Anatomy of a scam.

Currently a webserver at 89.248.171.67 is serving malware, disguised as a fake anti-virus.
It goes to some length, within your browser window, to replicate the look and feel of the Windows XP “My Computer” panel.
(It uses some Javascript tricks, hence it won’t work in Netsurf but in any of the “big” browsers it works)

It looks a bit silly from here, where the Windows-ish graphics are surrounded by the Nautilus window furniture on this Ubuntu box.

Any of the links on that page, where it replicates the Windows shortcuts to “Control Panel” and similar link to a mysterious “install.exe”. If you are using Microsoft Windows you don’t want to install that code.

I’ve contacted the ISP concerned, so I doubt it will be there much longer. Like all scams it is designed to stop you from thinking rationally, and rush you in to making a bad decision. Chances are the owner of the actual machine does not know it is being a webserver, this is the way some malware propagates.

If I had more time this morning, I’d spend longer taking it apart and seeing how it works.

Advertisements

Tags: , ,

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


%d bloggers like this: