Select Page

Patrick came across a new Trojan today that uses the CloneCashSystem site (WHOIS registration date Oct. 2).

Trojan StartPage CloneCashSystem

Patrick’s note:

“My iframedollars downloaded a Trojan from a VX Catus site

“The 3 kb Trojan’s only function is to change the users start page to: join. clonecashsystem com/track/NjU1ODMuMjYuMzEuMzUuMC4wLjAuMC4w, which is one of those free report sites. It tries to get you to buy a get-rich-quick scheme.

“The start page is similar to the old CWS hijacking start page Trojans. I have named it Trojan.StartPage.CloneCashSystem.”

[NOTE: only go to the URLs mentioned here with caution.]

Thanks Patrick

Tom Kelchner

Update 11/9: We changed the description of CloneCash in the blog post since it is merely a site pointed to by iframedollars/virut. Patrick wrote the following after further investigating:

“The CloneCashSystem is really only free videos of how to make money on the Internet and not a scam, however, its URL is used in a TrojanStartPage with the file coming from a malicious site.

“The bookmark.exe has changed now to using as the StartPage Hijacking.

“Due to the change and as I now have over 100 sites that could end up being used and may come under 3 business aliases, I have changed the threat from Trojan.StartPage.CloneCashSystem to Trojan.StartPage.SSSPP

“For eternal use the SSSPP will stand for Schemes, Scams, Spams, and Pyramid Plans. “