- What’s in a (rogue) name? VirusTotal 2010
- Malicious warez site offers Firefox 4.0 beta download scam
- Rogue downloads look real: read the fine print
- Obama, birth certificates, and Rogue AV
Our intrepid rogue AV hunter, Patrick Jordan, spotted new ways on how FakeRean is currently being distributed online, and by the looks of things, the bad guys behind it have not only casted a wider net but also went, erm, hard-core. Case in point:
The above page is found on SourceForge.net, a prominent repository of open-source software, as a profile page. Of course, it wouldn't matter whether you're 18 or not, you still get a free but malicious software to download and run on your systems once you click any of the buttons there. This software is a PDF exploit that, once installed, drops and also installs FakeRean. We detect the exploit as Exploit.PDF-JS.Gen (v).
Doing a simple search yields results that show a prevailing problem within the said domain.
This SourceForge profile URL, and some 100+ other varying Web page URLs, is contained on imonline(dot)nl(slash)ukabefijac.
Some of Jordan's finds regarding these Web pages involve prominent domain names, which includes (but are not limited to) the following:
- Flickr
- Yahoo!
- Scribd
- TED
- Formspring
- Posterous
- Box.Net
All URLs are redirect via seoholding(dot)com. Fortunately, VIPRE users are already protected from this domain if they are accidentally diverted to it.
We advise Internet users to be careful when clicking image and text links online. Be extra careful, if not steer clear all together, when visiting online profiles hosted on any site that look suspicious.
Jovi Umawing (Thanks to Patrick for finding this and Chris for the assist)
No comments:
Post a Comment