Many new instances of Adware.InstallCore.75 not detected...

[polonus]

See: http://zulu.zscaler.com/submission/show/d34c1f0741c71f6cbb13379fa133aae1-1355869181
See: https://www.virustotal.com/file/69806bbe830f62ad2077cf13588ce074e927860adb235b02e25c7353b03fc029/analysis/
and
https://www.virustotal.com/url/76314dc7b12e32798ff900d89f02cc1449a90ce8b2a12c4cbbf02ba41a572013/analysis/1355869823/
DrWeb detects but gives the url scan as clean...https://www.virustotal.com/file/99909ff66efa64cf6e6c4a65c67fd19eb15cbd9de07f04fbe9158efb0a6d800a/analysis/1355869839/

Site uses real user monitoring with

Code: [Select]

var NREUMQ≈ NREUMQ||[];NREUMQ.push redirects to htxp://d28me8o1j6adyz.cloudfront dot net/1355825149/i  and live tracking monitoring script "htxp:")+'//api.mixpanel dot com/site_media/js/api/mixpanel.2.js

Is this site suspicious or bordering on malware, as sucuri finds nothing wrong there: http://sitecheck.sucuri.net/results/mozilla-firefox.todownload.com/  and VirusWatch flags this with many instances launched from and active on 23.23.130.85

polonus

[polonus]

Here we see that avast is detecting this as a PUP: https://www.virustotal.com/file/df4f2825bbaf8793d1a12c1f6f0f15317d801a4bc41bd8d240cc55a1ce733e09/analysis/
Here it is not being detected by avast's: https://www.virustotal.com/file/fb115bc0323beb3f98618c452e0a9712702cc92df9cd102ac72924055f2bf7fe/analysis/
See: http://zulu.zscaler.com/submission/show/c294b266c752d4eed98d9901d8a4d8eb-1355950799
see: http://www.threatexpert.com/files/mediaplayer.exe.html

pol

[polonus]

Here we can look at the CRDF Threat Center cache results: http://webcache.googleusercontent.com/search?client=flock&channel={flock%3Acontext}&q=cache:UgqMFwuVqokJ:https://threatcenter.crdf.fr/%3FMore%26ID%3D109654%26D%3DCRDF.Adware.Win32.PEx.C.4247702585%2BTROJ_GEN.FCBCBKQ&oe=utf-8&hl=en&ct=clnk  (this because the site seems down aty the mo)

polonus