system
April 13, 2010, 4:48pm
1
this shitty link and millions like it:
hxxp://www.google.com/url?sa=t&source=web&ct=res&cd=4&ved=0CA8QFjAD&url=http%3A%2F%2Fswdesignportfolio.com %2Fjhqxsw%2Fdabk.php%3Fjxsr%3Dchicken-and-artichokes-recipe&rct=j&q=artichoke+stuffed+chicken+recipe+rachel+ray&ei=dZ7ES_XuLcL58Aal2LGZDw&usg=AFQjCNEBPOcF9VaQ1k5POAo9zUuWJjWTrg
All I did was search for “artichoke stuffed chicken rachel ray”. This link was one of the google search results ON THE FIRST PAGE .
Pondus
April 13, 2010, 4:59pm
2
No security program have 100% detection and this looks very new.
VirusTotal 5/40
http://www.virustotal.com/analisis/0b907a4731fb55f62d47ae997d44d855c84c64ccf43d2acb49d75626bde4a555-1271177468
Not detected by: MBAM / SAS / Ad-Aware
Have sendt sample to all
Pondus
April 13, 2010, 5:11pm
3
You should edit the link you posted (hxxp instead of http) so it is not clickable, as the link goes direct to live malware
system
April 13, 2010, 5:15pm
4
Not new at all. Been seeing this cr@p for many months. I have a computer service business and my customers are bumping in to this cr@p all the time. There’s millions of them and Avast seems powerless against any of them. I can find them almost everywhere. How can Avast not know about these when I can find them as plentiful as the sand at the beach?? Consider:
Searched for “food safety maryland” and this is a google search result:
hxxp://www.google.com/url?sa=t&source=web&ct=res&cd=20&ved=0CB8QFjAJOAo&url=http%3A%2F%2Flionheartmma.com %2Fbkztxh%2Ftykj.php%3Fjanx%3Dgalapgos-iland-toroise-food&rct=j&q=food+safety+maryland+php&ei=baPES6qIIcP48Aags6HTDw&mk=0&mb=2&usg=AFQjCNHn2xnnHZz57eBRFzbl9XOY0apz2w
and this too:
hxxp://www.google.com/url?sa=t&source=web&ct=res&cd=30&ved=0CCAQFjAJOBQ&url=http%3A%2F%2Fquickshipwarehouse.com %2Fhprcmv%2Fdwvh.php%3Fnrfp%3Dguatemalan-food-maryland&rct=j&q=food+safety+maryland+php&ei=D6TES_b-HsH-8Abjh4i9Dw&mk=0&mb=2&usg=AFQjCNFmTI0QxB2imGCa4aUh4vFXtkNWbQ
I can find hundreds of links like these by searching for just about anything popular.
Avast has no problem with any of these. Disturbing.
Pondus
April 13, 2010, 5:23pm
5
yes they look the same but the installer is changed daily/weekly
http://forum.avast.com/index.php?topic=51490.0
Pondus
April 13, 2010, 5:44pm
6
and uploaded to VT they give different detection, and the first one postet above also 5/40 but not all of the same scanners…
VirusTotal 5/40 - inst_1_.exe
http://www.virustotal.com/analisis/94a66ab7b67b046628ccfed2468818329157ec2ba30a8ece5d67a539679ff95d-1271180252
VirusTotal 4/40 - inst_2_.exe
http://www.virustotal.com/analisis/7b20bbe423d12fdb90e7792922b2864b73a4cf569f0071853d215424b59b8d64-1271180271
and also not detected by MBAM / SAS / Ad-Aware