The Legacy Sunbelt Software Blog

Zlob Trojan Distributing site:
91.203.92.11 Movsmedia. com

Scam Internet Security Page:
91.203.92.12 Homepageonweb. com

404ErrorpageScam:
91.203.92.12 Misdnspage. com

Security Guide Scam Page:
91.203.92.12 Websclinks. com

Ad-Server-Gate Pages:
91.203.92.12 Qpwoi. com
91.203.92.12 Ghjfd. com

Protection Center Scam Page:
91.203.92.11 Securefires. com

Scam Security Toolbar site:
91.203.92.11 Safetybargoal. com

IE AntiSpywareStore site:
208.72.168.84 Ietoolsupdate. com

As we always say please stay clear of these sites.

Bharath M N

Antivirus 2010 is a new rogue security product. This rogue is a clone evolved from IEdefender that begat XP Antivirus, that begat Antivirus 2008, that then begat Antispyware 2009.

Thanks to Patrick Jordan for the detailed historical information about this rogue family.

217.20.175.74 Av2010. net

The rogue application uses the same old tricks to lure users into purchasing their worthless application.

Fake Windows Security Center

Fake BSOD

Bharath M N

Thanks to Patrick Jordan for the Rogue update.

XP AntiSpyware 2009 is a clone of WinReanimator and XPSecurityCenter rogues.

This group of rogue security products are usually pushed through Trojan-Downloader.braviax or Trojan.fakealert Trojan.

Fake Windows security Center

206.161.120.20 Xp-antispyware2009. com
206.161.120.21 Xp-antispyware-2009. com
206.161.120.22 Xpantispyware-2009. com
206.161.120.23 Xpas2009. com
206.161.120.24 Xp-as-2009. com

Bharath M N

Now that is something really funny:
A plugin for google mail that prevents you from sending emails completely drunken!
No, it’s not a joke it really exists here: click

Sometimes people have really strange ideas… This time it was even funny and entertaining. The plugin activates itself during weekends, so not much of use for me since my beer evening is usually monday evening. Oh wait, you can even configure that? Downloading it right now!

Signing off (completely sober!)
Michael St. Neitzel

I was privileged and honored last week to give an address to Virus Bulletin delegates at the Virus Bulletin 2008 conference in Ottawa, Canada.

I’ve posted it here, so if you’re masochistic enough to watch me bloviate for 40 minutes on the state of the industry, feel free to watch the show (I apologize for the poor audio quality).

(Clicking will launch a new window; expect a small delay.)

Podcast version here (mp3). A copy of the Powerpoint is here (pdf). The survey data (including the raw Perseus files) is here. Feel free to contact me directly with any follow-up questions or if you want the financial data I used in my analysis.

Alex Eckelberry

Zlob Trojan Distributing site:
91.203.92.11 Vmpupdate. com

Once the Trojan is installed it further downloads and installs VirusResponse Lab 2009 rogue security product.

66.232.113.62 Virus-labs2009. com
66.232.113.62 Virus-response. com
66.232.113.62 Virusresplab. com
66.232.113.62 Virusresponse2009. com

Scam Internet Security Page:
91.203.92.11 Homepageroze. com

404ErrorpageScam:
91.203.92.12 Dnserrorz.com

Security Guide Scam Page:
91.203.92.11 Linkondezktop. com

Ad-Server-Gate Pages:
91.203.92.12 Fghin. com
91.203.92.11 Pbkjh. com

Protection Center Scam Page:
91.203.92.12 Asecurevillage. com

Scam Security Toolbar site:
91.203.92.12 Toolbarfornew. com

IE AntiSpywareStore site:
208.72.168.92 Iexplorerfile. com

Please stay clear of all these sites.

Bharath M N

Serious spammers get around CAPTCHAs with ease.

There’s now a solution that’s brilliant and highly effective. Link here.

(Yes, it’s humor.)

Alex Eckelberry
(thanks Ferg!)

After weeks of drama, it appears that Intercage is down for the count.

Gadi Evron has a post, here. 

One down.  A few more to go…

Alex Eckelberry

I got back last night from the Virus Bulletin 2008 conference in Ottowa, Canada. This event followed on one I attended the previous week, where I spoke on a panel at MAAWG in Ft. Lauderdale. I’m ready to stay home for a while…

A lot of happened there, but I’ll be picking up some bits and pieces in upcoming blog posts.

For the time being, however, I have a video made by Graham Cluley and Carole Theriault at Sophos. And Sunbelt’s Micheal St. Neitzel has some pics on Flickr, here.

You can watch the video here if the above embedded video doesn’t display. I’m the one who can’t make up his mind about the lipstick…

Alex Eckelberry

Rogue Mania brought to you by Innovagest 2000.

eAntivirusPro is a new clone of Antivirus XP 2008 rogue security product.

Sites used:
218.106.90.227 eantivirus-payment. com
218.106.90.227 e-antiviruspro. com

A typical FakeScare scanner page used by this group.

AntiMalware 2009 is yet another clone of Antivirus XP 2008 rogue security product.

