Author Topic: smilebox.com for potential listing  (Read 3349 times)

0 Members and 1 Guest are viewing this topic.

October 15, 2009, 08:53:23 pm
Read 3349 times

eoin.miller

  • Sr. Member

  • Offline
  • ****

  • 179
Might just fall under "crapware", but emergingthreats.net has created trojan signatures for this thing (2009998 - ET TROJAN Smilebox Spyware Download (emerging-malware.rules)).
http://www.smilebox.com/download/smilebox/SmileboxInstaller.exe
VirusTotal is 0/41 for this binary.

Some funny stuff in the ThreatExpert output though, after installation it does a get against this url:
http://secure.smilebox.com/clientFirewallCheck.txt

Which only contains:
Code: [Select]
Smilebox rocks your world.
URL's that get hit during install:

http://update.smilebox.com/version.xml?cb=122531
http://secure.smilebox.com/ecom/partnerRedirect/getPartnerUpdateBasePath?partner=smilebox
http://update.smilebox.com/smilebox/version.xml?cb=122812
http://update.smilebox.com/updateNotification.txt
http://update.smilebox.com/smilebox/12118/0/updateableAssets.xml
http://update.smilebox.com/smilebox/12118/0/Client-smilebox-release.zip
http://www.smilebox.com/download/install_flash_player_active_x.exe
http://www.smilebox.com/partner/stubInstallerPartnerFlashCookieSetter.html?partner=smilebox
http://update.smilebox.com/version.xml?cb=115968
http://update.smilebox.com/12118/0/updateableAssets.xml
http://update.smilebox.com/12118/0/Client-core-release.zip
http://fpdownload2.macromedia.com/get/flashplayer/update/current/install/version.xml10.0.32.18
http://edge.quantserve.com/quant.js
http://www.google-analytics.com/urchin.js
http://ad.doubleclick.net/activity;src=2021596;type=smile984;cat=ambie953;ord=1?
http://ad.doubleclick.net/activity;src=2021596;type=smile984;cat=ambie953;ord=1?&_dc_ck=try

More threatexpert stuff here:
http://www.threatexpert.com/report.aspx?md5=35e19a1074b9c6f04c6cda2469123fad