Author Topic: Another fake-av site detected..  (Read 56147 times)

0 Members and 1 Guest are viewing this topic.

spg SCOTT

  • Guest
Re: Another fake-av site detected..
« Reply #45 on: April 14, 2011, 12:48:15 PM »
If a rogue is reported, and submitted, and subsequently detected...protecting a user at some point or another then there is a purpose in posting...

Dieselman

  • Guest
Re: Another fake-av site detected..
« Reply #46 on: April 14, 2011, 02:54:01 PM »
Well both those sites can give you more info the one person posting a link. Avast should just look at both those sites.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33998
  • malware fighter
Re: Another fake-av site detected..
« Reply #47 on: April 14, 2011, 04:21:10 PM »
You both have a point there, spg SCOTT and Dieselman,

The malcreants start out with launching a new morphed encrypted obfuscated protected version of the same malcreation. This is an ongoing battle between malcreant and the anti-malware makers....
So the cybercriminals test out their new malcreations for it to go under the anti-malware radar, right? What is adding detection for 0-days etc faster - re-scanning, re-scanning, re-scanning.
As soon as the undetected are flagged once protection against it is possible. So I think reporting flagged malware sites and new rogues to avast (and sending the info to virus AT avast dot com too), and posting it to be re-scanned is good. On the other hand this means protection "after the fact", the vulnerability gap is still there and stays open. How to close this further, deminish vulnaribilities used to infect by constantly updating the software of your OS and third party programs (secunia psi) and use sandboxing and script protection to be better protected even,

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33998
  • malware fighter
Re: Another fake-av site detected..
« Reply #48 on: April 16, 2011, 10:33:45 PM »
Another undetected fake av site: htxp://protectionantivscanxp.com/  with mdl_fake AV (these servers often also has zeus/mdl_trojan TDSS on them)...usally they are being taken down rather quickly,

IP initial: see: http://www.ipillion.com/ip/91.213.157.110
Reported there as such
Quote
\"protectxpdriversvirusnow\" is a rogue antivirus site. I had a google redirection virus that kept directing me to that site. The virus apparently started with a \'tdl4 bootkit\', as reporte...
as such not detected: http://www.virustotal.com/file-scan/report.html?id=40842d6f11294476776c1609562b3d979bfd1cbc90b6fac8154a213bf51cfcf6-1298142836
Not detected here: http://wepawet.iseclab.org/domain.php?hash=4317a555e95fd113218c188fdd150b85&type=js
But found to be dangerous here on 4 instances:
flagged by http://global.sitesafety.trendmicro.com/

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33998
  • malware fighter
Re: Another fake-av site detected..
« Reply #49 on: April 18, 2011, 05:24:05 PM »
Another one here: htxp://dl.antivirus-antispy.cw.cm/BestAntivirus2011.exe

5 detections for this TR/ATRAPS.Gen, see
http://www.virustotal.com/file-scan/report.html?id=4361036cada809073bca9b8b56f5b2b59e795099d5f1b567a8a5abe873431ea9-1303139492
Avast does not detect yet,

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Left123

  • There Is No Patch For Human Stupidity.
  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 1048
  • Proud Community Member&Helper.
Re: Another fake-av site detected..
« Reply #50 on: April 18, 2011, 05:27:08 PM »
Another one here: htxp://dl.antivirus-antispy.cw.cm/BestAntivirus2011.exe

5 detections for this TR/ATRAPS.Gen, see
http://www.virustotal.com/file-scan/report.html?id=4361036cada809073bca9b8b56f5b2b59e795099d5f1b567a8a5abe873431ea9-1303139492
Avast does not detect yet,

polonus


You use malwaredomainlist,don't you? ;)
AMD Athlon(tm) X2 Dual-Core Processor 4200+ - 2.20 GHz,3,00 GB RAM -
Browser:Mozilla Firefox +WOT - SoftWare:CCleaner - Windows 7 32 bit
No Anti-Virus

Dieselman

  • Guest
Re: Another fake-av site detected..
« Reply #51 on: April 18, 2011, 05:29:25 PM »
malc0de is also another great site for malware links.

http://malc0de.com/database/
« Last Edit: April 18, 2011, 06:27:18 PM by Dieselman »

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33998
  • malware fighter
Re: Another fake-av site detected..
« Reply #52 on: April 18, 2011, 05:41:14 PM »
Hi Dieselman,

We are not given these sites here, because the unaware can get themselves infected, why do you post it then?
Make it htxp please. Same goes for others, unaware users should not be go there unprotected, just as with jsunpack etc. etc.

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Dieselman

  • Guest
Re: Another fake-av site detected..
« Reply #53 on: April 18, 2011, 05:49:51 PM »
Please read the link and the site before you comment. MalcOde is NOT a malicious site. It's just like Malware Domain List. Mac0de posts links to malicious sites for testing purposes but the site it self is safe. Direct links to malicious sites should be coded with hxxp. But this is not a direct link. Clicking on the malc0de link will NOT directly get you infected. You are posting direct links. I on the other hand are not. Thanks.
« Last Edit: April 18, 2011, 06:40:07 PM by Dieselman »

Dieselman

  • Guest
Re: Another fake-av site detected..
« Reply #54 on: April 18, 2011, 06:32:16 PM »
Warning notice from MDL.

Quote
WARNING: All domains on this website should be considered dangerous. If you do
not know what you are doing here, it is recommended you leave right away. This
website is a resource for security professionals and enthusiasts

Krelnadi

  • Guest
Re: Another fake-av site detected..
« Reply #55 on: April 20, 2011, 04:26:06 AM »
This looks like a new site for the Antispy2011.exe

hxxp:Memoryscannerprotectionwin.com


Got redirected to that site on another website not to long ago

Offline Coolmario88

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1556
  • Bronies make the web go round
Re: Another fake-av site detected..
« Reply #56 on: April 20, 2011, 04:35:34 AM »
Another Fake-av site hxxp://mbr-antivirus.ce.ms/fast-scan/
OS: Windows 11 64-bit
Webbrowser: Mozilla Firefox
PC Specs: Intel i5-12400f, Nvidia RTX 3050, 16gb ram, 1.5TB SSD(s).

Dieselman

  • Guest
Re: Another fake-av site detected..
« Reply #57 on: April 20, 2011, 04:40:56 AM »
Another Fake-av site hxxp://mbr-antivirus.ce.ms/fast-scan/

Stopped by ClearCloud DNS.

Dieselman

  • Guest
Re: Another fake-av site detected..
« Reply #58 on: April 20, 2011, 04:41:42 AM »
This looks like a new site for the Antispy2011.exe

hxxp:Memoryscannerprotectionwin.com


Got redirected to that site on another website not to long ago

Link is dead.

Krelnadi

  • Guest
Re: Another fake-av site detected..
« Reply #59 on: April 20, 2011, 06:03:08 AM »
I wonder if the people doing the fake AV sites are looking on this forum, seems odd the links go down as soon as someone mentions them.

This one is more recent:

hxxp:documentscannerprotectionwin.com
« Last Edit: April 20, 2011, 06:08:03 AM by Krelnadi »