Lavasoft Malware Labs Blog
New definitions:
====================
eAntivirusPro
Updated definitions:
====================
SpywareSecure
Toolbar.Hotbar
Win32.FakeAlert.PCHealthCenter
Zango
MD5 checksum is 92777aeeff2f1cb24c5e794659d0b423 for core.aawdef
MD5 checksum is 28d82295186f308de5a58686afbbfe0d for defs.ref
New definitions:
====================
Adware.Adtomi
Win32.Backdoor.Gendal
Win32.Hoax.0cent
Win32.Monitor.GoldenEye
Win32.Monitor.IKL
Win32.Monitor.KeyLogger
Win32.Monitor.Kidlogger
Win32.Monitor.MessengerLog
Win32.Monitor.MetaCodix
Win32.Monitor.MiniKeyLog
Win32.Monitor.OverSpy
Win32.Monitor.PaqKeyLog
Win32.Monitor.PCPandora
Win32.Monitor.PCRecord
Win32.Monitor.PCSpy
Win32.Monitor.PerfectKeylogger
Win32.Monitor.Perflogger
Win32.Monitor.RefogKeylogger
Win32.Monitor.RevealerKeylogger
Win32.Monitor.SpyAgent
Win32.Monitor.Spylo
Win32.Monitor.SpyMyPC
Win32.Monitor.Star
Win32.Monitor.TimsKeylogger
Win32.Monitor.TotalSpy
Win32.Monitor.TypeTeller
Win32.Monitor.Watching
Win32.Monitor.Winvestigator
Win32.Monitor.XPCSpy
Win32.P2PWorm.Apsiv
Win32.Trojan.Horse
Win32.Trojan.SFBdld
Win32.Trojan.Smalldrp
Win32.TrojanDDoS.Fram
Win32.TrojanDownloader.Malwar
Win32.TrojanDownloader.Osel
Win32.TrojanDownloader.Puper
Win32.Trojan-Dropper.Basinth
Win32.Trojan-Dropper.Danseed
Win32.Worm.Nuj
Win32.Worm.Ridnu
VirusResponseLab2009
Updated definitions:
====================
Adware.180Solutions.SeekmoSearchAssistant
Adware.AdStart
Adware.Aureate
Adware.BBT
Adware.BHO(generic)
Adware.CasClient
Adware.CDN
Adware.Chiem
Adware.DigitalNames
Adware.F1Organizer
Adware.NaviPromo
Adware.NetAdware
Adware.SuperJuan
Adware.VB
Adware.ZenoSearch
Adware.Zhongsou
AntiSpywareExpert
Antivirus 2008 XP
Antivirus XP 2008
Antivirus2009
Ardamax Keylogger
Backdoor.Visel
BDSearch Plugin
Dialer
EliteKeylogger
ErrorKiller
EzuLa
FakeAlert
IEDefender
MalwareCrush
MessengerSkinner
MicroAntivirus2009
MSAntivirus
MyWebSearch
Perflogger
PowerAntiVirus2009
PurityScan
SmartAntivirus2009
SpyArsenal FamilyKeylogger
SpyArsenal GoldenKeylogger
SpyArsenal HomeKeylogger
SpywareStop
SpywareStormer
SweetIM
Systemantivirus 2008
SystemDefender
Toolbar.Hotbar
TotalSecure2009
UltimateCleaner
WebHancer
Win32.Adware.Admoke
Win32.AdWare.Cinmus
Win32.Adware.OneStep
Win32.Backdoor.Agent
Win32.Backdoor.Agobot
Win32.Backdoor.AimBot
Win32.Backdoor.Bandok
Win32.Backdoor.Bifrose
Win32.Backdoor.BlackHole
Win32.Backdoor.Bot
Win32.Backdoor.Ceckno
Win32.Backdoor.CiaDoor
Win32.Backdoor.Codbot
Win32.Backdoor.Delf
Win32.Backdoor.DsBot
Win32.Backdoor.EggDrop
Win32.Backdoor.EvilBot
Win32.Backdoor.Flux
Win32.Backdoor.ForBot
Win32.Backdoor.Frauder
Win32.Backdoor.HacDef
Win32.Backdoor.Hijack
Win32.Backdoor.Hupigon
Win32.Backdoor.Inject
Win32.Backdoor.IRCBot
Win32.Backdoor.IRCZapchast
Win32.Backdoor.Iroffer
Win32.Backdoor.mIRC-based
Win32.Backdoor.Mytobor
Win32.Backdoor.Nepoe
Win32.Backdoor.Nethief
Win32.Backdoor.Nuclear
Win32.Backdoor.Oderoor
Win32.Backdoor.Optix
Win32.Backdoor.Pahador
Win32.Backdoor.PcClient
Win32.Backdoor.Poebot
Win32.Backdoor.Poison
Win32.Backdoor.PoisonIvy
Win32.Backdoor.PPdoor
Win32.Backdoor.Prorat
Win32.Backdoor.Prosti
Win32.Backdoor.QBot
Win32.Backdoor.Raid
Win32.Backdoor.RBot
Win32.Backdoor.Reload
Win32.Backdoor.Robobot
Win32.Backdoor.Rukap
Win32.Backdoor.SDBot
Win32.Backdoor.Shark
Win32.Backdoor.Sinowal
Win32.Backdoor.Small
Win32.Backdoor.Spyboter
Win32.Backdoor.Turkojan
Win32.Backdoor.UltimateDefender
Win32.Backdoor.VanBot
Win32.Backdoor.VB
Win32.Backdoor.WootBot
Win32.Dialer.Trojan
Win32.FakeAlert.PCHealthCenter
Win32.Flooder.Agent
Win32.Generic.PWS
Win32.Generic.Worm
Win32.Hacktool.Brontok
Win32.Hoax.Bravia
Win32.Hoax.Renos
Win32.IRCWorm.Small
Win32.Monitor.Dafunk
Win32.Monitor.EBlaster
Win32.Monitor.KGBSpy
Win32.Monitor.PersonalInspector
Win32.Monitor.PowerLogger
Win32.Monitor.PowerSpy
Win32.Monitor.RealSpy
Win32.Monitor.SmartKeyStrokeRec
Win32.P2PWorm.Agent
Win32.P2PWorm.Kersex
Win32.P2PWorm.Krepper
Win32.P2PWorm.SdDrop
Win32.P2PWorm.SpyBot
Win32.Rootkit.Agent
Win32.Rootkit.Clbd
Win32.Rootkit.HideProc
Win32.Rootkit.KernelBot
Win32.Rootkit.Podnuha
Win32.Rootkit.Qandr
Win32.SpamTool.Agent
Win32.SpamTool.Blen
Win32.SurNova.Worm
Win32.Trojan.AdClicker
Win32.Trojan.Agent
Win32.Trojan.Atraps
Win32.Trojan.AutoIT
Win32.Trojan.Autorun
Win32.Trojan.Bagle
Win32.Trojan.BHO
Win32.Trojan.Buzus
Win32.Trojan.Crypt
Win32.Trojan.Cutwail
Win32.Trojan.Delf
Win32.Trojan.Diamin
Win32.Trojan.Disabler
win32.Trojan.Dnschanger
Win32.Trojan.Downloader
Win32.Trojan.Emo
Win32.Trojan.ExplorerHijack
Win32.Trojan.FlyStudio
Win32.Trojan.Fraudpack
Win32.Trojan.Hijacker
Win32.Trojan.IFramer
Win32.Trojan.Inject
Win32.Trojan.KillAV
Win32.Trojan.KillProc
Win32.Trojan.Kobcka
Win32.Trojan.Mailfinder
Win32.Trojan.Midgare
Win32.Trojan.Monder
Win32.Trojan.Multis
Win32.Trojan.Nosok
Win32.Trojan.Obfuscated
Win32.Trojan.Packed
Win32.Trojan.Pakes
Win32.Trojan.Patched
Win32.Trojan.Podnuha
Win32.Trojan.Qhost
Win32.Trojan.Scagent
Win32.Trojan.ShipUp
Win32.Trojan.Shutdowner
Win32.Trojan.Slefdel
Win32.Trojan.Small
Win32.Trojan.Spy
Win32.Trojan.StartPage
Win32.Trojan.SubSys
Win32.Trojan.Tibs
Win32.Trojan.Trash
Win32.Trojan.Vaklik
Win32.Trojan.Vapsup
Win32.Trojan.VB
Win32.Trojan.WGAPatch
Win32.Trojan.Wigon
Win32.Trojan.Virtl
Win32.TrojanClicker
Win32.TrojanClicker.Delf
Win32.TrojanClicker.Small
Win32.TrojanClicker.VB
Win32.TrojanDDoS.Boxed
Win32.TrojanDownloader.Agent
Win32.TrojanDownloader.Alphabet
Win32.TrojanDownloader.Bagle
Win32.TrojanDownloader.Banload
Win32.TrojanDownloader.BHO
Win32.TrojanDownloader.Calac
Win32.TrojanDownloader.ConHook
Win32.TrojanDownloader.Dadobra
Win32.TrojanDownloader.Delf
Win32.TrojanDownloader.Exchanger
Win32.TrojanDownloader.Firu
Win32.TrojanDownloader.FlyStudio
Win32.TrojanDownloader.FraudLoad
Win32.TrojanDownloader.FraudTool
Win32.TrojanDownloader.Hmir
Win32.TrojanDownloader.Injecter
Win32.TrojanDownloader.Lastad.h
Win32.TrojanDownloader.Losabel
Win32.TrojanDownloader.Murlo
Win32.TrojanDownloader.Mutant
Win32.TrojanDownloader.NewMedia
Win32.TrojanDownloader.Nurech
Win32.TrojanDownloader.Obfuscated
Win32.TrojanDownloader.Pendix
Win32.TrojanDownloader.Slime
Win32.TrojanDownloader.Small
Win32.TrojanDownloader.Suurch
Win32.TrojanDownloader.Tibs
Win32.TrojanDownloader.Tiny
Win32.TrojanDownloader.VB
Win32.TrojanDownloader.Wimad
Win32.TrojanDownloader.Winlagons
Win32.Trojandownloader.Zlob
Win32.TrojanDropper
Win32.Trojan-Dropper.Cutwail
Win32.Trojan-Dropper.Delf
Win32.TrojanDropper.ExeBinder
Win32.TrojanDropper.FakeAV
Win32.Trojan-Dropper.Joiner
Win32.TrojanDropper.KGen
Win32.TrojanDropper.Microjoin
Win32.Trojan-Dropper.MSWord.Agent
Win32.Trojan-Dropper.MuDrop
Win32.TrojanDropper.Parsi
Win32.TrojanDropper.Small
Win32.TrojanDropper.VB
Win32.Trojan-Dropper.Xbinder
Win32.TrojanProxy.Agent.dl
Win32.TrojanProxy.Dlena
Win32.TrojanProxy.Horst
Win32.TrojanProxy.Mitglieder.bi
Win32.TrojanProxy.Ranky
Win32.TrojanProxy.Saturn
Win32.Trojan-PSW.Lineage
Win32.Trojan-PSW.Nilage
Win32.TrojanPWS.Delf
Win32.Trojan-PWS.Firefox
Win32.TrojanPWS.Hukle
Win32.Trojan-PWS.IMMultiPass
Win32.TrojanPWS.LdPinch
Win32.TrojanPWS.Lmir
Win32.TrojanPWS.Magania
Win32.Trojan-PWS.Mapler
Win32.TrojanPWS.OnlineGames
Win32.TrojanPWS.Papras
Win32.TrojanPWS.QQPass
Win32.TrojanPWS.Small
Win32.TrojanPWS.Steam
Win32.Trojan-PWS.Tibia
Win32.TrojanPWS.VB
Win32.TrojanPWS.WOW
Win32.TrojanSpy.Banbra
Win32.TrojanSpy.Bancos
Win32.TrojanSpy.Banker
Win32.TrojanSpy.Banpaes
Win32.TrojanSpy.Delf
Win32.TrojanSpy.Flux
Win32.TrojanSpy.Goldun
Win32.TrojanSpy.Keylogger
Win32.TrojanSpy.Pophot
Win32.TrojanSpy.Proagent
Win32.TrojanSpy.Small
Win32.TrojanSpy.VB
Win32.TrojanSpy.Zbot
Win32.TrojanSpy.Zeus
Win32.Winshow
Win32.Worm.Agent
Win32.Worm.Allaple
Win32.Worm.Anilogo
Win32.Worm.AutoIt
Win32.Worm.Autorun
Win32.Worm.Autoruner
Win32.Worm.Bagle
Win32.Worm.Bobic
Win32.Worm.Doombot
Win32.Worm.Fujack
Win32.Worm.IRCBot
Win32.Worm.Kolab
Win32.Worm.Koobface
Win32.Worm.Mabezat
Win32.Worm.Mydoom
Win32.Worm.Myspch
Win32.Worm.Netsky
Win32.Worm.Polip
Win32.Worm.Rokut
Win32.Worm.Ronoper
Win32.Worm.RunOnce
Win32.Worm.SDBot
Win32.Worm.SdBoter
Win32.Worm.Socks
Win32.Worm.Sohanad
Win32.Worm.Warezov
Win32.Worm.VB
Win32.Worm.Viking
Win32.Worm.Wukill
Win32.Worm.Zhelatin
WinAntiVirusPro
WindowsAntivirus 2008
WinSpywareProtect
Virtumonde
XPAntivirus
Zango
MD5 checksum is 817577e04b8460935ced59be77d1a80d for core.aawdef
MD5 checksum is 52935444ac1052caee463a570abf2587 for defs.ref
Zlob sites to block
IP: 77.91.231.201
Netplwares.com
Classicmediapl.com
IP: 77.91.231.201
Media-libs.com
Wmmsupdate.com
New definitions:
====================
AntispywareProXP
AntivirusSecurity
Cleaner2009
MicroAntivirus2009
PcCleanPro
PowerAntivirus
SecurityScanner2008
Win32.Backdoor.Stridor
Win32.Flooder.Vertas
Win32.Trojan.Skintrim
Win32.TrojanDownloader.IMLoader
Win32.Trojan-Dropper.Instaler
Win32.Trojan-Dropper.Neblso
Win32.TrojanPWS.Rumrux
Win32.TrojanSpy.BewLoader
Win32.TrojanSpy.Spenir
Updated definitions:
====================
Adware.Baidu
Adware.BHO(generic)
Adware.E404
Adware.Ejik
Adware.IEHlpr
Adware.NaviPromo
Adware.NetAdware
Adware.RK
Adware.TotalVelocity
Adware.VapSup
Adware.ZenoSearch
AdwareAlert
AntiMalwareGuard
AntiSpyCheck
AntiSpyware
AntispywareBot
AntiSpywareExpert
AntiVirus 2008
AntivirusPCSuite
Ardamax Keylogger
Backdoor.Visel
Dialer
DoctorAntivirus2008
EliteKeylogger
FakeAlert
IEAntiVirus
MalWarrior
MSAntivirus
MyWebSearch
PCPrivacyTool
Perflogger
PurityScan
ShopperReports
SpywarePreventer
Toolbar.Hotbar
TotalSecure2009
Ultimate Defender
Ultimateantivirus 2008
UltimateFixer
Win32.AdWare.Cinmus
Win32.Backdoor.Agent
Win32.Backdoor.Agobot
Win32.Backdoor.Bandok
Win32.Backdoor.Bifrose
Win32.Backdoor.BlackHole
Win32.Backdoor.Bot
Win32.Backdoor.Ceckno
Win32.Backdoor.CiaDoor
Win32.Backdoor.Delf
Win32.Backdoor.DsBot
Win32.Backdoor.EggDrop
Win32.Backdoor.Farfli
Win32.Backdoor.Feardoor
Win32.Backdoor.Frauder
Win32.Backdoor.Gobot
Win32.Backdoor.H3
Win32.Backdoor.HacDef
Win32.Backdoor.Haxdoor
Win32.Backdoor.Hupigon
Win32.Backdoor.Inject
Win32.Backdoor.IRCBot
Win32.Backdoor.Joleee
Win32.Backdoor.Kbot
Win32.Backdoor.Nepoe
Win32.Backdoor.NewRest
Win32.Backdoor.Pahador
Win32.Backdoor.PcClient
Win32.Backdoor.Poison
Win32.Backdoor.PoisonIvy
Win32.Backdoor.PPdoor
Win32.Backdoor.Prorat
Win32.Backdoor.Prosti
Win32.Backdoor.Radmin
Win32.Backdoor.RBot
Win32.Backdoor.Rukap
Win32.Backdoor.SDBot
Win32.Backdoor.Shark
Win32.Backdoor.Sinowal
Win32.Backdoor.Small
Win32.Backdoor.Spyboter
Win32.Backdoor.Turkojan
Win32.Backdoor.UltimateDefender
Win32.Backdoor.VanBot
Win32.Backdoor.VB
Win32.Backdoor.Webdor
Win32.Backdoor.Vipdataend
Win32.Backdoor.Xhaker
Win32.Dialer.GBDialer
Win32.Dialer.Star
Win32.Dialer.Trojan
Win32.EmailFlooder.Delf
Win32.FakeAlert.PCHealthCenter
Win32.Flooder.Agent
Win32.Flooder.MobileBomb
Win32.Generic.PWS
Win32.Generic.Worm
Win32.Hoax.Bravia
Win32.Monitor.WinSpy
Win32.P2PWorm.Agent
Win32.P2PWorm.SpyBot
Win32.Rootkit.Agent
Win32.Rootkit.Podnuha
Win32.SpamTool.Agent
Win32.SpamTool.Blen
Win32.Trojan.Agent
Win32.Trojan.AntiAVG
Win32.Trojan.Atraps
Win32.Trojan.BAT
Win32.Trojan.BHO
Win32.Trojan.Buzus
Win32.Trojan.ConnectionService
Win32.Trojan.Crypt
Win32.Trojan.Delf
Win32.Trojan.Diamin
win32.Trojan.Dnschanger
Win32.Trojan.Downloader
Win32.Trojan.Emgr
Win32.Trojan.Emo
Win32.Trojan.ExplorerHijack
Win32.Trojan.Filco
Win32.Trojan.Fraudpack
Win32.Trojan.IFramer
Win32.Trojan.Inject
Win32.Trojan.KillAV
Win32.Trojan.KillFiles
Win32.Trojan.Krotten
Win32.Trojan.LowZones
Win32.Trojan.Mailfinder
Win32.Trojan.Midgare
Win32.Trojan.Monder
Win32.Trojan.Multis
Win32.Trojan.Nosok
Win32.Trojan.Obfuscated
Win32.Trojan.Packed
Win32.Trojan.Pakes
Win32.Trojan.Peed
Win32.Trojan.Podnuha
Win32.Trojan.Qhost
Win32.Trojan.Radi
Win32.Trojan.RegistryDisabler
Win32.Trojan.Regrun
Win32.Trojan.Restarter
Win32.Trojan.ShipUp
Win32.Trojan.Shutdowner
Win32.Trojan.Slefdel
Win32.Trojan.Small
Win32.Trojan.Spy
Win32.Trojan.StartPage
Win32.Trojan.SubSys
Win32.Trojan.Tibs
Win32.Trojan.Trash
Win32.Trojan.Vaklik
Win32.Trojan.Vapsup
Win32.Trojan.VB
Win32.Trojan.Wigon
Win32.Trojan.Virtl
Win32.Trojan.Vxgame
Win32.TrojanClicker
Win32.TrojanClicker.Delf
Win32.TrojanClicker.VB
Win32.TrojanDownloader.Adload
Win32.TrojanDownloader.Agent
Win32.TrojanDownloader.Alphabet
Win32.TrojanDownloader.Autoit
Win32.TrojanDownloader.Bagle
Win32.TrojanDownloader.Banload
Win32.TrojanDownloader.BHO
Win32.TrojanDownloader.Braviax
Win32.TrojanDownloader.Calac
Win32.TrojanDownloader.Cntr
Win32.TrojanDownloader.CodecPack
Win32.TrojanDownloader.ConHook
Win32.TrojanDownloader.Cryptic
Win32.TrojanDownloader.Dadobra
Win32.TrojanDownloader.Delf
Win32.TrojanDownloader.Firu
Win32.TrojanDownloader.FlyStudio
Win32.TrojanDownloader.FraudLoad
Win32.TrojanDownloader.Gaso
Win32.TrojanDownloader.Harnig
Win32.TrojanDownloader.Hmir
Win32.TrojanDownloader.Homles
Win32.TrojanDownloader.Injecter
Win32.TrojanDownloader.Murlo
Win32.TrojanDownloader.Mutant
Win32.TrojanDownloader.Obfuscated
Win32.TrojanDownloader.PCClient
Win32.TrojanDownloader.Pendix
Win32.TrojanDownloader.Peregar
Win32.TrojanDownloader.Psyme
Win32.TrojanDownloader.QQHelper
Win32.TrojanDownloader.Small
Win32.TrojanDownloader.Suurch
Win32.TrojanDownloader.Swizzor.bo
Win32.TrojanDownloader.Swizzor.br
Win32.TrojanDownloader.Tibs
Win32.TrojanDownloader.Tiny
Win32.TrojanDownloader.TSUpdate
Win32.TrojanDownloader.VB
Win32.TrojanDownloader.Winlagons
Win32.Trojandownloader.Zlob
Win32.TrojanDropper
Win32.Trojan-Dropper.BHO
Win32.Trojan-Dropper.Crypter
Win32.Trojan-Dropper.Cutwail
Win32.Trojan-Dropper.Decept
Win32.Trojan-Dropper.Delf
Win32.TrojanDropper.Flystud
Win32.TrojanDropper.Frijoiner
Win32.TrojanDropper.HeliosBinder
Win32.Trojan-Dropper.Joiner
Win32.TrojanDropper.KGen
Win32.TrojanDropper.Microjoin
Win32.Trojan-Dropper.MSWord.Agent
Win32.Trojan-Dropper.MuDrop
Win32.TrojanDropper.Mutant
Win32.TrojanDropper.Pincher
Win32.TrojanDropper.Small
Win32.TrojanDropper.Sramler
Win32.TrojanDropper.VB
Win32.TrojanProxy.Agent.dl
Win32.TrojanProxy.Delf
Win32.TrojanProxy.Horst
Win32.TrojanProxy.Saturn
Win32.TrojanProxy.Small
Win32.TrojanProxy.Xorpix
Win32.Trojan-PSW.Nilage
Win32.Trojan-PSW.QQRob
Win32.TrojanPWS.Delf
Win32.Trojan-PWS.Gamec
Win32.TrojanPWS.LdPinch
Win32.TrojanPWS.Lmir
Win32.TrojanPWS.Magania
Win32.Trojan-PWS.Mapler
Win32.TrojanPWS.OnlineGames
Win32.TrojanPWS.Papras
Win32.TrojanPWS.QQPass
Win32.Trojan-PWS.QQShou
Win32.TrojanPWS.Small
Win32.Trojan-PWS.Tibia
Win32.TrojanPWS.VB
Win32.TrojanPWS.WOW
Win32.TrojanRansom.BHO
Win32.TrojanSpy.Banbra
Win32.TrojanSpy.Bancos
Win32.TrojanSpy.Banker
Win32.TrojanSpy.Banpaes
Win32.TrojanSpy.BZub
Win32.TrojanSpy.Delf
Win32.TrojanSpy.Flux
Win32.TrojanSpy.Goldun
Win32.TrojanSpy.IESpy
Win32.TrojanSpy.Keylogger
Win32.TrojanSpy.Pophot
Win32.TrojanSpy.Small
Win32.TrojanSpy.Tiny
Win32.TrojanSpy.Zbot
Win32.Worm.Alcaul
Win32.Worm.Allaple
Win32.Worm.AutoIt
Win32.Worm.Autorun
Win32.Worm.Bagle
Win32.Worm.Banwarum
Win32.Worm.Delf
Win32.Worm.Downloader
Win32.Worm.Kolab
Win32.Worm.Koobface
Win32.Worm.Myspch
Win32.Worm.Polip
Win32.Worm.Prex
Win32.Worm.Rokut
Win32.Worm.SDBot
Win32.Worm.Small
Win32.Worm.Socks
Win32.Worm.Sohanad
Win32.Worm.Warezov
Win32.Worm.VB
Win32.Worm.Viking
Win32.Worm.Zhelatin
WinAntispyware2008
WinAntiVirusPro
WinSpywareProtect
WinZix
Virtumonde
VirusIsolator
XLGPrivacyControlCenter
XPAntivirus
XPDefender
XPSecurityCenter
Zango
MD5 checksum is 7da6f79848d40d759421b89cd616972c for core.aawdef
MD5 checksum is 2fab75fa8d359a88f7689dab98273489 for defs.ref
An update to yesterdays post.
IP:77.91.231.201
wplayerware.com
IP: 77.91.231.183
trustedware.com
Zlob sites to block
IP:77.91.231.201
Intervidd.com
Balupdate.com
Vbrstream.com
Vidsware.net
IP: 77.91.231.183
Optimedias.com
Mediaoptimizr.com
Piterserv.com
Plupdate.com
Zaeplugin.com
In our daily work we see many different attempts to trick a user to install dubious software. One of the more common variants is to use fake video codecs, in other words claim that the user needs to download and install their software in order to see some videos. This could look something like this.
As soon as the user enters the page they will be presented with the following warning:
0118.0000 is now available, new definition file for Ad-Aware 2008.
New definitions:
====================
XLGPrivacyControlCenter
Win32.Backdoor.Dreamy
Win32.Trojan.Emo
Win32.Trojan.Feutel
Win32.Trojan.Jakuz
Win32.Trojan.Renpwl
Win32.Trojan.Virtl
Win32.Trojan.Worldonline
Win32.TrojanDownloader.JKFQ
Win32.TrojanDownloader.JKNX
Win32.TrojanProxy.Osewlone
Win32.Trojan-PWS.IMMultiPass
Win32.TrojanSpy.Ayolog
Win32.Worm.Dropper
Win32.Worm.Gael
Updated definitions:
====================
Adware.Baidu
Adware.BHO(generic)
Adware.EShoper
Adware.IEHlpr
Adware.Kitsune
Adware.Sahat
Adware.SuperJuan
Adware.VB
Antivirus XP 2008
AntivirusDoc
Ardamax Keylogger
Dialer
FakeAlert
MSAntivirus
PC Protection Center 2008
Perflogger
PurityScan
SCKeyLog Trojan
SecureExpertCleaner
SpyLocked
Toolbar.Softo
Trojan.BAT.KillFiles
Win32.Adware.OneStep
Win32.Backdoor.Agent
Win32.Backdoor.AimBot
Win32.Backdoor.Bifrose
Win32.Backdoor.Bot
Win32.Backdoor.Cakl
Win32.Backdoor.Delf
Win32.Backdoor.DsBot
Win32.Backdoor.DSNX
Win32.Backdoor.Frauder
Win32.Backdoor.GGDoor
Win32.Backdoor.HacDef
Win32.Backdoor.Hupigon
Win32.Backdoor.Inject
Win32.Backdoor.IRCBot
Win32.Backdoor.IRCZapchast
Win32.Backdoor.Joleee
Win32.Backdoor.Lanfiltrator
Win32.Backdoor.Litmus
Win32.Backdoor.MiniKeyLog
Win32.Backdoor.Nepoe
Win32.Backdoor.Netbus
Win32.Backdoor.Nuclear
Win32.Backdoor.PcClient
Win32.Backdoor.Poison
Win32.Backdoor.PoisonIvy
Win32.Backdoor.Prorat
