MalwareDisasters is a division of MalwareIntelligence. In the same test information is captured about the behavior of malicious code, and also offering the necessary countermeasures to mitigate the malicious actions in question.

8.21.2010

Litter Korean rogue lurking II

Se trata de otro rogue perteneciente a la camada que actualmente se encuentra al acecho. Su nombre es PC Boan Plus.
pcboanplus.com - 222.122.84.56 - KORNET KOREA TELECOM

Domains that resolve to the same IP:
postmaster.8282tv.co.kr
pspd.org

PcBoanPlus2SetupH.exe (0ab2cc07373a4b88a0084f12ae63f54f)



This rogue report a system of affiliates Pay-per-Install that resolves the domain to an IP address corresponding to the ISP "KRNIC".

211.33.123.40/pcboanplus/install.php?mac=000C29CA888C&partner=PcBoanPlus&ver=

file.pcboanPlus.com/app/updater/PcBoanPlus2Up.exe
file.pcboanplus.com/app/Client/PcBoanplus2.exe
pcboanplus.com/app/badinfo.php?Vn=2005010100&Kind=comp

s223.pc-korea.net/badlist/2010080700_badfile.dat



Countermeasure

Uninstall from Program Files
Running updated antivirus


Related information

Litter Korean rogue lurking I
PC Defender Antivirus rogue update system registry
Phoenix Exploit's Kit and Pay-per-Install via PC Defender Antivirus
Dangerous trojans, keyloggers and Spyware detected in you computer!!!
Desktop Hijack by Internet Security 2010. Your System Is Infected!
Pirated Edition. Affiliate program Pay-per-Install
Pay-per-Install through VIVA INSTALLS / HAPPY INSTALLS in BKCNET “SIA” IZZI 

0 comentarios:

Post a Comment

Subscribe to: Post Comments (Atom)