RBN: The Top 20, Fake Anti-Spyware and Anti-Malware Tools
Via The RBN Exploit Blog.
In a continuation of the discovery of the RBN’s “Retail Division” one of the most important exploit delivery methods is the fake; anti-spyware and anti-malware for PC hijacking and personal ID theft, this is a source of revenue for the RBN also from a direct sale.
For example, MalwareAlarm is a dangerous fake anti-spyware software and it is an update version of Malware Wiper. MalwareAlarm is stealth based malware, according to McAfee’s Site Advisor they tested 279 “bad” downloads. The methodology is to get the user to use a “free download”, MalwareAlarm then displays a warning message to purchase the paid version of MalwareAlarm, and of course the damage is done with the initial action.
The purpose of this article is to demonstrate the multiplicity of nodes, connections and delivery routes. However, it is a prompt for the community of the need for real-time CYBERINT based blocking and shield services. As is shown below, many are either or both SBL and XBL blacklisted, but this is only the core IP address and not the multiplicity of other mirrored hosts and servers.