Win32.Backdoor.Prosti
Win32.Backdoor.RBot
Win32.Backdoor.Rizo
Win32.Backdoor.Robobot
Win32.Backdoor.Rukap
Win32.Backdoor.Rustock
Win32.Backdoor.SDBot
Win32.Backdoor.Shark
Win32.Backdoor.Sinowal
Win32.Backdoor.Small
Win32.Backdoor.SubSeven
Win32.Backdoor.Turkojan
Win32.Backdoor.VanBot
Win32.Backdoor.VB
Win32.Backdoor.VBbot
Win32.Backdoor.Webdor
Win32.Backdoor.Wollf
Win32.Backdoor.WootBot
Win32.Dialer.Trojan
Win32.DoS.VB
Win32.FakeAlert.PCHealthCenter
Win32.Flooder.Agent
Win32.Generic.PWS
Win32.Generic.Worm
Win32.Hacktool.Brontok
Win32.Hoax.Bravia
Win32.Hoax.Fera
Win32.P2PWorm.Agent
Win32.P2PWorm.Kapucen
Win32.P2PWorm.SpyBot
Win32.Rootkit.Agent
Win32.Trojan.Agent
Win32.Trojan.AntiAVG
Win32.Trojan.Atraps
Win32.Trojan.AutoIT
Win32.Trojan.BHO
Win32.Trojan.Buzus
Win32.Trojan.Crypt
Win32.Trojan.Delf
Win32.Trojan.Disabler
win32.Trojan.Dnschanger
Win32.Trojan.Downloader
Win32.Trojan.ExplorerHijack
Win32.Trojan.Gendal
Win32.Trojan.Genlot
Win32.Trojan.Hijacker
Win32.Trojan.Inject
Win32.Trojan.Keylogger
Win32.Trojan.KillAV
Win32.Trojan.KillFiles
Win32.Trojan.LowZones
Win32.Trojan.Midgare
Win32.Trojan.Monder
Win32.Trojan.Obfuscated
Win32.Trojan.Pakes
Win32.Trojan.Peed
Win32.Trojan.PWS.PassViewer
Win32.Trojan.Qhost
Win32.Trojan.Slefdel
Win32.Trojan.Small
Win32.Trojan.Spy
Win32.Trojan.StartPage
Win32.Trojan.Tibs
Win32.Trojan.Trash
Win32.Trojan.Vaklik
Win32.Trojan.Vapsup
Win32.Trojan.VB
Win32.Trojan.WGAPatch
Win32.TrojanClicker
Win32.TrojanClicker.Delf
Win32.TrojanClicker.Small
Win32.TrojanClicker.VB
Win32.TrojanClicker.XMedia
Win32.TrojanDownloader.Agent
Win32.TrojanDownloader.Autoit
Win32.TrojanDownloader.Bagle
Win32.TrojanDownloader.Banload
Win32.TrojanDownloader.BHO
Win32.TrojanDownloader.ConHook
Win32.TrojanDownloader.CWS
Win32.TrojanDownloader.Delf
Win32.TrojanDownloader.Exchanger
Win32.TrojanDownloader.Firu
Win32.TrojanDownloader.FlyStudio
Win32.TrojanDownloader.FraudLoad
Win32.TrojanDownloader.Gaso
Win32.TrojanDownloader.Hmir
Win32.TrojanDownloader.Injecter
Win32.TrojanDownloader.Mutant
Win32.TrojanDownloader.NSIS.Agent
Win32.TrojanDownloader.Obfuscated
Win32.TrojanDownloader.Pendix
Win32.TrojanDownloader.Peregar
Win32.TrojanDownloader.Small
Win32.TrojanDownloader.Tibs
Win32.TrojanDownloader.Tiny
Win32.TrojanDownloader.VB
Win32.TrojanDownloader.Winlagons
Win32.Trojandownloader.Zlob
Win32.TrojanDownloaderSwf.Agent
Win32.TrojanDropper
Win32.Trojan-Dropper.Delf
Win32.Trojan-Dropper.Dorn
Win32.TrojanDropper.EESbinder
Win32.Trojan-Dropper.KillAV
Win32.Trojan-Dropper.MuDrop
Win32.TrojanDropper.Parsi
Win32.TrojanDropper.Pincher
Win32.TrojanDropper.Small
Win32.Trojan-Dropper.Tiny
Win32.TrojanDropper.VB
Win32.Trojan-Dropper.Xbinder
Win32.TrojanProxy.Agent.dl
Win32.TrojanProxy.Daemonize
Win32.TrojanProxy.Delf
Win32.TrojanProxy.Horst
Win32.TrojanProxy.Ranky
Win32.TrojanProxy.Redbind
Win32.TrojanProxy.Slaper
Win32.TrojanProxy.Small
Win32.Trojan-PSW.Delf
Win32.Trojan-PSW.Hangame
Win32.Trojan-PSW.Nilage
Win32.TrojanPWS.Delf
Win32.Trojan-PWS.Firefox
Win32.Trojan-PWS.Horse
Win32.Trojan-PWS.IcqSmiley
Win32.TrojanPWS.LdPinch
Win32.TrojanPWS.Magania
Win32.Trojan-PWS.Mapler
Win32.TrojanPWS.Maran
Win32.Trojan-PWS.MMmtask
Win32.TrojanPWS.OnlineGames
Win32.TrojanPWS.Papras
Win32.Trojan-PWS.PdPinch
Win32.TrojanPWS.QQPass
Win32.Trojan-PWS.Stealer
Win32.TrojanPWS.Steam
Win32.Trojan-PWS.Tibia
Win32.TrojanPWS.VB
Win32.TrojanPWS.WebMoner
Win32.TrojanSpy.Banbra
Win32.TrojanSpy.Bancos
Win32.TrojanSpy.Banker
Win32.TrojanSpy.BZub
Win32.TrojanSpy.Delf
Win32.TrojanSpy.Fearless
