system
April 13, 2010, 4:48pm
1
this shitty link and millions like it:
hxxp://www.google.com/url?sa=t&source=web&ct=res&cd=4&ved=0CA8QFjAD&url=http%3A%2F%2Fswdesignportfolio.com %2Fjhqxsw%2Fdabk.php%3Fjxsr%3Dchicken-and-artichokes-recipe&rct=j&q=artichoke+stuffed+chicken+recipe+rachel+ray&ei=dZ7ES_XuLcL58Aal2LGZDw&usg=AFQjCNEBPOcF9VaQ1k5POAo9zUuWJjWTrg
All I did was search for “artichoke stuffed chicken rachel ray”. This link was one of the google search results ON THE FIRST PAGE .
No security program have 100% detection and this looks very new.
VirusTotal 5/40
http://www.virustotal.com/analisis/0b907a4731fb55f62d47ae997d44d855c84c64ccf43d2acb49d75626bde4a555-1271177468
Not detected by: MBAM / SAS / Ad-Aware
Have sendt sample to all
You should edit the link you posted (hxxp instead of http) so it is not clickable, as the link goes direct to live malware
system
April 13, 2010, 5:15pm
4
Not new at all. Been seeing this cr@p for many months. I have a computer service business and my customers are bumping in to this cr@p all the time. There’s millions of them and Avast seems powerless against any of them. I can find them almost everywhere. How can Avast not know about these when I can find them as plentiful as the sand at the beach?? Consider:
Searched for “food safety maryland” and this is a google search result:
hxxp://www.google.com/url?sa=t&source=web&ct=res&cd=20&ved=0CB8QFjAJOAo&url=http%3A%2F%2Flionheartmma.com %2Fbkztxh%2Ftykj.php%3Fjanx%3Dgalapgos-iland-toroise-food&rct=j&q=food+safety+maryland+php&ei=baPES6qIIcP48Aags6HTDw&mk=0&mb=2&usg=AFQjCNHn2xnnHZz57eBRFzbl9XOY0apz2w
and this too:
hxxp://www.google.com/url?sa=t&source=web&ct=res&cd=30&ved=0CCAQFjAJOBQ&url=http%3A%2F%2Fquickshipwarehouse.com %2Fhprcmv%2Fdwvh.php%3Fnrfp%3Dguatemalan-food-maryland&rct=j&q=food+safety+maryland+php&ei=D6TES_b-HsH-8Abjh4i9Dw&mk=0&mb=2&usg=AFQjCNFmTI0QxB2imGCa4aUh4vFXtkNWbQ
I can find hundreds of links like these by searching for just about anything popular.
Avast has no problem with any of these. Disturbing.
yes they look the same but the installer is changed daily/weekly
http://forum.avast.com/index.php?topic=51490.0
and uploaded to VT they give different detection, and the first one postet above also 5/40 but not all of the same scanners…
VirusTotal 5/40 - inst_1_.exe
http://www.virustotal.com/analisis/94a66ab7b67b046628ccfed2468818329157ec2ba30a8ece5d67a539679ff95d-1271180252
VirusTotal 4/40 - inst_2_.exe
http://www.virustotal.com/analisis/7b20bbe423d12fdb90e7792922b2864b73a4cf569f0071853d215424b59b8d64-1271180271
and also not detected by MBAM / SAS / Ad-Aware