Monday, March 1, 2010

Chilling rogues on Chile

Shortly after the Haiti earthquake incident, the world is rocked again with the news of the Chile earthquake. And with the wave of searches on google about the Chile earthquake, malware authors have once again taken this opportunity to proliferate rogue antipsyware.

Searches returned from google are generally not suspect, especially if they bear URLs that seem normal. But one particular site (bostonmassduilawyer.com/ypi.php?...chile-earthquake-videos) when accessed will redirect you to http://188.124.5.159/index.html.



This site will display a fake system scan using an HTML page, and clicking anywhere on the page will prompt the user to download the INST.EXE file (SecurityTool fake AV). It also displays annoying popups that feeds FUD to users (FUD: Fear, Uncertainty, Doubt).






INST.EXE is just another Security Tool installer. Shortly after executing, it will display a fake scan showing some bogus results. Attempting to activate it will lead you to a page where they offer you a 2 year software license of $49.95, and a lifetime software license of $79.95. Looks tempting, but it's just a ploy to part you with your money. In truth, it's one hell of a hefty price to pay for such a useless and annoying scareware.




No comments:

Post a Comment