Here comes a 1st Rogue Mail in 2010 that I’ve analyzed. When I saw this mail in my Inbox I felt like the sender gifted me for New Year ;-)
You can see the Guy wishing me Happy New Year and given a link and even the URL carries the word ‘newyear’.
Now let us click on the link to check my Gift. Hey, the URL redirects me to another website,
“hxxp://scanonlinesiteblog.com /index.php?affid=92600”. As I expected it displayed a fake scanning page with infection warning as shown in the below screenshot.
Upon clicking anywhere on the page, it downloaded “install.exe”. Information about the file is given below.
File Name: install.exe
Virus Total Results: http://www.virustotal.com/analisis/1b1a3b11762c898d0b17f3db1ccc91cc1c0512ec396900237a5f3df6f42e5ac7-1262368521
The setup file on execution copies itself to %ALLUSERSPROFILE%\Application Data\<Random number>\<Random number>.exe, then it creates a batch file to kill itself using “taskkill /im install.exe” and self deletes from the place where it is executed.
Upon successful installation it displays below message,
Here comes the Security Tool which scanned my system and found infections which even Top 10 Antivirus did not find ;-)
And now comes Activation part. To clean the above infections I’ve to purchase the product. Let me check how much the product is? Great!! It is quiet cheaper than any other product. 2 Year license is $49.95 and Lifetime is $79.95. I don’t think any organization offers lifetime product ;-) Below I can find an option to enter my Credit card information and other information. Check the below screenshot.
I cannot purchase a Gift. Gift is meant to give it for free. So let me mail this guy to give the product for free ;-)
Trackback from your site.