[Michael]

I've been on the hunt for the AntiVirus 360 rogue think everyone's* talking about...

Well, getting the Trojan that installs it was relatively easy, but the rest was something else.

First off, this sample*likes to play tricks with you... it*'sleeps' for more than 6 minutes before actually doing something... So, if your sandbox only runs the sample for 2 minutes, you will get nothing out of this one.




*Moving on, this sample is actually quite nasty, reminding me of the days of DollarRevenue*ahhh...

Check this great EULA: one button, and one only: Accept. Nice!



*And it seems to store more bad stuff on RapidShare... Unfortunately the file is gone already



Now, this pic does remind me of DollarRevenue... the classic Command infection... still there after all this time!



Time to proceed to the checkout:

*

No thanks! :-)

Jerome Segura