Anatomy of a scam.

Currently a webserver at is serving malware, disguised as a fake anti-virus.
It goes to some length, within your browser window, to replicate the look and feel of the Windows XP “My Computer” panel.
(It uses some Javascript tricks, hence it won’t work in Netsurf but in any of the “big” browsers it works)

It looks a bit silly from here, where the Windows-ish graphics are surrounded by the Nautilus window furniture on this Ubuntu box.

Any of the links on that page, where it replicates the Windows shortcuts to “Control Panel” and similar link to a mysterious “install.exe”. If you are using Microsoft Windows you don’t want to install that code.

I’ve contacted the ISP concerned, so I doubt it will be there much longer. Like all scams it is designed to stop you from thinking rationally, and rush you in to making a bad decision. Chances are the owner of the actual machine does not know it is being a webserver, this is the way some malware propagates.

If I had more time this morning, I’d spend longer taking it apart and seeing how it works.


Tags: , ,

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: