Sunday, November 18, 2007

AVSystemCare is it a virus or antivirus

Today while visiting a site I was greeted with this screen. I was sure I had just opened a story on digg and the site it was pointing to also seemed legit. There was nothing to suspect but I just could not see how this was possible. I had seen a video yesterday about a similar attack using the doubleclick adverts network. But on that page I did not see any adverts being served by them, so possibly there is another network that is being used to get the adverts on the web pages.

After looking and snooping for a while I got the URL's from where the ads were being served. To see how it looks like you can copy the URL and see for yourself how the social engineering attacks work. Just make sure your browser is fully patched. Also make sure you don't download/run the executable that is shoved down your throat.
http://avsystemcare.com/data/?mtrt=avds22&gai=swmid&gli=2822_ao_3923_0_758_ao_&gff=pp_240877101&ex=1&ed=2&h=10&ax=1&ed=1&ex=1&mtrt=null&45080703&mt_info=3923_0_758
http://avsystemcare.com/data/index.php?52545a0d4647545e006e191c6a5258675351060714535a080b0a0f035139030b6a060a02066f09685304593b5458691e5352040b4244695302080f065457525513525f5108011f5008545c5513500b0c0712055e0f05064755550a00
http://85.255.115.218/ind.htm?src=409&surl=environmentalgraffiti.com&sport=80&suri=%2Findex%2Ephp%3Fp%3D484

1 comment:

Anonymous said...

This is definitely not good for your PC.
I am using a fully patched Ubuntu laptop, yet it still claims it is 'scanning' my C:\windows folder. There isn't one so it must be lying.

Also it may not have been put on your PC by the site where you saw it.

Ditch IE (ideally and Windoze) and this will not happen anymore.

- i have been virus free since day 1 of linux.