Spyware Warrior

[datababe]

Whaddya know. A search for "Hugh Jackman cell phone" (I'm heartily applauding how he handled that, BTW) turned up among other things a "Poll asking what you thought of Hugh Jackman breaking character to tell an audience member to shut down his/her cell phone", supposedly at:

hxxp://greenmomsDOTcom/elite/hugh-jackman-cell-phoneDOThtml

(broken link, of course )

I honestly did want to throw in my vote. However, one of my browsers (one with javascript enabled) was immediately redirected to:

hxxp://totalcomputerscan12DOTcom
(there's another called mycompscanner07DOTcom, and no doubt many other varations)

which proceeded to inform me "Warning!!! Your computer needs to be completely scanned! Total Security can perform fast and free virus and malicious software scan of your computer."

Clicking the "cancel" button on the popup took me straight to a helpful "online scan" (hey, I said CANCEL!) that took only a few moments to find all sorts of scary stuff, including Virut, after "scanning" drives and folders that do not exist on the computer in question (wow, these guys are goooood...). I was then further informed that my computer "remains infected by threats!" and another click of "cancel" promptly kicked off a download attempt of a file titled Soft_207.exe.

Current Virustotal results on that goodie here:

http://www.virustotal.com/analisis/d1c0ffd7c16907bcc4ac584734e2c5c86ab5110f71a9673ea7035c649d7b8153-1254272860

Looks like someone else beat me to the first upload by a few hours. I need to get quicker on the draw, lol.

p.s. I tool pictures of the shennanigans - the "Windows Security Alert" popup was quite authentic looking - if anyone wants a peek, let me know. I'll slap a rough webpage together later; now I need to go to bed before I turn into a pumpkin.
_________________
- Datababe
Until you spread your wings, you'll have no idea how far you can walk.
http://redoakranch.x10hosting.com
http://datababe007.blogspot.com

[suzi]

Really bad AV detection of that file now. Hopefully they will get it added asap. Thanks for the heads up.
_________________
Former Microsoft MVP 2005-2009, Consumer Security
Please do not PM or Email me for personal support. Post in the Forums instead and we will all learn.

[datababe]

The latest update of Malwarebytes Anti-Malware (as of this morning) does detect this .exe as Win32/TotalSecurity.A. I haven't had a chance to throw anything else at it yet (my Windoze test box is slower than January molasses).

And Hugh Jackman thinks cell phones are aggravating...
_________________
- Datababe
Until you spread your wings, you'll have no idea how far you can walk.
http://redoakranch.x10hosting.com
http://datababe007.blogspot.com

[Chao284]

[datababe]

This is why the test box doesn't talk to the 'net. And why even tho I was not running on a Windows machine when I first got redirected, after the first (not)cancel I switched to yet another computer that isn't running Windows either - or running anything from any hard drive at all.

Given the minor splash this news event made, it does raise the question of how many machines out there did get assimilated.
_________________
- Datababe
Until you spread your wings, you'll have no idea how far you can walk.
http://redoakranch.x10hosting.com
http://datababe007.blogspot.com

[Chao284]

[datababe]

Y'know, running NoScript and watching all the stuff it blocks has made me so keenly aware of the massive (and sometimes malicious) background activity of many websites, I really can't imagine bouncing around the intarwebs with all the little interactive bells and whistles of <insert any browser here> blindly enabled. Am I "hindering the full web experience" (or something like that) for myself? I suppose so.

But I just can't bring myself to put that level of trust in a bunch of strangers.
_________________
- Datababe
Until you spread your wings, you'll have no idea how far you can walk.
http://redoakranch.x10hosting.com
http://datababe007.blogspot.com