Don't. Continuing previous posts with three different portfolios of fake security software, and Zlob malware variants posing as video codecs, the rogue security application XP Shield is the latest addition to the never ending list, with the following domains participating in the campaign :xp-shield.com
xpshield.com
xpantiviruspro.com
xpantivirussecurity.com
xponlinescanner.com
xpprotectionsoftware.com
xpantivirussite.com
antivirus2008x.com
securityscannersite.com
antivirus-xp.awardspace.us
xpantivirus.awardspace.co.uk
The detection rates for the time being :
XPShieldSetup.exe
Scanners result : 1/32 (3.13%)
File size: 517632 bytes
MD5...: 99c7271ac88edc56e1d89c9f738f889c
SHA1..: 3347564017d289ffd116f70faa712e05883358f4
XPantivirus2008_v880381.exe
Scanners result : 4/32 (12.5%)
File size: 65024 bytes
MD5...: ef9024963b1d08653dcc8d8b0d992998
SHA1..: 436bf47403e0840d423765cf35cf9dea76d289a5
How would the end user reach these domains from a malicious attacker's perspective at the first place? Once being redirected to them through an already SQL injected or iFrame embedded legitimate site, with evidence of the practice seen in the majority of massive iFrame, SEO poisoning and SQL injections campaigns from the last couple of months.
No comments:
Post a Comment