Jump to content

Malwarebytes

Fake sofware

Started by guigui14100, Sep 18 2009 01:03 PM

4 replies to this topic

#1
guigui14100
Posted 18 September 2009 - 01:03 PM

    New Member

  • Members
  • Pip
  • 19 posts 
http://www.thegimp-full.info/fr/

install_www--354-acdseeprobetawi.exe => VT 3/41

install_www--2384-PaintNET.exe => VT 3/41

install_www--2894-gimp.exe => VT 4/41

install_www--3231-XnView.exe => VT 8/41

install_www--3962-GIFAnimator.exe => VT 3/41

install_www--3974-frhtml.exe => VT 8/41

Quote

http://rapidshare.com/files/281769053/logi..._fake_.zip.html

#2
nosirrah
Posted 20 September 2009 - 06:18 AM

    Forum Deity

  • Administrators
  • PipPipPipPipPipPip
  • 5,158 posts
  • Location:Northampton, MA USA
I am going to have to set these to the side , the files are huge and will take more time to process .
Bruce Harrison
Vice President of Research

Posted Image

Follow us: Twitter, Become a fan: Facebook

#3
S!Ri
Posted 29 September 2009 - 12:59 PM

    Forum Deity

  • Moderators
  • PipPipPipPipPipPip
  • 7,101 posts
  • Gender:Male
Those installers are SMS scam.
It installs the legit software but the user needs to send 1 (or more) SMS to netlinkinvest.com

Push $TEMP\Reply.xml
Push http://gw.netlinkinvest.com/checkcode.php?gw=7&document=thegimp-full.info&country=fr&code=$[52]&extra=$R0

hxxp://thegimp-full.info/fr/config_2894.xml
  <?xml version="1.0" encoding="ISO-8859-1" ?> 
- <config>
  <condiciones>http://thegimp-full.info/docs/fr/sol_condiciones.txt</condiciones> 
  <descarga>http://thegimp-full.info/bin/2894/fr/gimp-2.7.0-i686-setup.sfx.exe</descarga> 
  <texto>Pour obtenir votre code d'activation, veuillez envoyez un SMS avec le mot LP au 81015.</texto> 
  <texto2 /> 
  <title>AIDEZ-NOUS A AMELIORER NOTRE SERVICE</title> 
  <subtitle>Ce code d'acces vous permet d'utiliser nos connexion premium afin d'obtenir la meilleure vitesse de telechargement possible.</subtitle> 
  <texto_codigo>Code:</texto_codigo> 
  <texto_gris>SMS+: Cout total du service six euros.</texto_gris> 
  <texto_homepage>Je vais que www.duxet.com soit ma page demarrage.</texto_homepage> 
  <url_homepage>http://www.duxet.com/</url_homepage> 
  </config>

hxxp://thegimp-full.info/uk/config_2894.xml
  <?xml version="1.0" encoding="ISO-8859-1" ?> 
- <config>
  <condiciones>http://thegimp-full.info/docs/en/sol_condiciones.txt</condiciones> 
  <descarga>http://thegimp-full.info/bin/2894/uk/gimp-2.7.0-i686-setup.sfx.exe</descarga> 
  <texto>In order to continue, you must request an installation code.\r\nTo get your code send an SMS with the word CD to 60059</texto> 
  <texto2 /> 
  <title>Help us improve our service!</title> 
  <subtitle>You´re about to use a premium download code, your contribution allows us to provide a better service.</subtitle> 
  <texto_codigo>Code:</texto_codigo> 
  <texto_gris>Cost per SMS four pounds. One SMS needed. Taxes not included.</texto_gris> 
  <texto_homepage>Set www.koower.com as default homepage</texto_homepage> 
  <url_homepage>http://www.koower.com/</url_homepage> 
  </config>

Posted ImageS!Ri
Research Engineer

Posted Image Posted Image

Follow us: Twitter, Become a fan: Facebook

#4
S!Ri
Posted 29 September 2009 - 01:19 PM

    Forum Deity

  • Moderators
  • PipPipPipPipPipPip
  • 7,101 posts
  • Gender:Male
78.129.142.235:

3gpconverter-plus.info
7zip-full.info
alcohol120.net
ares-2008.org
ares-net.org
bittorrent-net.info
divx-player-plus.info
e-mule.nu
emule-2008.net
emule-it.info
emule-proyect.info
free-flashplayer.com
free-flvplayer.com
free-photoscape.com
free-pspvideo.com
free-windows-media-player.com
iexplorer-full.info
mediaplayer-full.info
mesengerplus.org
messenger-2009.info
messenger-soft.info
nerohome.net
new-emule.info
sopcast-tv.info
spybotsearch-full.info
utorrent-net.info
virtualdj-soft.info
vlc-full.info
vvinrar.info
winamp-2009.net
winrar.vg
xvid-codec.org
youtubedownloader-full.info
www-azureus.net
www.3gpconverter-plus.info
www.7zip-full.info
www.ares-net.org
www.directx-9-full.info
www.divx-player-plus.info
www.dvd-shrink-2009.info
www.e-mule.nu
www.emule-2008.net
www.emule-emule.info
www.emule-emule.net
www.emule-it.info
www.emule-proyect.info
www.flashplayer-plus.info
www.free-3gpconverter.com
www.free-ares.info
www.free-flashplayer.com
www.free-messenger.info
www.free-photoscape.com
www.free-virtualdj.com
www.iexplorer-full.info
www.mesengerplus.org
www.messenger-2009.info
www.messenger-messenger.in
www.messenger-messenger.info
www.photscape-full.info
www.shareaza-2009.info
www.sopcast-tv.info
www.spybotsearch-full.info
www.virtualdj-full.net
www.virtualdj-soft.info
www.vlc-full.info
www.vvinrar.info
www.winamp-2009.net
www.winrar.vg
www.www-azureus.net
www.www-emule.org
www.xvid-codec-full.info
www.xvid-codec.org
www.youtubedownloader-full.info
Posted ImageS!Ri
Research Engineer

Posted Image Posted Image

Follow us: Twitter, Become a fan: Facebook

#5
Fatdcuk
Posted 29 September 2009 - 02:25 PM

    Malware BBQ'er

  • Moderators
  • PipPipPipPipPipPip
  • 16,155 posts
  • Gender:Male
  • Location:127.0.0.1
Many thanks S!Ri,

Since the software/applications themselves contain no malicious code then these will not be added to the MBAM database for removal.
Ade Gill
Research Engineer

Posted Image

Follow us: Twitter, Become a fan: Facebook
Back to Newest Rogue Threats · Next Unread Topic →


1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. Malwarebytes Forum
  2. Research Center
  3. Newest Rogue Threats

Products

About

Partners

Follow Us