Win32.TrojanSpy.Flux
Win32.TrojanSpy.Goldun
Win32.TrojanSpy.Keylogger
Win32.TrojanSpy.Pophot
Win32.TrojanSpy.Small
Win32.TrojanSpy.Sters
Win32.TrojanSpy.VB
Win32.TrojanSpy.Zbot
Win32.Worm.Agent
Win32.Worm.Alcaul
Win32.Worm.Allaple
Win32.Worm.Anilogo
Win32.Worm.Anker
Win32.Worm.Antinny
Win32.Worm.AutoIt
Win32.Worm.Autorun
Win32.Worm.Bagle
Win32.Worm.Brontok
Win32.Worm.Cult
Win32.Worm.Dedler
Win32.Worm.Downloader
Win32.Worm.Fujack
Win32.Worm.Gaobot
Win32.Worm.IRCBot
Win32.Worm.Kolab
Win32.Worm.Koobface
Win32.Worm.Lentin
Win32.Worm.Mabezat
Win32.Worm.Mydoom
Win32.Worm.Otwycal
Win32.Worm.Polip
Win32.Worm.Rbot
Win32.Worm.Rokut
Win32.Worm.Runouce
Win32.Worm.SDBot
Win32.Worm.Sobig
Win32.Worm.Socks
Win32.Worm.Sohanad
Win32.Worm.Warezov
Win32.Worm.VB
Win32.Worm.Viking
Win32.Worm.Zhelatin
Virtumonde
WistaAntivirus
XPAntivirus
XPSecurityCenter
MD5 checksum for core.aawdef is: 7e804b81fc1878add618799da9a24b6c
MD5 checksum for defs.ref is: 027382023f13b79608c46ce0a4c83e94
New definitions:
====================
XLGPrivacyControlCenter
Win32.Backdoor.Dreamy
Win32.Trojan.Emo
Win32.Trojan.Feutel
Win32.Trojan.Jakuz
Win32.Trojan.Renpwl
Win32.Trojan.Virtl
Win32.Trojan.Worldonline
Win32.TrojanDownloader.JKFQ
Win32.TrojanDownloader.JKNX
Win32.TrojanProxy.Osewlone
Win32.Trojan-PWS.IMMultiPass
Win32.TrojanSpy.Ayolog
Win32.Worm.Dropper
Win32.Worm.Gael
Updated definitions:
====================
Adware.Baidu
Adware.BHO(generic)
Adware.EShoper
Adware.IEHlpr
Adware.Kitsune
Adware.Sahat
Adware.SuperJuan
Adware.VB
Antivirus XP 2008
AntivirusDoc
Ardamax Keylogger
Dialer
FakeAlert
MSAntivirus
PC Protection Center 2008
Perflogger
PurityScan
SCKeyLog Trojan
SecureExpertCleaner
SpyLocked
Toolbar.Softo
Trojan.BAT.KillFiles
Win32.Adware.OneStep
Win32.Backdoor.Agent
Win32.Backdoor.AimBot
Win32.Backdoor.Bifrose
Win32.Backdoor.Bot
Win32.Backdoor.Cakl
Win32.Backdoor.Delf
Win32.Backdoor.DsBot
Win32.Backdoor.DSNX
Win32.Backdoor.Frauder
Win32.Backdoor.GGDoor
Win32.Backdoor.HacDef
Win32.Backdoor.Hupigon
Win32.Backdoor.Inject
Win32.Backdoor.IRCBot
Win32.Backdoor.IRCZapchast
Win32.Backdoor.Joleee
Win32.Backdoor.Lanfiltrator
Win32.Backdoor.Litmus
Win32.Backdoor.MiniKeyLog
Win32.Backdoor.Nepoe
Win32.Backdoor.Netbus
Win32.Backdoor.Nuclear
Win32.Backdoor.PcClient
Win32.Backdoor.Poison
Win32.Backdoor.PoisonIvy
Win32.Backdoor.Prorat
Win32.Backdoor.Prosti
Win32.Backdoor.RBot
Win32.Backdoor.Rizo
Win32.Backdoor.Robobot
Win32.Backdoor.Rukap
Win32.Backdoor.Rustock
Win32.Backdoor.SDBot
Win32.Backdoor.Shark
Win32.Backdoor.Sinowal
Win32.Backdoor.Small
Win32.Backdoor.SubSeven
Win32.Backdoor.Turkojan
Win32.Backdoor.VanBot
Win32.Backdoor.VB
Win32.Backdoor.VBbot
Win32.Backdoor.Webdor
Win32.Backdoor.Wollf
Win32.Backdoor.WootBot
Win32.Dialer.Trojan
Win32.DoS.VB
Win32.FakeAlert.PCHealthCenter
Win32.Flooder.Agent
Win32.Generic.PWS
Win32.Generic.Worm
Win32.Hacktool.Brontok
Win32.Hoax.Bravia
Win32.Hoax.Fera
Win32.P2PWorm.Agent
Win32.P2PWorm.Kapucen
Win32.P2PWorm.SpyBot
Win32.Rootkit.Agent
Win32.Trojan.Agent
Win32.Trojan.AntiAVG
Win32.Trojan.Atraps
Win32.Trojan.AutoIT
Win32.Trojan.BHO
Win32.Trojan.Buzus
Win32.Trojan.Crypt
Win32.Trojan.Delf
Win32.Trojan.Disabler
win32.Trojan.Dnschanger
Win32.Trojan.Downloader
Win32.Trojan.ExplorerHijack
Win32.Trojan.Gendal
Win32.Trojan.Genlot
Win32.Trojan.Hijacker
Win32.Trojan.Inject
Win32.Trojan.Keylogger
Win32.Trojan.KillAV
Win32.Trojan.KillFiles
Win32.Trojan.LowZones
Win32.Trojan.Midgare
Win32.Trojan.Monder
Win32.Trojan.Obfuscated
Win32.Trojan.Pakes
