3 replies to this topic

[salmon]

hxxp://www.google.co.uk/url?sa=t&source=web&ct=res&cd=7&url=http%3A%2F%2Finteresting-facts-on-sir-edmund-hillary.kkeaglhm.cc%2F&ei=qve4SqSyGNKZjAfMrIz6BQ&rct=j&q=/interesting-facts-on-sir-edmund&usg=AFQjCNHVZNbB6838I1NMj7rrjRhpoZub9g
sister found it while doing homework

thanks

[Fatdcuk]

Thanks salmon,

It is a redirect script to a fake-scanner page.Here's the download URL for the rogue installer at the bottom of that rabbit hole for me

http://myprotection-zone.com/build206_157.php?cmd=getFile&counter=1&p=WKmimHVlbXCHjsbIo22EhHV8ipnVbWKWY4nT1m6uqI61h8WilnGbk4F5bl%2FVodCjYmFiaGVtmV2WaWGMoNfF16aqb2eL1dZ2Y2ZuZ25nbmuYYorJlG0%3D

[salmon]

It seems to change hxxp://onlinesearch-protect.net/?p=WKmimHVlbXCHjsbIo22EhHV8ipnVbWiMnNah2qduWJjOxaCbkXp%2FWqyopHaSXpmaZGViZGZxlVPVpJHaotahiaWqb2eXlpZvZWpvZGlam5ye
hxxp://myzonesecure.com/?p=WKmimHVlbXCHjsbIo22EhHV8ipnVbWiMnNah2qduWJjOxaCbkXp%2FWqyopHaSXpmaZGViZGZxlVPVpJHaotahiaWqb2eXlpZvZWpvaW9am5ye

[Fatdcuk]

Yeah the fake scanner can shoot you off to assorted download URL's so everytime you go into the rabbit hole you always get a new surprise....they are use once download sources thus making individual installer file sources far harder to track