AVSystemCare is it a virus or antivirus

Today while visiting a site I was greeted with this screen. I was sure I had just opened a story on digg and the site it was pointing to also seemed legit. There was nothing to suspect but I just could not see how this was possible. I had seen a video yesterday about a similar attack using the doubleclick adverts network. But on that page I did not see any adverts being served by them, so possibly there is another network that is being used to get the adverts on the web pages.

After looking and snooping for a while I got the URL's from where the ads were being served. To see how it looks like you can copy the URL and see for yourself how the social engineering attacks work. Just make sure your browser is fully patched. Also make sure you don't download/run the executable that is shoved down your throat.
http://avsystemcare.com/data/?mtrt=avds22&gai=swmid&gli=2822_ao_3923_0_758_ao_&gff=pp_240877101&ex=1&ed=2&h=10&ax=1&ed=1&ex=1&mtrt=null&45080703&mt_info=3923_0_758
http://avsystemcare.com/data/index.php?52545a0d4647545e006e191c6a5258675351060714535a080b0a0f035139030b6a060a02066f09685304593b5458691e5352040b4244695302080f065457525513525f5108011f5008545c5513500b0c0712055e0f05064755550a00
http://85.255.115.218/ind.htm?src=409&surl=environmentalgraffiti.com&sport=80&suri=%2Findex%2Ephp%3Fp%3D484

Comments

Anonymous said…
This is definitely not good for your PC.
I am using a fully patched Ubuntu laptop, yet it still claims it is 'scanning' my C:\windows folder. There isn't one so it must be lying.

Also it may not have been put on your PC by the site where you saw it.

Ditch IE (ideally and Windoze) and this will not happen anymore.

- i have been virus free since day 1 of linux.
10:50 PM
Post a Comment

Popular posts from this blog

The best mobile development platform for hobbyist programmer

This is something I have been thinking for a while so here it goes. This is a list of platforms I know of and my choice of what makes sense for a hobbyist programmer like me. Let me first list down all the possible platforms and then list down the pros and cons that I feel are associated with each platform. Java ME (The platform formally known as J2ME) Windows Mobile Linux Palm Brew Symbian Blackberry iPhone iPhone Let me start with iPhone the darling of the media and blogger's till about a fortnight. I had real expectations from iPhone as a platform but the way its been going so far I would never bother developing for it. Officially there is no SDK with which one can build applications. What ever tools the community had built have been rendered useless with the iPhone 1.1.1 software upgrade . The community might be able to hack a version for 1.1.1 but without any support from almighty apple its just a cat and mouse game. With every minor release the applications
Read more

Is this finally the year of Linux on the desktop?

If I have a new system the only things I install are a browser, IM clients and some development environment. But the thing that has really changed now is that I can do the same thing on Linux without thinking too much. I can install Chrome/Firefox, the IM's are pre-installed and most of the development environments are available on Linux. You could do that earlier as well but now the main thing that has changed is that there are new tools that are only available on Linux or Mac. The main softwares coming to mind are GIT and node.js . They are available on Windows but often seem crippled. If you really want to use them you will move to Linux or Mac. That is where things have really shifted. There are half a dozen twitter clients for Mac and quite a few for Linux but have a look around the only twitter clients you will find on Windows are Adobe Air based clients. No one seems to be writing native or .net based clients. To be fair there are some obscure .net based clients which no
Read more

Using CONNECT method on a http proxy using telnet

The simplest way to connect to an external server using a proxyserver. C:\Work>telnet proxyserver 8080 Trying 192.168.1.20... Connected to proxyserver. Escape character is '^]'. CONNECT irc.freenode.org:6667 HTTP/1.1 HTTP/1.1 200 Connection established :kornbluth.freenode.net NOTICE * :*** Looking up your hostname... :kornbluth.freenode.net NOTICE * :*** Checking Ident :kornbluth.freenode.net NOTICE * :*** Found your hostname :kornbluth.freenode.net NOTICE * :*** No Ident response In this case we are connecting to a proxyserver on port 8080. After that we open a http tunnel to irc.freenode.org on port 6667. Then you need to press enter twice to establish the connection. After that you have an open socket and you can send the commands accordingly based on the protocol being used. Here we connect to an IRC server. We could do the same thing by connecting to a HTTP server. You can apply the logic by opening a socket to the proxy server and then sending and receiving
Read more