Malwarebytes Anti-Malware 2011 - New crap in the wild?

In a research I was doing, I came across this domain -malwarebytes.software-2011.net-

Since I'm not able to play with virtual machines, I just took the liberty of entering the website; not worries, nothing could come through the web browser - nothing is able to start any download, period.

I also checked url source code, and what called my attention - before entering the website - was the mention to "Malwarebytes Anti-Malware 2011" and not any known version to us, from the real Malwarebytes Anti-Malware.

I did a search and nothing seems to come out, except for other dubious urls as well. I'm guessing this is something new?

Here's a screenshot of the url

LinkScanner also flagged this as being a bad domain -http://linkscanner.explabs.com/linkscanner/checksite.aspx?NS=ChkOnly&SRC=apps.explabs.com&CS=malwarebytes.software-2011.net

If someone wouldn't mind to check what the thing is all about

 

My LinkScanner says it's safe..

 

That service doesn't verify URL contents in real-time; it gets the data from LinkScanner. It may have happened that nothing was wrong before

But, if you do check with http://linkscanner.explabs.com it will flag it.

 

The download link seems to redirect to here -https://secure.cardtransaction.com/icc-rs/order1.asp?ban=127&TargetSite=FDZ&dn=malwarebytes.software-2011.net&s=Malwarebytes

That clearly is suspicious in the very least, because it should provide a link to both free and paid versions, no? That would be the proper thing to do. Something, IMO, definitely seems off.

 

Hey m00nbl00d, I submitted the url to Anubis, and it will do real-time analysis, but I can't believe the queue... 128 jobs ahead of me and a 17 hour wait! Whoa. Maybe it will go faster than that. If/when something turns up, I'll post back.

 

OK. I actually forgot all about Anubis, but I must confess the waiting times sometimes are boring. lol

A little update. The domain -secure.cardtransaction.com is flagged http://www.urlvoid.com/scan/secure.cardtransaction.com

This all sounds just like a damn phishing scam. People pay for something believing it's Malwarebytes Anti-Malware and end up either with nothing... or maybe with "a lot".

 

Without having looked at it closer my guess is that this is a referrer promotion. If you look at the part dn=malwarebytes.software-2011.net in the above URL that is the referrer string, meaning the people behind the site get paid whenever someone buys Malwarebytes after clicking their link. As to whether you actually get a license when buying through this site is anyones guess.

 

Time Remaining: 15 hours, 49 minutes and 54 seconds (119 jobs in queue)

 

What you say makes sense, but what seems off are the name "Malwarebytes Anti-Malware 2011", when there is no such version, at all, as there never was a version 2010, etc., and the fact that the domain -secure.cardtransaction.com seems to be involved in phishing.

A bit more on this service:

-http://hphosts.blogspot.com/2009/11/if-ya-want-my-money-ya-think-im.html

This all looks like one big scam, IMO.

 

You should get yourself a decent cup of coffee.

 

I just PMd RubbeR DuckY and nosirrah and asked them to take a look at this thread... hopefully they can shed some light.

 

Look what happens when I try to go to the malwarebytes.software-2011.net site, m00nbl00d...

 

It figures!

One more thing that REALLY makes this all thing seem off... better yet 100% off is that at http://www.malwarebytes.org/ there is no mention of whatsoever to affiliations. I believe this is what would allow some third-party person to resell their product? If this was a real deal.

 

I told MBAM to ignore the IP block so I could visit the site.
I went there, but I'll be honest, I don't have the nerve to download that file, even into Sandboxie. I'm chicken. Or, to put it another way, I don't have the skills to play with malware, nor the interest to learn.

 

As I mentioned, I can't play with virtual machines at the moment, because I'm lacking available hard disk for them, but as far as my little research allowed to go, you're led to an URL where you'll have to enter personal info like credit card number.

Example:

http://4.bp.blogspot.com/_gtpf1L0KR...om_-_secure.cardtransaction.com2_-_phishy.gif

Only afterwards you'd be getting some file... whatever it would be... or nothing, at all.

 

Just take a quick look at the icons on the IE browser tabs for the suspected rogue site and then the legit MBAM site.

They didn't do a very good job of copying it, did they?
Also note the difference in MalwareBytes versus Malwarebytes.

 

Affiliates and resellers links: http://www.malwarebytes.org/about.php

 

This really looks legitimate

 

Thanks for pointing that out. I missed it, somehow. lol

 

It does, doesn't it? So does -freedownloadzone.com

-http://hosts-file.net/?s=freedownloadzone.com

The sad thing is, wouldn't it look legitimate to many people This is the reason why phishing keeps existing - it works.

Let's face it, they even placed the real UI in the banner/top part of the website.

 

Look even closer on the front page at the bottom and the following is disclosed.

 

What are you saying with that? That this is a legitimate business? The download link will take to -secure.cardtransaction.com , which apparently is involved in phishing activities, and in the image provided by stackz, you'll see they mention they're affiliated with -freedownloadzone.com , which is also involved in phishing activities.

Not to mention what they offer has extra stuff, when applying to buy this suppose Malwarebytes Anti-Malware 2011.

Or, did I misinterpret you?

-edit-

OK. I do think I misinterpreted you. For other businesses to be able to resell your product, they MUST be your affiliates. They state they aren't, but they are reselling this suppose Malwarebytes Anti-Malware 2011 product. This clearly invokes for a suspicion.

I'm guessing that's what you meant? Or, again, misinterpreting you?

 

This usually happens if you do not use the captcha screen at the bottom:

Get a priority boost

Enter the code that you see in the image on the left and your submission will be analyzed before all automatic submissions.

Al

 

Thanks Al. I knew something must be wrong with that sort of wait time!

 

Unless the nice folks at MBAM were not aware, they now are.

@ Mods, Please de-link any URL's pointing to this site while this is being investigated.

Thanks.