Another nasty Spamdexing site

Spamdexing sites have become extremely dangerous … usually these type sites lead to an adult site or “Fake Codec” site.
However the following not only tries to load a Rogue/Suspect Anti-Spyware Product, this one comes with a nasty payload.



Notice there are several redirects, and the entry highlighted in red which produces the “Remote Data” prompt … yes I’ve mentioned this prompt many times before, but this one is a MPack Exploit …



I ran the highlighted URl thru LinkScanner and the results are:


DANGEROUS: LinkScanner Online has found [Q4-06 Roll-up package]
“This is a set of exploit scripts mostly from the end of 2006. It includes an MS06-042, a SetSlice, an MDAC, a WinZip, and a QuickTime. It is typically encrypted using a wide variety of javascript obfuscators, but is usually about the same source code underneath. Recently it sometimes includes an ANI exploit from April 2007.”
[or]
The second most common exploit is the still-widespread Q406 Roll-up package, accounting for 19.24 percent of new exploit reports. The package had dominated the survey since it debuted in December 2006. Coming in third with six percent of all occurrences was the TROJAN FAKE CODEC, a social engineering scheme devised by Russian cybergangs. “The big Russian gangs are finding new ways to trick people,” Thompson said. [source]


In case the fake scanner above looks familar, it is from the same people (PayTech) that I reported before … sadly PayTech controls about 50 other “Rogue/Suspect Anti-Spyware Products” … while the above exploit may be an older one it will certainly trash your machine unless you are up to date on all the latest Windows Updates and all your other applications.



Comments are closed.