Rockin' da fumanchu
Join Date: Nov 2005
Location: On the straight and narrow,stumbling at best, only by Gods grace.
Spammed SWF URLs Abuse ImageShack, Lead to Rogue AV
Aug. 28, 2008 - "We’re seeing a lot of spam right now using the now annoyingly familiar Free Update Windows XP, Vista spam template. This time though, instead of linking to an .EXE file, it is now pointing to an .SWF file. The SWF file linked via the large-font text Free Update Windows XP,Vista contains Flash ActionScript... After this a EULA window appears, and then the system proceeds to install a rogue AV software from avxp-2008.net. Note that it does this automatically from the moment the install.exe is run... The technique used in the spam has two things going for it:
1. the use of SWF instead of EXE and
2. the use of an ImageShack-hosted file, both of which may suggest to normal users that the file is possibly harmless.
So it seems the siege of rogue AV is not only not dying down, its proponents are becoming more creative in their “advertising” schemes. We detect this rogue AV as TROJ_FAKEAV.IG."
provided by apluswebmaster
Last edited by Tx Redneck; 08-29-2008 at 09:34 PM.