocedure(dot)com/download(dot)php?id=1737)

Fake 404 page: (examples have been observed at either

Please don’t go downloading and playing with these trojans unless you know what you’re doing. They’re real and quite dangerous.

Alex Eckelberry
(Thanks to Patrick Jordan)