[en] scareware : Malware/Defender Pro 2015

There is a campaign for a scareware Malware/Defender Pro 2015 for a long time now.
By email :

https://www.virustotal.com/fr/file/b024bacb4323e92a904ddcc2d4a2418f42f46e35054b20d330e6cd2d1c563364/analysis/

SHA256:b024bacb4323e92a904ddcc2d4a2418f42f46e35054b20d330e6cd2d1c563364
Nom du fichier :8CD97864641E44AE813A9EAFC97FE906.exe
Ratio de détection :5 / 54
Date d’analyse :2015-03-25 10:39:31 UTC (il y a 36 minutes)
AntivirusRésultatMise à jour
ESET-NOD32a variant of Win32/Kryptik.DCXL20150325
MalwarebytesTrojan.Agent.RRED20150325
PandaGeneric Suspicious20150324
RisingPE:Malware.XPACK-LNR/Heur!1.559420150325
TencentTrojan.Win32.Qudamah.Gen.320150325

and old tactics by Fake Codec on digusting porn website  :
Years go, theses Fake Codec were pushing Simda Trojan, TDS or ZeroAccess and also sometimes Urausy Ransomware.

scareware_FakeCodec

 

Some URLs :

  • TDS : tds.animal-porn-portal.com (188.126.79.68 – SWEDENDEDICATED-NET)
  • Malicious VBS : masterupdate.eu (195.238.181.24 – UA – TR-INFOCOM-ISP)

domain has been added to my malicious domain database : http://malwaredb.malekal.com/url.php

So the Fake Codec drop a VBS :

scareware_FakeCodec4

https://www.virustotal.com/fr/file/ffba43ddd7d290649da7e9fe6f3199e5fb70d55239c334bae4add613e44f7aea/analysis/1427281903/

SHA256:ffba43ddd7d290649da7e9fe6f3199e5fb70d55239c334bae4add613e44f7aea
Nom du fichier :install_flashplayer16x32ax_ver.2.0031.sd_update.vbs
Ratio de détection :2 / 57
Date d’analyse :2015-03-25 11:11:43 UTC (il y a 0 minute)

 

AntivirusRésultatMise à jour
KasperskyHEUR:Trojan.Script.Generic20150325
Qihoo-360virus.vbs.dropper.d20150325

There is a binary PE embedded :

scareware_FakeCodec3 scareware_FakeCodec2

dropped in %TEMP%

https://www.virustotal.com/fr/file/b024bacb4323e92a904ddcc2d4a2418f42f46e35054b20d330e6cd2d1c563364/analysis/

SHA256:b024bacb4323e92a904ddcc2d4a2418f42f46e35054b20d330e6cd2d1c563364
Nom du fichier :8CD97864641E44AE813A9EAFC97FE906.exe
Ratio de détection :5 / 54
Date d’analyse :2015-03-25 10:39:31 UTC (il y a 36 minutes)
AntivirusRésultatMise à jour
ESET-NOD32a variant of Win32/Kryptik.DCXL20150325
MalwarebytesTrojan.Agent.RRED20150325
PandaGeneric Suspicious20150324
RisingPE:Malware.XPACK-LNR/Heur!1.559420150325
TencentTrojan.Win32.Qudamah.Gen.320150325

 

scareware_FakeCodec5

 

then Fake Alert shows up and a fake Antivirus is offer – more screenshots at : https://forum.malekal.com/malware-defender-2015-t50826.html

70$ to buy this fake antivirus :

scareware_FakeCodec6

(Visité 106 fois, 1 visites ce jour)

Vous pouvez aussi lire...

Les Tags : #Windows10 - #Windows - #Tutoriel - #Virus - #Antivirus - #navigateurs WEB - #Securité - #Réseau - #Internet