Swatkat's rants

  • Subscribe to our RSS feed.
  • Twitter
  • StumbleUpon
  • Reddit
  • Facebook
  • Digg

Sunday, 7 September 2008

PrivateContent and fake Google Toolbar BHO

Posted on 04:27 by Unknown
The gang behind rogue security software has taken new approach to peddle malware. Instead of fake codecs, now they are offering some kind of "Access Code Generator" called PrivateContent, using which one can supposedly access online videos. Obviously, this access code generator is a fake!



PrivateContent.exe is hosted at http://teens.niche-planet.com and is not very well detected as of now. Here's the VirusTotal scan result (complete scan results can be found here):

File PrivateContent.exe
AntiVir 7.8.1.28 - TR/Drop.Agent.vsu
Prevx1 V2 - Malicious Software
Webwasher-Gateway - Trojan.Drop.Agent.vsu

PrivateContent.exe drops a DLL named googletoolbar1.dll in %ProgramFiles%\Google\ directory. This DLL is registered as an Internet Explorer BHO. HijackThis entry for this BHO is as shown below:

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4D91-8333-CF10577473F7} - C:\Program Files\Google\googletoolbar1.dll

Surprisingly, this fake googletoolbar1.dll is not detected by any of the AVs at VirusTotal (scan results can be found here).

Googletoolbar1.dll generates popups/ads and tries to install rogue security software. Check out below screenshots which show fake googletoolbar1.dll in action!



Email ThisBlogThis!Share to XShare to FacebookShare to Pinterest
Posted in | No comments
Newer Post Older Post Home

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Popular Posts

  • Ax Video Plugin
    Ax Video Plugin is one of the latest fake codec/plugin in the block. The site http://axvideodownload.com/ uses the same old fake "Vide...
  • Spyware Guard 2008
    Spyware Guard 2008 is a new rogue application. Does that name sound familiar? Well, yes, there is a legitimate application named SpywareGuar...
  • Javacool EULAlyzer!
    Have you ever read those ultra-long EULA (End User License Agreement) pages while you are installing any software? I think no one will read ...
  • Zlob brings back fake MP3s!
    Last August, I had blogged about Zlob gang using fake MP3 download sites to push their malware (link here ). Afterwards, we started to see m...
  • Myphonegames.co.uk hacked?!
    It seems that some pages of a mobile-phone games website www.myphonegames.co.uk have been hacked to execute malicious looking Javascript. A...
  • twitcurl - C++ twitter API library
    twitcurl is an open-source pure C++ library for twitter REST APIs. Currently, it has support for most of the twitter APIs and it will be upd...
  • DomPlayer - Rogue Multimedia Player
    DomPlayer is a new rogue multimedia player on the loose. The gang behind DomPlayer is making use of fake video files (available as torrents)...
  • Some new malware - a.exe, gop.exe etc
    We have some "new" malware this time, ranging from trojans to rootkits. One of them is a trojan which detected by some of the AVs ...
  • ThinkPoint rogue antivirus
    ThinkPoint is a new addition to the long list of rogue antivirus programs. ThinkPoint uses fake codec download tricks for its distribution. ...
  • Removing Mailbot.AZ (aka Rustok.A) Rootkit
    Mailbot.AZ (also known as PE386 or Rustock.A) is a kernel mode rootkit backdoor virus. It contains only one file-its driver-and it is stored...

Categories

  • a.exe
  • Autohotkey
  • C++
  • fake mp3 downloads
  • gop.exe
  • NewMediaCodec
  • OAuth
  • Orkut hating virus
  • Privacy Protector
  • rootkit
  • SysProt AntiRootkit
  • TDSServ rootkit removal
  • twitCurl
  • twitter
  • Udefender
  • Ultimate Cleaner
  • vdo_
  • Zlob
  • Zlob rootkit

Blog Archive

  • ►  2013 (1)
    • ►  June (1)
  • ►  2010 (6)
    • ►  October (2)
    • ►  September (2)
    • ►  July (1)
    • ►  April (1)
  • ►  2009 (12)
    • ►  September (1)
    • ►  May (1)
    • ►  April (1)
    • ►  March (4)
    • ►  January (5)
  • ▼  2008 (44)
    • ►  December (6)
    • ►  November (6)
    • ►  October (4)
    • ▼  September (15)
      • Zlob fake codec updates
      • Zlob fake codec updates
      • Zlob fake codec updates
      • Total Secure 2009 and Google search poisoning
      • Zlob fake codec updates
      • More fake MP3 download sites
      • Zlob fake codec updates
      • Zlob fake codec updates
      • AntiVirus 2009 updates
      • Antispyware Pro XP
      • Zlob fake codec updates
      • PrivateContent and fake Google Toolbar BHO
      • Fake Windows Media Player!
      • Zlob fake codec updates
      • Windows Filtering Platform (WFP) user mode examples
    • ►  August (2)
    • ►  June (2)
    • ►  May (1)
    • ►  April (1)
    • ►  March (6)
    • ►  January (1)
  • ►  2007 (38)
    • ►  December (1)
    • ►  November (2)
    • ►  October (9)
    • ►  September (2)
    • ►  August (8)
    • ►  July (11)
    • ►  June (3)
    • ►  March (2)
  • ►  2006 (6)
    • ►  September (1)
    • ►  August (2)
    • ►  May (1)
    • ►  February (2)
  • ►  2005 (30)
    • ►  December (2)
    • ►  November (2)
    • ►  October (4)
    • ►  September (5)
    • ►  August (11)
    • ►  July (6)
Powered by Blogger.

About Me

Unknown
View my complete profile