Fake codec webpage here: adobe-update.co.cc

Hi malware fighters,

HTTP Fake Codec WebPage
Location: htxp://www.adobe-update.co.cc/ finjan misses the detection…
This signature detects HTTP redirects and/or web pages which misleading applications use to attempt to lure users into downloading applications which may compromise the target host.

Misleading applications intentionally misrepresent the security status of a computer. Misleading applications attempt to convince the user that he or she must remove potentially malware or security risks (usually nonexistent or fake) from the computer. The application will hold the user hostage by refusing to allow him or her to remove or fix the phantom problems until the ‘required’ software is purchased and installed. Misleading applications often look convincing - the programs may look like legitimate security programs and often have corresponding websites with user testimonials, lists of features, etc.

Do not go there, beause Wepawet says: suspicious:
http://wepawet.iseclab.org/view.php?hash=b99553bade6583b859d66bc602e058d8&t=1277644122&type=js
Source of the fake codec: htxp://jsunpack.jeek.org/dec/go?report=bc44068feddda74cf82f8a1b06cc63e1d0bd333e

See attached image taken from the site in malzilla:
See other blocked site from Russian Fededration with the fake codec: http://hosts-file.net/?s=liveinternet.ru
LiveInternet @ Статистика, дневники, одноклассники, почта, знакомства, маркет
through a hidden link: # hidden Войти - htxp://www.liveinternet.ru/stat/
See the various malware description links given here at this page:
http://www.unmaskparasites.com/web-page-options/?url=http%3A//www.liveinternet.ru/stat/

polonus

Hi malware fighters,

Speaking about fake codec sites, keep an eye out for these or better avoid them:
http://blogs.paretologic.com/malwarediaries/index.php/category/fake-codecs/
Read this also on this type of malware: http://www.vanish.org/fraud3.htm

polonus


I never did think those shortened URLs were a good idea for the very same reason stated in the paretologic link. I have never used them nor have I ever clicked on one of them.

To me, that would be just asking for trouble.