Tuesday 5 April 2011

findvirus.ru: HoaxSMS Fake installers - BitDefender/Avast/Avira/Dr.Web/Mcafee/Norton Fake products

Another website who try to extort money using fake installers.

Nice collection right?:
A-squared HiJackFree ~ A-squared HiJackFree Antivirus Free 4.5
AVG Anti-Virus ~ AVG Anti-Virus Free
ArcaMicroScan ~ ArcaVir Internet Security 2009
Avast! Antivirus ~ Avast! Free Antivirus
Avira Antivirus ~ Avira AntiVir Personal
BitDefender Antivirus ~ BitDefender Antivirus
Comodo Firewall Pro 4 ~ Comodo Firewall Pro 4.0.141842.828
Dr.Web Antivirus ~ Dr.Web Антивирус
ESET NOD32 Antivirus ~ ESET NOD32 Антивирус
GeSWall 2.9.0 ~ GeSWall Firewall 2.9.0
Loaris Trojan Remover ~ Loaris Trojan Remover
McAfee Rootkit Detective ~ McAfee Rootkit Detective 1.1
McAfee VirusScan ~ Антивирус McAfee
Norton AntiBot ~ Norton AntiBot AntiSpyware
Norton Antivirus ~ Norton AntiVirus 2011
Online Armor Free ~ Online Armor Free v4.0.0.44
Outpost Antivirus ~ Outpost Security Suite PRO 2009
Outpost Firewall Pro ~ Outpost Firewall Pro 2009 6.7.3
PC Tools Firewall Plus ~ PC Tools Firewall Plus
PC Tools Internet Security ~ PC Tools Internet Security
Panda Antivirus ~ Panda Antivirus Pro 2011
RusRoute Firewall ~ RusRoute Firewall 1.7.1
SUPERAntispyware ~ SUPERAntiSpyware Free 4.35.1002
Spybot Search & Destroy ~ SpyBot - Search & Destroy
Spyware Doctor ~ Spyware Doctor
Spyware Terminator ~ Spyware Terminator
Sunbelt Kerio Personal Firewall ~ Sunbelt Personal Firewall 4.6.1861
Trend Micro Internet Security ~ Trend Micro Internet Security 2010
WinPatrol ~ WinPatrol 17.1.20010.1
ZoneAlarm Extreme Security ~ ZoneAlarm Extreme Security 2010
ZoneAlarm Firewall Free ~ ZoneAlarm Free Firewall
Антивирус Касперского ~ Антивирус Касперского 2011 (It's Kaspersky)

Code to send: 76633399892169157
Code to send: 76633399594169160
Code to send: 76633399899169103
Code to send: 76633399890169135
Code to send: 76633399534169088
Code to send: 76633399723169208
Code to send: 76633399039169173
Code to send: 76633399092169126

Some of these files are goods, that not the case for all.
BitDefender_Antivirus_Pro_2011.exe for example

1) Language selection (And you have not really the choice)

2) Destination folder for the installation:

3) Simulate an activity:

4) Ask for money by SMS:

5) Setup complete:

The man who created this use zipmonster.ru, a know website for this type of things.
The customer support of zipmonster.ru is: zip-help.com

Another one: BitDefender_Downadup_Removal_Tool.exe

Avast: Avast!_Virus_Cleaner.exe:

Avira: Avira_AntiVir_Removal_Tool.exe:

Dr.Web: Dr.Web_Trojan.Encoder.19_Decrypt.exe:

Mcafee: McafeeRootkitDetective.exe:

McAfee: McAfee_VirusScan_Plus_2009.exe:

Norton: NortonOnlineBackup.exe:

Last thing: Have you noticed these fake installers have not displayed an EULA ? (End User License Agreement)

If you want download an Antivirus, make sure you are on the official website.

Edit: 05/04/2k11: Jerome Segura from ParetoLogic have found another domain in the same style, you must read this if you are interested: More SMS scams push fake AV software


1 comment:

  1. Exact, bonne liste de malwares ...


    Bien joué, encore une fois !