The Latest in IT Security

A New Twist in Fake-warez Malware

26
Jan
2012

It’s been a while since I’ve posted anything from the world of “fake warez” malware.

Last week I came across a site that’s using a different tactic than the “classic” method. On the surface, it looks very similar:

fake-warez site

But when I clicked a sample link (I chose “corel 2000” out of random curiosity), instead of a link to a malware executable coming from a separate (and temporary) malware host, I was presented with a corel_2000_keygen.zip file instead of a malware executable.

When I downloaded and opened the ZIP, I found an EXE file (named corel_2000_keygen.exe of course) and a very small readme.txt file that basically said “run corel_2000_keygen.exe and follow instructions”.

Running the EXE through Virustotal showed that it was very well detected (31/43 hits). (Interestingly, when I ran the ZIP file through, the detection rate dropped to 27/42. I’ll let you draw your own conclusions about that, as a non-password-protected ZIP file doesn’t seem like it should thwart AV analysis….)

–C.L.

Leave a reply


Categories

MONDAY, FEBRUARY 06, 2023
WHITE PAPERS

Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...

Featured

Archives

Latest Comments