Swatkat's rants

  • Subscribe to our RSS feed.
  • Twitter
  • StumbleUpon
  • Reddit
  • Facebook
  • Digg

Sunday, 26 October 2008

Fake DivX codec

Posted on 01:36 by Unknown
Here's a new Zlob fake codec variant, which touts itself as DivX codec. The dropper is named as DivXCodecPKG.7.exe and is hosted at http://softawe-download-forpc.com (66.232.126.78). Whois information for this domain can be found here.



As of now, detection by AVs are not good. VirusTotal scan result can be found here.
Read More
Posted in | No comments

Tuesday, 21 October 2008

Chandrayaan-1 launched successfully

Posted on 19:20 by Unknown
Quick update! The Chandrayaan-1 has been successfully launched and placed in its orbit. Get more info here.
Read More
Posted in | No comments

Chandrayaan-1 – The countdown begins!

Posted on 08:02 by Unknown
Chandrayaan-1 is an unmanned Lunar exploration mission by the Indian Space Research Organization, and is also first Moon mission by India.



Chandrayaan is carrying 12 payloads - 6 Indian and 6 from other International space agencies - for conducting various experiments. More information about Chandrayaan is available here:

Chandrayaan-1 Mission brochure
Chandrayaan-1 photos
Payloads and experiments
PSLV Launch Vehicle

And, we are all set for launch! The launch is scheduled on 22nd October 2008, 0550 hrs IST. Catch the live webcast at the ISRO website.
Read More
Posted in | No comments

Wednesday, 1 October 2008

Spyware Guard 2008

Posted on 08:42 by Unknown
Spyware Guard 2008 is a new rogue application. Does that name sound familiar? Well, yes, there is a legitimate application named SpywareGuard (note that there is no space between Spyware and Guard, and there is no 2008) from Javacool Software. Please do not get confused!!

Spyware Guard 2008 is hosted at www.spywareguard2008.com (67.19.176.187), registered by ESTDomains (whois lookup). Here's a screenshot of the website:



The IP address 67.19.176.187 also hosts a fake online video page, with the domain name http://porn-movies-online.net. This page pushes yet another variant of Zlob fake codec hosted at http://pyroscanner.com (67.19.176.188).



By the way, the Spyware Guard 2008 installer is named as SpywareGuard2008.exe, and here's how the rogue application looks:



VirusTotal scan results of the installer can be found here. Stay away from this rogue!

Update: SpywareGuard2008 removal guide can be found here.
Read More
Posted in | No comments
Newer Posts Older Posts Home
Subscribe to: Posts (Atom)

Popular Posts

  • Ax Video Plugin
    Ax Video Plugin is one of the latest fake codec/plugin in the block. The site http://axvideodownload.com/ uses the same old fake "Vide...
  • Spyware Guard 2008
    Spyware Guard 2008 is a new rogue application. Does that name sound familiar? Well, yes, there is a legitimate application named SpywareGuar...
  • Javacool EULAlyzer!
    Have you ever read those ultra-long EULA (End User License Agreement) pages while you are installing any software? I think no one will read ...
  • Zlob brings back fake MP3s!
    Last August, I had blogged about Zlob gang using fake MP3 download sites to push their malware (link here ). Afterwards, we started to see m...
  • Myphonegames.co.uk hacked?!
    It seems that some pages of a mobile-phone games website www.myphonegames.co.uk have been hacked to execute malicious looking Javascript. A...
  • twitcurl - C++ twitter API library
    twitcurl is an open-source pure C++ library for twitter REST APIs. Currently, it has support for most of the twitter APIs and it will be upd...
  • DomPlayer - Rogue Multimedia Player
    DomPlayer is a new rogue multimedia player on the loose. The gang behind DomPlayer is making use of fake video files (available as torrents)...
  • Some new malware - a.exe, gop.exe etc
    We have some "new" malware this time, ranging from trojans to rootkits. One of them is a trojan which detected by some of the AVs ...
  • ThinkPoint rogue antivirus
    ThinkPoint is a new addition to the long list of rogue antivirus programs. ThinkPoint uses fake codec download tricks for its distribution. ...
  • Removing Mailbot.AZ (aka Rustok.A) Rootkit
    Mailbot.AZ (also known as PE386 or Rustock.A) is a kernel mode rootkit backdoor virus. It contains only one file-its driver-and it is stored...

Categories

  • a.exe
  • Autohotkey
  • C++
  • fake mp3 downloads
  • gop.exe
  • NewMediaCodec
  • OAuth
  • Orkut hating virus
  • Privacy Protector
  • rootkit
  • SysProt AntiRootkit
  • TDSServ rootkit removal
  • twitCurl
  • twitter
  • Udefender
  • Ultimate Cleaner
  • vdo_
  • Zlob
  • Zlob rootkit

Blog Archive

  • ►  2013 (1)
    • ►  June (1)
  • ►  2010 (6)
    • ►  October (2)
    • ►  September (2)
    • ►  July (1)
    • ►  April (1)
  • ►  2009 (12)
    • ►  September (1)
    • ►  May (1)
    • ►  April (1)
    • ►  March (4)
    • ►  January (5)
  • ▼  2008 (44)
    • ►  December (6)
    • ►  November (6)
    • ▼  October (4)
      • Fake DivX codec
      • Chandrayaan-1 launched successfully
      • Chandrayaan-1 – The countdown begins!
      • Spyware Guard 2008
    • ►  September (15)
    • ►  August (2)
    • ►  June (2)
    • ►  May (1)
    • ►  April (1)
    • ►  March (6)
    • ►  January (1)
  • ►  2007 (38)
    • ►  December (1)
    • ►  November (2)
    • ►  October (9)
    • ►  September (2)
    • ►  August (8)
    • ►  July (11)
    • ►  June (3)
    • ►  March (2)
  • ►  2006 (6)
    • ►  September (1)
    • ►  August (2)
    • ►  May (1)
    • ►  February (2)
  • ►  2005 (30)
    • ►  December (2)
    • ►  November (2)
    • ►  October (4)
    • ►  September (5)
    • ►  August (11)
    • ►  July (6)
Powered by Blogger.

About Me

Unknown
View my complete profile