Malwarebytes Anti-Malware 2011 - New crap in the wild?

Discussion in 'malware problems & news' started by m00nbl00d, Jan 19, 2011.

Thread Status:
Not open for further replies.
  1. Page42

    Page42 Registered Member

    Joined:
    Jun 18, 2007
    Posts:
    6,655
    Location:
    USA
  2. SweX

    SweX Registered Member

    Joined:
    Apr 21, 2007
    Posts:
    6,429
    Yea what a shame it would be waiting all those hours and then forget to post the analysis :D Thanks!
     
  3. Page42

    Page42 Registered Member

    Joined:
    Jun 18, 2007
    Posts:
    6,655
    Location:
    USA
    But not much in the way of feed back is forthcoming from them, is it?
    Perhaps this is simply one case out of a great many, and it's really no big deal.
     
  4. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    There are a "few" (Just a nice word, isn't it? ;) ) more cases, just like using avast! brand, etc.

    These folks really are into it. All paths will lead to Rome -freedownloadzone.com and -securecardtransaction.com

    It's interesting, and I'll be going just a bit off-topic, but just trying to make my point seen the best way possible.

    Companies like record companies, etc are trying, and achieving I'd say, at least here in European Union, to force ISPs into spying their costumers and break/slow down their Internet speed due to illegal downloads.

    If they can force ISPs into this, why don't governments force ISPs not to host these kind of crap phishing services, malware hosting domains, etc? If they do, punish them severely. If a country's ISP outside European Union, U.S and others, is hosting this kind of scam, then FORCE that country's government to take an action with the threat of closing market with them. Simple.

    Some people would be surprised by the amount of hosted proof domains. Why doesn't anyone do a thing about it, in the first place? Not in their best interest? This makes me wonder, honestly.

    The more I dig and the more I try/or understand, that's the conclusion I take. Anyone else is free to take theirs.

    But, aren't you all just tired of this crap? I'm 99% confident that, if it weren't for me, some of my relatives would fall for this crap, because they simply do not know any better.
    Unfortunately, not everyone has someone like "me" in the family, do they? No, and what happens? They'll fall for these scams. ;(
     
  5. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    The problem is not being just ONE phishing scam, the problem is that there are so many, and it shows one thing: People fall for them, otherwise they wouldn't keep making these schemes to trick people.

    The other problem is that there seems to be little interest into ending with such schemes. o_O

    Threaten the source: ISPs. (As I previously mentioned.)
     
  6. RubbeR DuckY

    RubbeR DuckY Developer

    Joined:
    Jul 7, 2006
    Posts:
    228
    I didn't get a chance to read this whole thread, but, as I am sure you are already aware -- THIS IS A SCAM.
     
  7. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    Yes, it's a scam. Yes, we do know. Yes, most of us - here, at Wilders - would investigate it further, if facing such a situation.

    But, what about the rest? What about someone looking to buy Malwarebytes, because they heard about it now or sometime ago, and would face with such a scam, without knowing it's a scam?

    Please, note that I'm not targeting Malwarebytes here; this is just one SMALL example. The scenario is way worst than this.

    But, I'm wondering if there aren't any legal procedures the antimalware industry, perhaps in coordination with governments, could take to force ISPs to end with such scams? After all, those fake services are using your brands.

    After all, if other type of companies (like record companies) can force ISPs to do things, I want to believe they would feel compelled to bring these services down as well. This is a way more serious problem than downloading illegal stuff. Yeah, unfortunately, end-users don't have the POWER one of those big record companies have.

    There's no real point to try to bring down just one service; one other will appear in its place, that's for sure. It needs to go beyond that, at the ISP level.

    Kind regards
     
  8. MinDokan

    MinDokan Registered Member

    Joined:
    Sep 16, 2010
    Posts:
    44
  9. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    I hope not to sound rude, but I don't see what that really matters?

    First, everyone has to be aware of such scams; which is not a real scenario. And, by not being a real scenario, how would most people know they should avoid such links? Please, not that not everyone is aware of applications like WOT, that rate websites. And even the people behind such security services, need to be aware of such scam services. So, these applications, for how hard work the people behind them have, they'll always be way behind the bad people.

    I do applaud the work and effort these people put in their work, but the reality is that the schemes exist and prevail and many people are falling to such scams.

    Sorry if I sound like a broken record, but the solution is not security applications. The solution, when awareness/education lacks, is to fight these scams at the ISP level.

    As I already mentioned, I know better - I found it suspicious - and I wasn't even looking into buying Malwarebytes Anti-Malware. I was just doing some research.

    I'm sure you wouldn't fall for it. The same way I'm 99,99% confident some people I know would, if they wouldn't ask me first about it.
     
  10. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    This one really is a great laugh!!!

    avast! time -avast.software-2011.net

    Now, it seems that it was avast!... wait a moment... AVAST 2011... is the original antimalware application to include LinkScanner. AVG stole it, I guess. :D

    LinkScanner is real, and so was Exploit Prevention Labs, which was bought by AVG.

    Damn AVG, stealing others ideas and concepts! Shame on you! :D

    -avg.software-2011.net

    I guess it would be confusing to name it AVG 2011, considering the real one is AVG 2011. :D

    The list goes on. I didn't check all security vendors, but my very wild guess is that, at least, the well known ones are being stolen their brands to trick people.
     