A typical FakeScare scanner page used by this group.

ekerberos is another rogue security product from Innovagest 2000.

ekerberos is a renamed clone of short lived ikerberos rogue security product.
218.106.90.227 ekerberos. com

Bharath M N

Installing a fake codec from upgrade-your-software com gets you all kinds of ugly stuff, including the error screen above (which pushes Innovative Marketing’s PersonalAntiSpy rogue security product).

Patrick Jordan

This is something making the rounds right now.  A trojan downloader which infects a system with rogue security product Antivirus XP.

Alex Eckelberry

A lengthy, but very interesting write-up on trustmarks (BBB Online, Trust Guard, TRUSTe, etc.).

The most important test for privacy protection in the trustmarks environment is the underlying standards or requirements that are applied by each scheme. Perhaps expectations here should be realistic – what standard should a consumer expect in a market where a business can buy a legitimate looking privacy seal for $15.99 a year?

Indeed, the privacy standards are appallingly low for trustmarks. Attempts to impose higher standards (during the early stages of trustmark development) appeared to fail on commercial grounds. For example, TRUSTe originally had three privacy seals, indicating whether the collection and disclosure of personal information occurred using a colour scheme.

and

The most significant criticism of trustmarks is that in practice they have proved to be virtually worthless in the face of major privacy breaches. Their privacy standards are low to begin with, but even these rules are simply not enforced against large, paying members.

More here (PDF version here).

Or, you can just skip to the conclusion.

Alex Eckelberry
(Thanks, Ben)

This is particularly nasty spam pushing a fake codec trojan:

If you go to that link, you get to a very convincing site pushing a fake codec.  That CNNWorld was created yesterday, hosted in Iran.

Alex Eckelberry

A new batch of Security Scam Hijacker sites, Thanks to Patrick Jordan for the information.

Zlob Trojan Distributing site:
77.91.231.183 Wmpware. com
77.91.231.201 Newwmpupdate. com

Scam Internet Security Page:
91.203.92.12 Homesecuresite. com

404ErrorpageScam:
91.203.92.11 Dnserrorview. com

Security Guide Scam Page:
91.203.92.12 Screenlinkz. com

Ad-Server-Gate Pages:
91.203.92.12 Yrhfn. com
91.203.92.11 Ungds. com

Protection Center Scam Page:
91.203.92.11 Secureharley. com

Scam Security Toolbar site:
91.203.92.11 Ienewbar. com

IE AntiSpywareStore site:
92.62.101.84 Qwertypages. com

Please stay clear of these sites.

Bharath M N

Thanks to Patrick Jordan for the information.

PersonalAntiSpy Free is a new rogue security product brought to you by Innovative Marketing

PersonalAntiSpy Home Page
93.190.139.197 Personalantispy. com

Typical fake/Scare scan page

Once the rogue is installed it annoys with a series of fake alert notification.

Bharath M N

The endless supply of Zlob Trojan parades the internet once again with their new scam sites.

Zlob Trojan Distributing site:
77.91.231.201 Movsdlls. com
77.91.231.183 Mediamswares. com

Scam Internet Security Page:
91.203.92.11 Asafetysite. com

404ErrorpageScam:
91.203.92.12 Errordnsurl. com

Security Guide Scam Page:
91.203.92.11 Linksondesktop. com

Ad-Server-Gate Pages:
91.203.92.11 Gfbwd. com
91.203.92.11 Ogjtu.com

Security Center Scam Page:
91.203.92.12 Waysofsecurity. com

Scam Security Toolbar site:
91.203.92.12 Toolbarunit. com

IE AntiSpywareStore site:
92.62.101.83 Ieprogramming. com

As we always say please stay clear of these sites.

Bharath M N

Platrium, Zango’s new adware, has been “provisionally certified” by TRUSTe.

Alex Eckelberry
(Thanks, Ben)

If you’re trying to get a grasp as to what the heck happened over the past few days in the financial markets, probably the best explanation is on the Freakonomics blog.  Well worth reading.

As an economist, I am supposed to have something intelligent to say about the current financial crisis. To be honest, however, I haven’t got the foggiest idea what this all means. So I did what I always do when something related to banking arises: I knocked on the doors of my colleagues Doug Diamond and Anil Kashyap, and asked them for the answers. What they told me was so interesting and insightful that I begged them to write their explanations down for a broader audience. They were kind enough to take the time to do so. In what follows, they discuss what has happened in the financial sector in the last few days, why it happened, and what it means for everyday people.

Link here (via Jeff Nolan).

Alex Eckelberry

Thanks to Patrick Jordan for the information.

Zlob Trojan Distributing site:
77.91.231.201 Movsdevices. com
77.91.231.183 Wmptools. com

Scam Internet Security Page:
91.203.92.12 Homesiteurls. com

404ErrorpageScam:
91.203.92.11 Urlsofdnserrors. com

Security Guide Scam Page:
91.203.92.11 Fastshortcuts. com

Ad-Server-Gate Pages:
91.203.92.12 Xbstw. com
91.203.92.12 Eufnt. com

Security Center Scam Page:
91.203.92.11 Protectnotice. com

Scam Security Toolbar site:
91.203.92.11 Securealertbar. com

IE AntiSpywareStore site:
92.62.101.84 Ierenewals. com

Other sites used in this scam

Antivirus 2009 Fake/Scanner page:
84.16.252.138 Vassariumpromo. com

Please stay clear of these sites.

Bharath M N