Saturday, September 26, 2009

Google Group Spammed with Rouge Antispyware

Here is the Posting to a google group

first

 

this link redirects to

hxxp://numberstencils.net/images/www/index.php

above link connected with following rouge antispyware

hxxp://scanonlinesite.info/downloads.php/?aff_id=91&aff_Aid=20106&adult

site

above fake scanner is loaded from the web page and drops following file.

final

Following file prompts to run as administrator and here is the manifest

<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
    <security>
      <requestedPrivileges>
        <requestedExecutionLevel level="requireAdministrator"></requestedExecutionLevel>
      </requestedPrivileges>
    </security>
  </trustInfo>
</assembly>

at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

APK spam on Whatsapp Targeting Bank users

  Initial vector:   Whatsapp spam user posing as union bank with logo in user profile shared apk file named as “Union Bank Aadhaar Update....