Tweet
Looks can be deceiving, and malware authors are relying on that old adage to lure potential victims into their most recent scheme. The plan? Dress up as a spyware removal tool, use a great-looking site, complete with blogs, news and product lineup, dazzle the user with plausible reviews, and encourage them to click through.
The site hxxp://removal-tool.com manages to do all that:
Anyway, who’d suspect that a professional-looking anti-spyware site will give them just the opposite of what they’re looking for — and even more? With most of the pages hosting malicious iFrames, here’s a list of what could be lurking in your system after a visit to their site:
Sadly, even those with malicious intent abide by this rule, and most users can hardly tell a good site from a bad one. Luckily, Trend Micro has the ability to block these possibly malicious URLs, just in case a site’s “beauty” turns out to be only skin deep.
Technical information and screenshot provided by Ivan Macalintal
The site hxxp://removal-tool.com manages to do all that:
Anyway, who’d suspect that a professional-looking anti-spyware site will give them just the opposite of what they’re looking for — and even more? With most of the pages hosting malicious iFrames, here’s a list of what could be lurking in your system after a visit to their site:
- HTML_IFRAME.IY
- VBS_PSYME.BCC
- EXPL_EXECOD.A
- HTML_SHELLCOD.AE
- JS_AGENT.AXX
- HTML_DLOADER.XCZ
- WORM_DISKGEN.AF
- HTML_SHELLCOD.AZ
- HTML_SHELLCOD.AW
- JS_REALPLAY.AA
- PE_PAGIPEF.AP-O
- TROJ_AGENT.DDG
- TROJ_PAGIPEF.AP
Sadly, even those with malicious intent abide by this rule, and most users can hardly tell a good site from a bad one. Luckily, Trend Micro has the ability to block these possibly malicious URLs, just in case a site’s “beauty” turns out to be only skin deep.
Technical information and screenshot provided by Ivan Macalintal
