Malware Domain List

Malware Related => Tools of the trade / Internet News => Topic started by: cconniejean on July 18, 2008, 12:46:13 am

Title: adwarealert.com
Post by: cconniejean on July 18, 2008, 12:46:13 am
Was wondering if I could get some help with this link so I can let a website owner know if they need to remove this advertisement. This is the link that is associated with the banner in the members area:
Code: [Select]
http://www.adwarealert.com/index.php?hop=hcgroup7
I run this link using Exploit Prevention Labs Online LinkScanner, says safe to proceed.
I run this link using Dr.Web online scanner, says it's ok.

Doing a google search says otherwise. References include siteadvisor, mywot, malwaredomainlist, hosts-file, sunbeltblog and benedelman. These references let me know the site owner is advertising a bad product. What I would like to know is when I clicked on the above banner that linked to adwarealert, would it have attempted to automatically redirect me to the
Code: [Select]
http://www.adwarealert.com/install.php and try to install itself? The only reason I didn't go to adwarealert is because of my host files.

When I ran the install(dot)php link using Dr.Web it did show the following, everthing is ok:

Code: [Select]
Checking: http://www.adwarealert.com/install.php
Engine version: 4.44.0.9170
File size: 4.41 MB

Checking: http://www.adwarealert.com/install.php
Engine version: 4.44.0.9170
File size: 4.41 MB

http://www.adwarealert.com/install.php packed by UPX
http://www.adwarealert.com/install.php - archive 7-ZIP
http://www.adwarealert.com/install.php/AdwareAlert.msi - archive OLE
http://www.adwarealert.com/install.php/AdwareAlert.msi/stream000 - Ok
http://www.adwarealert.com/install.php/AdwareAlert.msi/stream001 - Ok
http://www.adwarealert.com/install.php/AdwareAlert.msi/stream002 - Ok
http://www.adwarealert.com/install.php/AdwareAlert.msi/stream003 - Ok
http://www.adwarealert.com/install.php/AdwareAlert.msi - Ok
http://www.adwarealert.com/install.php/AdwareAlert64.msi - archive OLE
http://www.adwarealert.com/install.php/AdwareAlert64.msi/stream000 - Ok
http://www.adwarealert.com/install.php/AdwareAlert64.msi/stream001 - Ok
http://www.adwarealert.com/install.php/AdwareAlert64.msi - Ok
http://www.adwarealert.com/install.php/AdwareAlert/vistaCPtasks.xml - Ok
http://www.adwarealert.com/install.php/AdwareAlert/FilterDrv/AdwareAlert.cat - Ok
http://www.adwarealert.com/install.php/AdwareAlert/FilterDrv/AdwareAlert.inf - Ok
http://www.adwarealert.com/install.php/AdwareAlert/DataBase.ref - Ok
http://www.adwarealert.com/install.php/AdwareAlert/AdwareAlert.url - Ok
http://www.adwarealert.com/install.php/AdwareAlert64.wixpdb - archive CAB
http://www.adwarealert.com/install.php/AdwareAlert64.wixpdb/0 - Ok
http://www.adwarealert.com/install.php/AdwareAlert64.wixpdb/1 - Ok
http://www.adwarealert.com/install.php/AdwareAlert64.wixpdb/2 - Ok
http://www.adwarealert.com/install.php/AdwareAlert64.wixpdb/3 - Ok
http://www.adwarealert.com/install.php/AdwareAlert64.wixpdb/4 - Ok
http://www.adwarealert.com/install.php/AdwareAlert64.wixpdb/5 - Ok
http://www.adwarealert.com/install.php/AdwareAlert64.wixpdb/6 - Ok
http://www.adwarealert.com/install.php/AdwareAlert64.wixpdb/7 - Ok
http://www.adwarealert.com/install.php/AdwareAlert64.wixpdb - Ok
http://www.adwarealert.com/install.php/AdwareAlert/AdwareAlert.exe - Ok
http://www.adwarealert.com/install.php/AdwareAlert/AdwareAlert.srv.exe - Ok
http://www.adwarealert.com/install.php/MSIStart.exe - Ok
http://www.adwarealert.com/install.php/AdwareAlert/Difxapi.dll - Ok
http://www.adwarealert.com/install.php/AdwareAlert/SpyCleaner.dll - Ok
http://www.adwarealert.com/install.php/AdwareAlert/TCL.dll - Ok
http://www.adwarealert.com/install.php/AdwareAlert/zlib.dll - Ok
http://www.adwarealert.com/install.php/AdwareAlert/FilterDrv/AdwareAlert.amd64.sys - Ok
http://www.adwarealert.com/install.php/AdwareAlert/FilterDrv/AdwareAlert.x86.sys - Ok
http://www.adwarealert.com/install.php - Ok
Title: Re: adwarealert.com
Post by: Kayrac on July 18, 2008, 12:58:52 am
it won't autoinstall, or auto-redirect, you can visit it safely, it dl's, setupxv.exe when you visit the install one

http://www.virustotal.com/analisis/81884a57664f2f58b1a07a03d121b316

chances are it's a rogue antispyware, but i'll tell you soon


i'll put money on crapware, i've submitted it, so we'll see what they say, perhaps someone else will come by and find out exactly what it does for you
Title: Re: adwarealert.com
Post by: cconniejean on July 18, 2008, 01:37:00 am
Thank you very much for the answer.
Title: Re: adwarealert.com
Post by: MysteryFCM on July 18, 2008, 03:00:07 am
:)

http://hosts-file.net/?s=adwarealert.com
http://hosts-file.net/pest.asp?show=72.32.29.

/edit

Snagged the installer and AntiVir alerted with;

Code: [Select]
Virus or unwanted program 'PHISH/FraudTool.AntiSpyware.AI [phishing]'
detected in file 'E:\Misc\Malware\AdwareAlert\setupxv\AdwareAlert\AdwareAlert.srv.exe.

Virus or unwanted program 'PHISH/FraudTool.SpywareStop.AN [phishing]'
detected in file 'E:\Misc\Malware\AdwareAlert\setupxv\AdwareAlert\TCL.dll.

Virus or unwanted program 'PHISH/FraudTool.SpywareStop.AQ [phishing]'
detected in file 'E:\Misc\Malware\AdwareAlert\setupxv\AdwareAlert\SpyCleaner.dll.
Title: Re: adwarealert.com
Post by: Kayrac on July 18, 2008, 11:25:17 am
25077349  setupxv.exe  4.41 MB  MALWARE


Please find a detailed report concerning each individual sample below:

 Filename Result
 setupxv.exe  MALWARE

The file 'setupxv.exe' has been determined to be 'MALWARE'. Our analysts named the threat TR/Drop.Frauddrop.B. The term "TR/" denotes a trojan horse that is able to spy out data, to violate your privacy or carry out unwanted modifications to the system.Detection will be added to our virus definition file (VDF) with one of the next updates.