Spyware Warrior Spyware Warrior
Help with Spyware, Hijacking & Other Internet Nuisances
 
FAQ :: Search :: Memberlist :: Usergroups :: Register
Profile :: Log in to check your private messages :: Log in

More headline trolling (oh, and turn OFF that cell phone!)

 
Post new topic   Reply to topic    Spyware Warrior Forum Index -> Security Notices & News
View previous topic :: View next topic  
Author Message
datababe
Warrior


Joined: 13 Dec 2004
Last Visit: 10 Oct 2012
Posts: 217
Location: Inside your head

PostPosted: Tue Sep 29, 2009 8:03 pm    Post subject: More headline trolling (oh, and turn OFF that cell phone!) Reply with quote

Whaddya know. A search for "Hugh Jackman cell phone" (I'm heartily applauding how he handled that, BTW) turned up among other things a "Poll asking what you thought of Hugh Jackman breaking character to tell an audience member to shut down his/her cell phone", supposedly at:

hxxp://greenmomsDOTcom/elite/hugh-jackman-cell-phoneDOThtml

(broken link, of course Wink)

I honestly did want to throw in my vote. Razz However, one of my browsers (one with javascript enabled) was immediately redirected to:

hxxp://totalcomputerscan12DOTcom
(there's another called mycompscanner07DOTcom, and no doubt many other varations)

which proceeded to inform me "Warning!!! Your computer needs to be completely scanned! Total Security can perform fast and free virus and malicious software scan of your computer."

Clicking the "cancel" button on the popup took me straight to a helpful "online scan" (hey, I said CANCEL!) that took only a few moments to find all sorts of scary stuff, including Virut, after "scanning" drives and folders that do not exist on the computer in question (wow, these guys are goooood...). I was then further informed that my computer "remains infected by threats!" and another click of "cancel" promptly kicked off a download attempt of a file titled Soft_207.exe.

Current Virustotal results on that goodie here:

http://www.virustotal.com/analisis/d1c0ffd7c16907bcc4ac584734e2c5c86ab5110f71a9673ea7035c649d7b8153-1254272860

Looks like someone else beat me to the first upload by a few hours. I need to get quicker on the draw, lol.

p.s. I tool pictures of the shennanigans - the "Windows Security Alert" popup was quite authentic looking - if anyone wants a peek, let me know. I'll slap a rough webpage together later; now I need to go to bed before I turn into a pumpkin. Rolling eyes
_________________
- Datababe
Until you spread your wings, you'll have no idea how far you can walk.
http://redoakranch.x10hosting.com
http://datababe007.blogspot.com
Back to top
View user's profile Send private message Visit poster's website
suzi
Site Admin


Joined: 27 Jul 2003
Last Visit: 26 Aug 2014
Posts: 10323
Location: sunny California

PostPosted: Tue Sep 29, 2009 9:36 pm    Post subject: Reply with quote

Really bad AV detection of that file now. Hopefully they will get it added asap. Thanks for the heads up.
_________________
Former Microsoft MVP 2005-2009, Consumer Security
Please do not PM or Email me for personal support. Post in the Forums instead and we will all learn. Smile
Back to top
View user's profile Send private message Visit poster's website
datababe
Warrior


Joined: 13 Dec 2004
Last Visit: 10 Oct 2012
Posts: 217
Location: Inside your head

PostPosted: Wed Sep 30, 2009 5:01 am    Post subject: Reply with quote

The latest update of Malwarebytes Anti-Malware (as of this morning) does detect this .exe as Win32/TotalSecurity.A. I haven't had a chance to throw anything else at it yet (my Windoze test box is slower than January molasses).

And Hugh Jackman thinks cell phones are aggravating... Wink
_________________
- Datababe
Until you spread your wings, you'll have no idea how far you can walk.
http://redoakranch.x10hosting.com
http://datababe007.blogspot.com
Back to top
View user's profile Send private message Visit poster's website
Chao284
Warrior


Joined: 06 Sep 2004
Last Visit: 09 Dec 2013
Posts: 220
Location: Bremerton, WA

PostPosted: Sun Oct 04, 2009 8:21 pm    Post subject: Reply with quote

datababe wrote:
The latest update of Malwarebytes Anti-Malware (as of this morning) does detect this .exe as Win32/TotalSecurity.A. I haven't had a chance to throw anything else at it yet (my Windoze test box is slower than January molasses).

And Hugh Jackman thinks cell phones are aggravating... Wink
Well not all it seems like one nasty Fake AV, but it seems like a attempt to contact to download a rootkit like the Mebroot worm and that means making your computer a botnet as usual.
Back to top
View user's profile Send private message
datababe
Warrior


Joined: 13 Dec 2004
Last Visit: 10 Oct 2012
Posts: 217
Location: Inside your head

PostPosted: Mon Oct 05, 2009 4:39 am    Post subject: Reply with quote

This is why the test box doesn't talk to the 'net. And why even tho I was not running on a Windows machine when I first got redirected, after the first (not)cancel I switched to yet another computer that isn't running Windows either - or running anything from any hard drive at all.

Given the minor splash this news event made, it does raise the question of how many machines out there did get assimilated. Rolling Eyes
_________________
- Datababe
Until you spread your wings, you'll have no idea how far you can walk.
http://redoakranch.x10hosting.com
http://datababe007.blogspot.com
Back to top
View user's profile Send private message Visit poster's website
Chao284
Warrior


Joined: 06 Sep 2004
Last Visit: 09 Dec 2013
Posts: 220
Location: Bremerton, WA

PostPosted: Wed Oct 07, 2009 2:00 am    Post subject: Reply with quote

datababe wrote:
This is why the test box doesn't talk to the 'net. And why even tho I was not running on a Windows machine when I first got redirected, after the first (not)cancel I switched to yet another computer that isn't running Windows either - or running anything from any hard drive at all.

Given the minor splash this news event made, it does raise the question of how many machines out there did get assimilated. Rolling Eyes


Lucky for me I turn Active Scripting off IE, and NoScript on Forefox blocks this stuff, so I am aware of the issue.
Back to top
View user's profile Send private message
datababe
Warrior


Joined: 13 Dec 2004
Last Visit: 10 Oct 2012
Posts: 217
Location: Inside your head

PostPosted: Sun Oct 11, 2009 4:18 am    Post subject: Reply with quote

Y'know, running NoScript and watching all the stuff it blocks has made me so keenly aware of the massive (and sometimes malicious) background activity of many websites, I really can't imagine bouncing around the intarwebs with all the little interactive bells and whistles of <insert any browser here> blindly enabled. Am I "hindering the full web experience" (or something like that) for myself? I suppose so.

But I just can't bring myself to put that level of trust in a bunch of strangers. Wink
_________________
- Datababe
Until you spread your wings, you'll have no idea how far you can walk.
http://redoakranch.x10hosting.com
http://datababe007.blogspot.com
Back to top
View user's profile Send private message Visit poster's website
Display posts from previous:   
Post new topic   Reply to topic    Spyware Warrior Forum Index -> Security Notices & News All times are GMT - 8 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



smartBlue Style © 2002 Smartor
Powered by phpBB © 2001, 2002 phpBB Group