Interesting spyware push download tactic…



Incidents.org has another interesting post about a spyware site. One of the handlers ran across it while doing a search for an educational institution. (They’ve used a wildcard in the dns record so that they can get traffic to {fillinkeyword}.nastydomain.com) Anyway… the main page tries to install WinAntiSpyware2006FreeInstall.cab from WinSoftware Corporation, Inc. It gives the little ActiveX control popdown bar and insists that it must be installed to view the page properly. But that’s not the most interesting part…


It looks like they’re filtering access to the page based on the User Agent of the browser, if it’s IE you get the push install, if it’s not… Page not found. They discovered this because they put on the “rubber gloves” of web security research and tried pulling up the page with wget to see what it looked like. 403 denied… Then they tried out Firefox and got a 404 not found. Finally, they tried wget with the -U option to specify a User Agent… like this…

wget -U "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"

And with that (and the address), they were able to grab the index.html

I guess that’s a technique to try and slow the research of a push spyware download? According to Incidents, WinAntiSpyware2006FreeInstall.cab is detected as a trojan by some antivirus products. I wonder also if this could pave the way for spyware pushers to target specific browsers/platforms with different push downloads?

Related Posts

Blog Traffic Exchange Related Posts
  • How to Remove Internet Security 2010 | Internet Security 2010 Removal Guide Internet Security 2010 is the name of a rogue antivirus application that is one of the more recent to be making the rounds. It will typically install itself on your system through the use of other malware. These rogue antivirus applications typically will pop up warnings and alerts about the......
  • How to Remove AntiKeep | AntiKeep Removal Guide AntiKeep is a rogue antivirus application from the same family as ReAnti and AntiAdd which we've written about in the last few days. Like many of these rogue application they will try to trick you into consenting to install it, or install without your permission. They will claim that there......
  • Migration to new CMS As you can see I'm in the midst of a migration to a new CMS tool. Right now I'm using wordpress which is normally considered a blogging tool. Frankly, I was reluctant to look at a blogging tool in part because the concept has such a trendy feel to it.......
Blog Traffic Exchange Related Websites
  • FlashGet My Download I've been using FlashGet for so many years I don't even remember since when or what version it was when I tried it. At that time the software was still not very popular and most people that I knew used other download helper software. I knew about FlashGet from Download.com......
  • Using Facebook To Promote Your Business? It Doesn't Have To Be Hard If you're looking for effective ways to promote your business, you can't afford to overlook Facebook. Social networking is growing with leaps and bounds each day, and if your business is not taking advantage of it, you're definitely leaving money on the table. If you want to get the most......
  • When to Negotiate in Coin Collecting, and When to Back Down One of the most important tools for you to wield as you engage in coin collecting is negotiation. Negotiating can help to bring down the prices of some of the pieces that you want to have in your coin collection, saving you money and helping you to expand your coin......
www.pdf24.org    Send article as PDF   

Similar Posts


See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

Comments are closed.


Switch to our mobile site