Malware repo gets updated

July 3rd, 2009

This is an update from my previous post. I noticed an update to one of the pages on the malicious site

oymoma-tube.freehostia.com

Check the screen below and see the July 3rd time stamp:

The page hot-tube.htm is now pushing a rogue, namely XP Deluxe Protector, disguised as a free codec:

Upon execution, fake alert messages such as this one:

Eventually the scareware will run:

This sample is poorly detected, especially for being a variant of an already known rogue:

Paretologic detects this file as:

Jerome Segura

Malware ID: dcfe992aa25bb1849c1e9f8c2c5d3c5b.zip

This entry was posted on Friday, July 3rd, 2009 at 8:37 am and is filed under Fake codecs, Rogue software. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Comments:

(0) comments
|
Add your comments