Thursday 27 October 2011

Security Defender

Since some days, this *old* FakeAV Html based seem make more noise than usual on VT.
Fake scanner pages/installer dies after hours and respawn to new locs.




To register (and help removal), copy paste this code: D13F-3B7D-B3C5-BD84

Network activity:
scan81.beatok.in/index.php?Q/Dhb9RBbZ1GTnqIM+VN0STaBd676GNVrWL+4hBE54uCmiABiN8+/AO54gjstFigswyk3iIAH4E07JmQo8TLaVryOyWM0+C3PrVRPRcxu7kPZRqGRULnM61f4F6Hhma5yRkmrPGCmjPhTvSVnqtuKfsBii3ftxW4RuHDIksADjjtN9Y9iBDtQUr0DAEeMX8/qw6hAJ/6k8s=
http://94.199.49.61/jPhnBSWoCa0qt12dsD5SPN25RN66jx4pZXooc095hwhTyJR6ljVFVnzEi0NhHEbaaa2+9zhz9h1GtWo2Htzgm/7rz5OgdAG/E95vrYHh2vLAsG2K7txRoUOMQgF27FO9yNJR24fc1phuGe65uK2D0/ELfY/7wr4Iwuhi3JSBD92tjD72ChY7VmwOthlS/bfZZkASuqJWxBg=
http://94.199.49.61/l.php?aff_id=211&u={5129F7AA-8EAF-F8FD-3532-B0D0287A637B}&log_id=12
http://94.199.49.61/sw/211/1/{5129F7AA-8EAF-F8FD-3532-B0D0287A637B}/6be8ee50-2fc8-44c3-aab3-0d5998f4270a/b.dat
http://94.199.49.61/aRuPRgeys/SnfD9qA6Q+RWlrADDs/pXLtzLuvt2P77N+Zz2DwNt2GmUfJAH9orLy1oqgPW6u8yiMiivq3+aW4rsmfZ7a1sCY2Y7OioeCTfkgdA==

(Sample found yesterday) Security Defender.dll 1/43: >> 2.3%
https://www.virustotal.com/file-scan/report.html?id=2e7141d6a7e94b7c97aa69a9f0283f5c474b70b82a31fa097ecf005071359be7-1319709080

(Sample found today) Security Defender2.dll:  0/43 >> 0.0%
https://www.virustotal.com/file-scan/report.html?id=3748c5d7e866e1ff37b2c5b9b502a6f36f2524e3047fd2fb22553e1f858148f9-1319710208
Posted by at 11:58
Labels: , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)