Author Topic: Nice Online Fake AV  (Read 4139 times)

0 Members and 1 Guest are viewing this topic.

12-es_csaj

  • Guest
Nice Online Fake AV
« on: January 23, 2011, 02:57:45 PM »
hXXp://freeavscanonline.com/scan1/83 (I hope it is correct)
I was redirected from Google picture searching.

Offline RejZoR

  • Polymorphic Sheep
  • Serious Graphoman
  • *****
  • Posts: 9406
  • We are supersheep, resistance is futile!
    • RejZoR's Flock of Sheep
Re: Nice Online Fake AV
« Reply #1 on: January 23, 2011, 03:05:34 PM »
Target malware served to the user by this fake site is already detected as Win32:Malware-gen :)
Visit my webpage Angry Sheep Blog

12-es_csaj

  • Guest
Re: Nice Online Fake AV
« Reply #2 on: January 23, 2011, 03:07:19 PM »
Target malware served to the user by this fake site is already detected as Win32:Malware-gen :)

Sorry.
My avast! didn't block the site. (- Web Shield on, PUP on, Heuristics - High and so on.)
That's why I crated this thread.

Hermite15

  • Guest
Re: Nice Online Fake AV
« Reply #3 on: January 23, 2011, 03:18:35 PM »
playing with fire, here's what I got in IE9 sandboxed, first theweb site message, and then when closing the dialog box (... yeah in such cases mostly ok and cancel are the same ), I got the IE smartscreen alert.

 In Chrome I got nothing as JS was blocked in the first place.

spg SCOTT

  • Guest
Re: Nice Online Fake AV
« Reply #4 on: January 23, 2011, 04:00:17 PM »
Sorry.
My avast! didn't block the site. (- Web Shield on, PUP on, Heuristics - High and so on.)
That's why I crated this thread.

At the end of all of the "scanning", it offers a scanner to download and fix everything - thats the download that RejZoR  was referring to.

The site could be added to the network shield block list though, have you submitted it yet?

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37506
  • Not a avast user
Re: Nice Online Fake AV
« Reply #5 on: January 23, 2011, 04:07:08 PM »
Quote
The site could be added to the network shield block list though, have you submitted it yet?
These scan URLs are usually dead after a day or two, then they move to a new place..

12-es_csaj

  • Guest
Re: Nice Online Fake AV
« Reply #6 on: January 23, 2011, 04:12:11 PM »
Sorry.
My avast! didn't block the site. (- Web Shield on, PUP on, Heuristics - High and so on.)
That's why I crated this thread.

At the end of all of the "scanning", it offers a scanner to download and fix everything - thats the download that RejZoR  was referring to.

The site could be added to the network shield block list though, have you submitted it yet?

avast! Web Shield doesn't detect the exe file before it tries to enter the PC after the scan.
Why Web Shield doesn't block the site itself.
Why?

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37506
  • Not a avast user
Re: Nice Online Fake AV
« Reply #7 on: January 23, 2011, 04:26:36 PM »
Quote
Why Web Shield doesn't block the site itself.
see my post above...

Hermite15

  • Guest
Re: Nice Online Fake AV
« Reply #8 on: January 23, 2011, 04:28:48 PM »
the web shield doesn't block sites, but drive by downloads of malware while browsing (so links to such data when connection is attempted and malware content is detected). The web shield analyses data, not URLs. Network shield does block sites, and this address could or should have been added to the blacklist, but as Pondus said, these URL don't exist very long.

Offline RejZoR

  • Polymorphic Sheep
  • Serious Graphoman
  • *****
  • Posts: 9406
  • We are supersheep, resistance is futile!
    • RejZoR's Flock of Sheep
Re: Nice Online Fake AV
« Reply #9 on: January 23, 2011, 11:12:20 PM »
The fake antivirus itself is harmless. It's just a webpage. The stuff that gets downloaded later is what's really malicious. It will probably get blacklisted prettty soon in Network Shield.
Visit my webpage Angry Sheep Blog