Sponsored by..

Tuesday, 27 May 2008

pest-patrol.com is not the real PestPatrol - part II

The fake pest-patrol.com site we mentioned a few days ago has fixed its download problem and has given us a sample. Like many of these fake anti-malware sites, the executable morphs continually to avoid protection.

Detection rates are not good (VirusTotal results), and the real PestPatrol / eTrust product doesn't pick it up yet.

I strongly suspect that there's nothing good in the 85.255.112.0 - 85.255.127.255 range at all, and it is probably a good idea to block access to that entire IP block.

Antivirus;Version;Last Update;Result
AhnLab-V3;2008.5.22.1;2008.05.27;-
AntiVir;7.8.0.19;2008.05.27;SPR/Dldr.PestPatr.A
Authentium;5.1.0.4;2008.05.26;-
Avast;4.8.1195.0;2008.05.27;-
AVG;7.5.0.516;2008.05.26;-
BitDefender;7.2;2008.05.27;-
CAT-QuickHeal;9.50;2008.05.26;-
ClamAV;0.92.1;2008.05.27;-
DrWeb;4.44.0.09170;2008.05.27;-
eSafe;7.0.15.0;2008.05.26;-
eTrust-Vet;31.4.5826;2008.05.27;-
Ewido;4.0;2008.05.26;-
F-Prot;4.4.4.56;2008.05.26;-
F-Secure;6.70.13260.0;2008.05.27;-
Fortinet;3.14.0.0;2008.05.27;-
GData;2.0.7306.1023;2008.05.27;-
Ikarus;T3.1.1.26.0;2008.05.27;-
Kaspersky;7.0.0.125;2008.05.27;not-a-virus:Downloader.Win32.FraudLoad.bz
McAfee;5303;2008.05.26;-
Microsoft;1.3520;2008.05.27;-
NOD32v2;3134;2008.05.27;-
Norman;5.80.02;2008.05.26;-
Panda;9.0.0.4;2008.05.27;-
Prevx1;V2;2008.05.27;-
Rising;20.46.12.00;2008.05.27;-
Sophos;4.29.0;2008.05.27;-
Sunbelt;3.0.1123.1;2008.05.17;-
Symantec;10;2008.05.27;-
TheHacker;6.2.92.320;2008.05.26;-
VBA32;3.12.6.6;2008.05.27;-
VirusBuster;4.3.26:9;2008.05.26;-
Webwasher-Gateway;6.6.2;2008.05.27;Riskware.Dldr.PestPatr.A

No comments: