The Latest in IT Security

Rogue business


FakeAV is never really far when you want to find it. Browsing a couple of dubious links was enough to trigger a ‘you are infected’ page. This one is pretending to be from Microsoft Security Essentials:

The file that gets downloaded weighs a heavy (as far as malware goes) 4.58 Mb and comes

VirusTotal report here shows an abysmal detection rate (5/43). The installer is only served if you are referred to the site by a specific domain and the backend server logs your IP address so that you can only request the file 5 times, after which the resource is magically no longer there.

If you would like to analyze this file, you can download a copy here. (The password is infected0726).

When you install the program, you will see something called Security Solution 2011 claiming there are several hundred threats on your PC:

To remove them, you must purchase the software… and it’s not cheap:

And to convince you to buy now, your system will display occasional pop ups such as this one:

Let’s check who is behind this. There are several domains involved in pushing ‘Security Solution 2011′:
Location: Latvia
Location: Netherlands
Backup server: Estonia
Location: Netherlands
Backup server: Estonia

On is also the payment processor and ‘support’ site:

Here is a link to a transaction involving the sale of the fake AV:

The support page boasts it has 24/7 assistance:

And yet its email address does not work:

So much for an award wining billing company…

Jerome Segura

Leave a reply



Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...



Latest Comments