Patrick Jordan found this malicious little nugget today: Internet Security 2010. It’s a rebranded clone of Advanced Virus Remover, a rogue security product that we first found in June (Sunbelt Rogue Blog entry here.)
It’s one of your run-of-the mill rogues, using run-of-the mill scare tactics, except its payment screen contains a static graphic that imitates the McAfee Secure certification.
A real “McAfee Secure” certification is a DAILY certification, it contains the date and its logo should look like this:
When you click on it, it should take you to the McAfee Secure rating verification page: https://www.mcafeesecure.com/RatingVerify that gives the name of the certified web site and the “Status.”
More info about the program here.
VIPRE catches the installer that is also the rogue’s exe module:
While the rogue is active it also blocks all other applications.
The list of download sites for Internet Security 2010 is the same VX Cactus group that ran the vxgame malware operations from Jan 2005 until Nov 2008:
193.104.110.50 buy-internet-security2010.com
193.104.110.50 downloadavr13.com
193.104.110.50 testavrdown.com
193.104.110.50 vscodec-pro.net
193.104.110.50 vsproject.net
193.104.110.50 white-xxx-tube.com
193.104.110.50 white-xxx-tube.net
193.104.110.50 xxx-white-tube.biz
193.104.110.50 xxx-white-tube.net
193.104.110.50 pc-scanner-2010.org
193.104.110.50 avrdownnew8.com
193.104.110.50 pc-scanner-2011.org
193.104.110.50 pc-scanner-2011.biz
Thanks Patrick.
Tom Kelchner