Message of this year searching a web designer:
'mrs' ask for 5k minimum.
Yambaprivate like the url says is private, it's a fake.HDD affil.
yambaclick.com (the 'public' program):
The exe i got from yambaclick.com, unpacking
27 Sept, first detections happen for my unpacked file:
vm detection, destruction of the mbr:
Payloads in ressource
For malware-analysts/av guys i can provid you 117 Fake.HDD x), just write me a mail.
Fake.HDD Data recovery
Even found some weird names on the server like 'test', 'new'
searchwrong.org is used for malware download and searchwink.org has redirect for Fake.HDD billing.
And about Alureon, The Microsoft Malware Protection Center written a post on this recently:
Got busted on the night, but too late for him.
All your base are belong to us.
Edit: how to get Alureon samples from the server (thanks to S!Ri for the little script)
Add wget.exe into /system32/ and rulz :þ