Author Topic: Website providing links to malicious contetnt  (Read 3440 times)

0 Members and 1 Guest are viewing this topic.

August 25, 2010, 07:27:12 pm
Read 3440 times

Mofaya

  • Newbie

  • Offline
  • *

  • 8
This is the site that got my attention today http://appzfreew.com if you take a quick look you will see that all the downloads are excat the same size what made everything more suspcious . File size 123 KB doesnt matter what you download.

The file appear to be hosted here sample link . http:// mediatells.com/soft/ IDM.5.18.Build.8.download.45224.exe  <- remove spaces
I submited the file to jotti.org here are the results --> http://virusscan.jotti.org/en/scanresult/0ca9a270730a445303daa88d4b189fa7c396b1a6
As you may notice that the detection rate is very low on the scan ->.Scan finished. 5 out of 19 scanners reported malware.
Almost none of the welknow anti virus were able to detect it yet.
I also submited the file to anubis here are the results -->http://anubis.iseclab.org/?action=result&task_id=13c3b77b7326ddaf409d47ce9914c649c&format=html

Im not a pro at analyzing so i leave that to you guys.

PS sorry my english is not perfect im from holland.



August 26, 2010, 02:58:08 am
Reply #1

Mofaya

  • Newbie

  • Offline
  • *

  • 8

August 26, 2010, 09:58:26 pm
Reply #2

boston

  • Sr. Member

  • Offline
  • ****

  • 175
Here is another one .

GOOOFULL.COM
Quote from: xttp://www.gooofull.com/legal
a) Free download of software. In this case the user may access to the downloading of the software of his choice without having to pay any economic compensation. In this case, and as a necessary condition of such free downloading, the user agrees and expressly grants his consents to the following events that shall take place automatically (i) the installation of an application consisting of a toolbar with several functionalities and options, including the display of advertisements or any other similar promotional activities, that will be shown in the Internet browser used by the user on a permanent and indefinite basis, and (ii) the modification of the Home Page used by its Web browser, so that, upon acceptance, the Home Page to be shown by default will be GOOOFULLSEARCH.COM.
Quote from: xttp://www.vistafull.com/uk/software/legal
1.2. For such purpose, the SUPPLIER offers a PREMIUM high-speed download service that is fast, efficient and virus-free.
Quote from: xttp://kasperskyvirusremovaltool.vistafull.com/uk/software/descargas
* In order to receive the code, make sure that you have credit in your prepaid card and enough space in you inbox.
* You need to send 3 SMS. Sms cost: 2.00
* Total cost per service 6
lovely ::)

xttp://freeaudiomp3.com + xttp://www.freeinternetradio.biz lead to xttp://tb.abingerdale.com/toolbar.exe.
http://www.virustotal.com/file-scan/report.html?id=94edf72f5814417bd1257a8f551a56eecd19c86eaf6e40d9496ef57a322d407e-1282857886
http://www.virustotal.com/file-scan/report.html?id=5a2aa8acaa35781cccdc7d960db48b2505abb84a009407e4cfd4fd5f59777edd-1282858435