Home > ParetoLogic Blogs > Malware Diaries > Malware repo gets updated
Reply
 
Thread Tools Display Modes
  #1  
Old 07-03-2009, 05:37 PM
Michael Michael is offline
Administrator
Join Date: May 2007
Posts: 313
Default Malware repo gets updated
This is an update from my previous post. I noticed an update to one of the pages on the malicious site

oymoma-tube.freehostia.com

Check the screen below and see the July 3rd time stamp:

hottube

The page hot-tube.htm is now pushing a rogue, namely XP Deluxe Protector, disguised as a free codec:

hottube2

Upon execution, fake alert messages such as this one:

hottube3

Eventually the scareware will run:

hottube4

This sample is poorly detected, especially for being a variant of an already known rogue:

hottube5

Paretologic detects this file as:

clipboard01

Jerome Segura

Malware ID:*dcfe992aa25bb1849c1e9f8c2c5d3c5b.zip
Reply With Quote
Reply

« Previous Thread | Next Thread »

Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Forum Jump


Terms of Use