[EP_X0FF]

System Repair

Looks like reincarnation of Windows XP Repair.
Posts moved.

[bitx]

System Repair

Looks like reincarnation of Windows XP Repair.
Posts moved.

Yes, it is :)

[Xylitol]

Loc: 74.143.70.54/images/PND.exe
Fake Caixa Penedès app

VT: 19/43 >> 44.2%
https://www.virustotal.com/file-scan/re ... 1310742303

[EP_X0FF]

SMS Hoax Skype

This is SMS hoax which copies Skype setup interface. It comes from hxxp://skype-downloads.ru (hxxp://77.221.149.219/get/311/23639)
Crapware written in C#

Hello! I'm Skype!



Installation complete, would you like to start Skype?




Give me money, send SMS dialog



Real Skype can be downloaded from http://www.skype.com/ and it's FREE. Don't be fooled by such primitive crapware.

[Xylitol]

SMS Hoax Skype

Another crap powered by zipArchive
hxxp://77.221.149.219:81/

[bitx]

SMS Hoax - Adult games

hxxp://pornogamer.org

Uses ZipMonster hxxp://zipmonster.ru

[Xylitol]

Zip-Archive
Leaked stuff.

Tracking Cyber Crime: Zip Archive Affiliate (Hoax SMS/Fake Installer)
http://xylibox.blogspot.com/2011/07/tra ... chive.html

html template in attach and zipArchive hoax builder on multiupload due to heavy size of package (19Mb)
http://www.multiupload.com/Z15J2EADZV

[bitx]

SMS Hoax Skype

This is SMS hoax which copies Skype setup interface. It comes from hxxp://skype-downloads.ru (hxxp://77.221.149.219/get/311/23639)

Another URL hxxp://d2xx.ru/SkypeSetup.exe

[Xylitol]

Hoax SMS Skype who come from the cashmagnat.com russian affiliate.

2/43 >> 4.7%
http://www.virustotal.com/file-scan/rep ... 1312490095

Code: Select all

GET /client_api/payform.php?step&aid=3747463 HTTP/1.1
Accept: */*
Accept-Language: fr
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1;
.NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR
3.5.21022)
Host: cashmagnat.com
Connection: Keep-Alive

HTTP/1.1 200 OK

[bitx]

Hoax SMS CCleaner

hxxp://myccleaner.ru