A couple warnings related to fake security sites



Sunbelt has this warning about yet another fake security site. This one is laid out a bit different than the others we’ve seen in recent days. It’s not quite the same spoof of the Windows Security Center, but it makes use of Microsoft’s security logo. (And it does say Security Center at the top of the page along with “Help protect your pc”.) From sunbelt…

For your block lists:
amaena[dot]com


The page basically says… “Attention! Security center has detected spyware on your pc sending private information and documents to remote computer. One of the processes (Win32res.exe) has just sent this information:”

Followed by

IP address:
Browser:
Computer OS:
Full PC Control: gained
sent information: approximately 17 Megabytes.

Your current security software is unable to stop this kind ofr spyware. To clean up your computer and prevent further possibilities to be infected you need to download one of these security softwares.
winantiviruspro 2006, winfixer 2005 and winantispyware 2005 are listed…..

They’re also warning about vcodec which may well be related to the other spoofed security center sites…

Our spyware researchers have been investigating Vcodec.com. This is a site that has a program called “VCodec v3.05b is new generation multimedia compressor/decompressor which registers into the Windows collection of multimedia drivers…”

After it’s installed, it does great multimedia things like popup a bubble in the system tray over what looks like the automatic updates icon saying “Your computer is infected! Dangerous malware infection was detected on your pc. The system will now download and install most efficient antimalware program to prevent data loss and your private information theft. Click here to protect your computer from the biggest malware threats.”

VideoCodec3_05b.exe is not widely recognized as a trojan (sunbelt passed it through virustotal and only Kaspersky and NOD32v2 detected it as malware.

   Send article as PDF   

Similar Posts