  11. nosirrah

    nosirrah Malware Fighter

    Joined:
    Aug 25, 2006
    Posts:
    561
    Location:
    Cummington MA USA
    The site should now be terminated.
     
  12. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    Yes, the domain software-2011.net no longer resolves. :)
     
  13. Page42

    Page42 Registered Member

    Joined:
    Jun 18, 2007
    Posts:
    6,655
    Location:
    USA
    Wtg, m00nbl00d. It was your "investigative reporting" that resulted in the death of that PITA site.:thumb:
     
  14. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    Unfortunately, there are so many out there.

    -edit-

    I wonder why the domain -secure.cardtransaction.com could not be taken down?

    Legal issues? This phishing domain alone is interconnected with so many other websites serving as decoy for their phishing activity.
     
  15. RubbeR DuckY

    RubbeR DuckY Developer

    Joined:
    Jul 7, 2006
    Posts:
    228
    All,

    Thank you for your contributions -- to my knowledge Steven from Malwarebytes had the domain taken down. If you ever see another one, do not hesitate to contact us and we will do anything we can to get it taken down.

    Thanks again! :)
     
  16. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    Would you like to bite a bit more? ;)

    I was... well... once more researching some stuff, and was like: What the heck, let me "mistakenly" type malwarebites instead of malwarebytes.

    Note: By the way, I use -https://eu.ixquick.com as my search engine.

    As one of the displayed sponsored ads, there was something for Malwarebites.
    OK. Could it be just a typo? We're all humans, why not? Right? OK. Then again, this is a sponsored ad; is this really just a typo or something more?

    Proceeding, and all I've done was to investigate URLs and what they actually contain; basically I dissected them.
    As I previously mentioned, I don't have any working virtual machines, so I couldn't download the executable and see what would come up.

    By first verifying the domain against any known blacklists, this is what I came up with: -http://www.urlvoid.com/scan/anti-malware-2011.com

    Only TrendMicro Web Reputation flags it so far. Well, further research ahead, seemed to be the best bet to see if it was something malicious.

    After I started to analyze the website source code, I got this URL, which I analyzed with Wepawet.

    It labels it as being suspicious. OK, this was enough to make me go ahead, plus the source coming from a sponsored ad made it be 2* suspicious for me.

    OK. Time to analyze the other URL in the section Additional (potential) malware:, which brought this up.

    Again suspicious! More wish to go ahead! This lead me then to Anubis report.

    Considering I cannot testify whether or not this is in fact a rogue pretending to be Malwarebytes, would someone be capable of doing it? I do find the fact the name Malwarebites is used, somewhat points in that direction, though.

    Thanks a lot, and sorry for this sort of testament! :D


    Kind regards
     
  17. wat0114

    wat0114 Guest

    Re: Would you like to bite a bit more? ;)

    Hi m00nbl00d,

    I tried it out in my Win7x64 vm, the results of which are in the screenshots... It installed okay but it won't run in a vm, could this mean it's vm-aware malware? Note the Verified Publisher (signed using authenticode, so it is trusted by local computer) UAC prompt.
     

    Attached Files:

    Last edited by a moderator: Jan 23, 2011
  18. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    Most likely...

    Researching for SecureSoft + antimalware pro 04, I came to this old COMODO forum thread: -http://forums.comodo.com/news-announcements-feedback-cis/another-bypass-t66490.0.html

    Have you uploaded it to VirusTotal? I "uploaded" the URL and only 3 detect something. I wonder how many do detect the installer?

    -edit-

    Searching for the executable brings this:

    -http://www.prevx.com/filenames/131856593137585157-X1/ANTIMALWARE-PRO-V04.EXE.html

    -http://forums.malwarebytes.org/index.php?showtopic=45833 (someone who needed to clean the system. :D)
     
    Last edited: Jan 23, 2011
  19. wat0114

    wat0114 Guest

    Did not upload it, but MBAM detects the installer as a rogue. Pretty clever with its eula and UAC verified publisher prompt it generates. I did not notice any grammar or syntax errors either when installing it, although I didn't check too thoroughly.
     

    Attached Files:

  20. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    Yeah... But, take a close look at both the UAC alert and at the EULA. You'll find something that would indicate something would be most definitely wrong, IMO.

    UAC alerts show as Publisher SecureSoft, but in the EULA it's mentioned Gisnet Corp.

    I don't believe it's normal for a publisher to be one, and then in EULA a different name is given for the company.
     
  21. wat0114

    wat0114 Guest

    Yes, I saw that difference and thought it odd, but I doubt the average person "willing" to install this stuff would notice, because very few read the eula. I couldn't find any info on Gisnet that's antivirus-related.
     
  22. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    Yes, indeed... the mister and miss "happy clickers".
     
  23. wat0114

    wat0114 Guest

    In spite of the clever "marketing" schemes these rogue producers employ, I still can't help but feel they're not at all a threat if one uses even a modicum of common sense when seeking an anti-malware product; visit and download the products from legit websites such as Symantec.com or McAfee.com, don't take the bait when it suddenly appears uninitiated on the screen and starts scanning on its own, seek advice from computer-savvy family members or friends...etc. it's incredible that so many, it seems, are getting duped by these scams, but I guess the odds are still in the favor of the scammers because through the Internet it's so incredibly easy to target thousands of people in a very short time, and out of those thousands if they can scam a hundred people (a very small percentage of the target base), they're making pretty good coin.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.