Help - Search - Members - Calendar
Full Version: Fake malwarebytes site
Malwarebytes Forum > Research Center > Newest Rogue Threats
sursmurf
Jun 9 2009, 05:34 PM
CODE
hXXp://malware-bytes.info/

hXXp://malware-bytes.info/es/mbamsetup.exe

VT 0/40

more on the same theme

CODE
hXXp://mesengerplus.org/

hXXp://mesengerplus.org/es/MsgPlusLive479.exe

VT 0/40
Matthew P
Jun 9 2009, 06:18 PM
It's in Spanish. Google Translator shows that they are saying

QUOTE
This page does not belong to any affiliate program. This program should be based on the rules of intellectual property, you can get the version of this program for free from the official website. Not permitted the use of crack, serial or keygen. This site is not responsible for making improper use of the program.

Sounds like the old audacity Scam they had going were they would claim they weren't selling the product but rather a space to download it for a fee.
I think they still got shutdown though. Thank Gosh!
sursmurf
Jun 9 2009, 06:32 PM
Accoring to threatexpert

http://www.threatexpert.com/report.aspx?md...06860bd3b9b6e6a

it installs %System%\drivers\gsoxqiv.sys

MD5:589312A3B46721C5A751E4D5222A89BE

[VT 7/40]
http://www.virustotal.com/analisis/03cbe6d...69ae-1244546502
nosirrah
Jun 9 2009, 06:40 PM
Win-Trojan/Avenger.61440

Yes , this the FP against our driver .
MysteryFCM
Jun 9 2009, 09:50 PM
malware-bytes.info = 78.129.142.28 = RapidSwitch;

http://hphosts.blogspot.com/2008/09/242-re...-781291429.html
http://hphosts.blogspot.com/2009/02/rapids...nvolved-in.html
http://hphosts.blogspot.com/2009/03/adobe9...ions-group.html
http://hphosts.blogspot.com/2009/04/zlkonl...rently-not.html
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Invision Power Board © 2001-2010 Invision Power Services, Inc.