I’m sure you all know by now that there’s a storm out there.
And some new malware sites recently popped up very recently:
Rogue antispyware pushers:
gatemc(dot) com
Sample: gatemc(dot)com/gatevc(dot)php?id=icn02 redirects to push the fake trojan VirusRanger:
gatedl(dot)com
Sample: gatedl(dot)com/gatech(dot)php?pn=srch0p23total7s2 redirects to push various trojans, made to look convincingly like a Windows dialog box:
Also, add protectionalerts(dot)com (sample at protectionalerts(dot)com/2/01-byu8kl/xp/index(dot)php) and ahomepcsafety(dot)com as new fake security scam pages.
And another new site, toolbaractivity(dot)com pushes fake antispyware (sample: toolbaractivity(dot)com/go.php?step=1, resolves to rdr(dot)hitmngr(dot)com/accs=147 and step=2 resolves to antispyshield(dot)com/advid=177)
Fake codecs:
avsmanufacture(dot)com (sample avsmanufacture(dot)com/download(dot)php?id=4075)
sysprocedure(dot)com (sample: sysprocedure(dot)com/download(dot)php?id=1737)
Fake 404 page:
dnserrortool.com (examples have been observed at either dnserrortool.com/ie6/ dnserrortool.com/ie7).
Please don’t go downloading and playing with these trojans unless you know what you’re doing. They’re real and quite dangerous.
Alex Eckelberry
(Thanks to Patrick Jordan)