Researching, I paid a visit to the rogue site ‘pc-antispypro’ which promptly ran a scan and informed me I had 14 unspecified infections. Which didn’t vary on another clean machine.
Not as dramatic as most rogues that give dire warnings of infections in the hundreds, none the less the .exe carried a payload named by Antivir as TR/Dropper.Gen.
First, one is presented with the EULA and a click yes to download.
If one ignored the anti virus program’s warning.
Registration Service Provided By: ESTDOMAINS INC
Contact: +1.3027224217
Website: http://www.estdomains.com
Domain Name: PC-ANTISPYPRO.COM
Certifiedbug: September 23, 2008. EstDomains PR. Improved detection-prevention
Certifiedbug: September 15, 2008. EstDomains, Inc declares opposition to malware mongers
Priority estdomains domain suspension requests
http://www.malwarebytes.org/forums/index.php?showtopic=6159&st=80
Update: Topic at Nanog by Konstantin Poltev from Esthost.
Hostexploit report/Intercage/Esthost
{ 0 comments… add one now }