A forum for reverse engineering, OS internals and malware analysis 

Rogue Antimalware (FakeAV, 2011 year)

Forum for analysis and discussion about malware.
 Topic locked

Re: Rogue antimalware (FakeAV, FakeAlert)

 #6958  by Xylitol
 Mon Jun 27, 2011 6:06 pm
Unpacked Personnal Shield Pro
This sample is used in test apparently on the BestAV affil (yeah, i've again access to the shit)
I guess usual kernelmode lurkers will give the sample to mbam :mrgreen:

Image
Attachments
pwd: xylibox
(818.7 KiB) Downloaded 79 times

Re: Rogue antimalware (FakeAV, FakeAlert)

 #6961  by EP_X0FF
 Tue Jun 28, 2011 2:37 am
In addition to new Xylitol blog post http://xylibox.blogspot.com/2011/06/tra ... evera.html there is dedicated resource about Security Shield crap administrated by Severa himself (he is ex script-kiddie carder and spammer, claims to be in business since 1999) Peter Severa which occupation (surprise) is "security".

hxxp://vulnes.com/showthread.php?t=1452

Welcome partners!
Image

All payments done until 22 june.
Image

We have good convert - 400-800$ from 1k loads
Image

Satisfied partner, small 20Kb loader, good payments.
Image

Windows Inviolability System

 #6979  by bitx
 Wed Jun 29, 2011 11:33 am
Windows Inviolability System

Image
Attachments
pass=malware
(1.61 MiB) Downloaded 67 times
Last edited by EP_X0FF on Mon Oct 31, 2011 7:09 am, edited 1 time in total. Reason: title edited

Re: Rogue antimalware (FakeAV, FakeAlert)

 #6980  by kmd
 Wed Jun 29, 2011 11:46 am
hxxp://vulnes.com/showthread.php?t=1452&page=3
В связи с текущими событиями временно и планово прекращаю работу по АВ, последние текущие выплаты уйдут на днях, о возобновлении работы сообщу в своих топиках, один из которых вы сейчас читаете, благодарю за понимание.
is he already pissed in his pants? :D

Windows Proofness Guarantor

 #6994  by bitx
 Thu Jun 30, 2011 12:25 pm
Windows Proofness Guarantor

Image
Attachments
pass=malware
(1.56 MiB) Downloaded 73 times
Last edited by EP_X0FF on Mon Oct 31, 2011 7:09 am, edited 1 time in total. Reason: title edited

Re: Rogue antimalware (FakeAV, FakeAlert)

 #6995  by bitx
 Thu Jun 30, 2011 12:30 pm
kmd wrote:hxxp://vulnes.com/showthread.php?t=1452&page=3
В связи с текущими событиями временно и планово прекращаю работу по АВ, последние текущие выплаты уйдут на днях, о возобновлении работы сообщу в своих топиках, один из которых вы сейчас читаете, благодарю за понимание.
is he already pissed in his pants? :D
Probably not :) summer + a lot of money = brilliant holidays

Fast Antivirus 2011

 #6998  by rough_spear
 Thu Jun 30, 2011 4:52 pm
Fast Antivirus 2011

FILE NAME - FastAntivirus2011.zip
password - malware

Regards,


rough_spear.
Attachments
FastAntivirus2011.zip
password - malware
(257.78 KiB) Downloaded 89 times
Last edited by EP_X0FF on Mon Oct 31, 2011 7:10 am, edited 2 times in total. Reason: title edited

Windows Microsoft Guardian

 #7018  by Maxstar
 Sat Jul 02, 2011 8:34 am
Windows Microsoft Guardian

Image
http://www.imgdumper.nl/uploads4/4e0ed7 ... c2-WMG.png

http://www.virustotal.com/file-scan/rep ... 1309206910
MD5 : 5ce600445bb09eedf432a78441090671
Result: 4 /42 (9.5%)
Attachments
PW=infected
(1.68 MiB) Downloaded 80 times
Last edited by EP_X0FF on Mon Oct 31, 2011 7:11 am, edited 1 time in total. Reason: title edited

Re: Rogue antimalware (FakeAV, FakeAlert)

 #7034  by kmd
 Sat Jul 02, 2011 4:50 pm
tango down :))
scriptkiddie vulnes.com down
Peter Severa or his real life name Peter Levashov is well known spammer in the past (world spam king rank #6 in 2008), malware/spam programs developer, who escaped arrest (Alan Ralsky case) and now rules fake av bussiness.
http://www.spamhaus.org/rokso/evidence. ... id=ROK4035

latest FBI actions likely making his holidays not so brilliant as he planned
 Topic locked
  • 1
  • 17
  • 18
  • 19
  • 20
  • 21
  • 34
 Return to “Malware”