Win32.Trojan.Peed
Win32.Trojan.PWS.PassViewer
Win32.Trojan.Qhost
Win32.Trojan.Slefdel
Win32.Trojan.Small
Win32.Trojan.Spy
Win32.Trojan.StartPage
Win32.Trojan.Tibs
Win32.Trojan.Trash
Win32.Trojan.Vaklik
Win32.Trojan.Vapsup
Win32.Trojan.VB
Win32.Trojan.WGAPatch
Win32.TrojanClicker
Win32.TrojanClicker.Delf
Win32.TrojanClicker.Small
Win32.TrojanClicker.VB
Win32.TrojanClicker.XMedia
Win32.TrojanDownloader.Agent
Win32.TrojanDownloader.Autoit
Win32.TrojanDownloader.Bagle
Win32.TrojanDownloader.Banload
Win32.TrojanDownloader.BHO
Win32.TrojanDownloader.ConHook
Win32.TrojanDownloader.CWS
Win32.TrojanDownloader.Delf
Win32.TrojanDownloader.Exchanger
Win32.TrojanDownloader.Firu
Win32.TrojanDownloader.FlyStudio
Win32.TrojanDownloader.FraudLoad
Win32.TrojanDownloader.Gaso
Win32.TrojanDownloader.Hmir
Win32.TrojanDownloader.Injecter
Win32.TrojanDownloader.Mutant
Win32.TrojanDownloader.NSIS.Agent
Win32.TrojanDownloader.Obfuscated
Win32.TrojanDownloader.Pendix
Win32.TrojanDownloader.Peregar
Win32.TrojanDownloader.Small
Win32.TrojanDownloader.Tibs
Win32.TrojanDownloader.Tiny
Win32.TrojanDownloader.VB
Win32.TrojanDownloader.Winlagons
Win32.Trojandownloader.Zlob
Win32.TrojanDownloaderSwf.Agent
Win32.TrojanDropper
Win32.Trojan-Dropper.Delf
Win32.Trojan-Dropper.Dorn
Win32.TrojanDropper.EESbinder
Win32.Trojan-Dropper.KillAV
Win32.Trojan-Dropper.MuDrop
Win32.TrojanDropper.Parsi
Win32.TrojanDropper.Pincher
Win32.TrojanDropper.Small
Win32.Trojan-Dropper.Tiny
Win32.TrojanDropper.VB
Win32.Trojan-Dropper.Xbinder
Win32.TrojanProxy.Agent.dl
Win32.TrojanProxy.Daemonize
Win32.TrojanProxy.Delf
Win32.TrojanProxy.Horst
Win32.TrojanProxy.Ranky
Win32.TrojanProxy.Redbind
Win32.TrojanProxy.Slaper
Win32.TrojanProxy.Small
Win32.Trojan-PSW.Delf
Win32.Trojan-PSW.Hangame
Win32.Trojan-PSW.Nilage
Win32.TrojanPWS.Delf
Win32.Trojan-PWS.Firefox
Win32.Trojan-PWS.Horse
Win32.Trojan-PWS.IcqSmiley
Win32.TrojanPWS.LdPinch
Win32.TrojanPWS.Magania
Win32.Trojan-PWS.Mapler
Win32.TrojanPWS.Maran
Win32.Trojan-PWS.MMmtask
Win32.TrojanPWS.OnlineGames
Win32.TrojanPWS.Papras
Win32.Trojan-PWS.PdPinch
Win32.TrojanPWS.QQPass
Win32.Trojan-PWS.Stealer
Win32.TrojanPWS.Steam
Win32.Trojan-PWS.Tibia
Win32.TrojanPWS.VB
Win32.TrojanPWS.WebMoner
Win32.TrojanSpy.Banbra
Win32.TrojanSpy.Bancos
Win32.TrojanSpy.Banker
Win32.TrojanSpy.BZub
Win32.TrojanSpy.Delf
Win32.TrojanSpy.Fearless
Win32.TrojanSpy.Flux
Win32.TrojanSpy.Goldun
Win32.TrojanSpy.Keylogger
Win32.TrojanSpy.Pophot
Win32.TrojanSpy.Small
Win32.TrojanSpy.Sters
Win32.TrojanSpy.VB
Win32.TrojanSpy.Zbot
Win32.Worm.Agent
Win32.Worm.Alcaul
Win32.Worm.Allaple
Win32.Worm.Anilogo
Win32.Worm.Anker
Win32.Worm.Antinny
Win32.Worm.AutoIt
Win32.Worm.Autorun
Win32.Worm.Bagle
Win32.Worm.Brontok
Win32.Worm.Cult
Win32.Worm.Dedler
Win32.Worm.Downloader
Win32.Worm.Fujack
Win32.Worm.Gaobot
Win32.Worm.IRCBot
Win32.Worm.Kolab
Win32.Worm.Koobface
Win32.Worm.Lentin
Win32.Worm.Mabezat
Win32.Worm.Mydoom
Win32.Worm.Otwycal
Win32.Worm.Polip
Win32.Worm.Rbot
Win32.Worm.Rokut
Win32.Worm.Runouce
Win32.Worm.SDBot
Win32.Worm.Sobig
Win32.Worm.Socks
Win32.Worm.Sohanad
Win32.Worm.Warezov
Win32.Worm.VB
Win32.Worm.Viking
Win32.Worm.Zhelatin
Virtumonde
WistaAntivirus
XPAntivirus
XPSecurityCenter
MD5 checksum for core.aawdef is: 7e804b81fc1878add618799da9a24b6c
MD5 checksum for defs.ref is: 027382023f13b79608c46ce0a4c83e94
Recently we came across this clone of XLG Security Center. XLG Privacy Control Center is being distributed as a fake video codec and through email spam.
Upload Malware Samples
