Interesting spyware push download tactic…



Incidents.org has another interesting post about a spyware site. One of the handlers ran across it while doing a search for an educational institution. (They’ve used a wildcard in the dns record so that they can get traffic to {fillinkeyword}.nastydomain.com) Anyway… the main page tries to install WinAntiSpyware2006FreeInstall.cab from WinSoftware Corporation, Inc. It gives the little ActiveX control popdown bar and insists that it must be installed to view the page properly. But that’s not the most interesting part…


It looks like they’re filtering access to the page based on the User Agent of the browser, if it’s IE you get the push install, if it’s not… Page not found. They discovered this because they put on the “rubber gloves” of web security research and tried pulling up the page with wget to see what it looked like. 403 denied… Then they tried out Firefox and got a 404 not found. Finally, they tried wget with the -U option to specify a User Agent… like this…

wget -U "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"

And with that (and the address), they were able to grab the index.html

I guess that’s a technique to try and slow the research of a push spyware download? According to Incidents, WinAntiSpyware2006FreeInstall.cab is detected as a trojan by some antivirus products. I wonder also if this could pave the way for spyware pushers to target specific browsers/platforms with different push downloads?

Related Posts

Blog Traffic Exchange Related Posts
  • Malwarebytes Anti-malware I'm usually a bit leery of new antispyware products. I do a first look at the rogue antispyware lists and just try to be as cautious as possible when moving away from the tools that I've tried and tested. I downloaded malwarebytes anti-malware very reluctantly to clean up a machine......
  • Windows XP repair install problems I've run into a few problems with a windows xp repair install in the last few days that I wanted to detail the problems and what the resolution was. First, it was someone elses laptop needing a hard drive replacement. The drive was imaged, but windows still would not boot,......
  • How to Remove SoftStronghold | Soft Stronghold Removal Guide SoftStronghold is the latest rogue antivirus application in the LONG line of Wini rogues... Softveteran was the most recent (see the softveteran removal guide) but.... SoftCop (see the SoftCop removal guide.) But, the line goes much further back.... Softsoldier (How to remove SoftSoldier), ( TrustFighter TrustFighter Removal Guide, TrustSoldier removal......
Blog Traffic Exchange Related Websites
  • Using Facebook To Promote Your Business? It Doesn't Have To Be Hard If you're looking for effective ways to promote your business, you can't afford to overlook Facebook. Social networking is growing with leaps and bounds each day, and if your business is not taking advantage of it, you're definitely leaving money on the table. If you want to get the most......
  • How To Make Pre-Selling Work For You Affiliate marketing is one of the most profitable business models online and it is incredibly competitive as well. There are lots of affiliate marketers who just promote their products and wonder why their sales aren't higher. There is a simple reason for this; they don't do very well at pre-selling......
  • Using Facebook To Promote Your Business? It Doesn't Have To Be Hard If you're looking for effective ways to promote your business, you can't afford to overlook Facebook. Social networking is growing with leaps and bounds each day, and if your business is not taking advantage of it, you're definitely leaving money on the table. If you want to get the most......
www.pdf24.org    Send article as PDF   

Similar Posts


See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

Comments are closed.


Switch to our mobile site