Protecting over 200 million PCs, Macs, & Mobiles – more than any other antivirus

February 9th, 2010

Human exploiting

In this time, most of all new computers are sold with Windows 7 64bit. This new operation system and new processor features (DEP + ASLR) makes exploiting more difficult. Easier way how to run attacker’s code on victim computer is to convince users to download it voluntarily. Last week we received one interesting example. Let see it…

Almost everyone knows hosting site SourceForge.net for open source projects. There is also hosted well know project PDFCreator. On picture below you can see download page with two Google AdSense advertising units.

Downloading is delayed to get some time for the user to read and click advertisements. Let’s look closer at the picture. The ad on the right side is made in graphic design similar to SourceForge.net page. The natural step is click on big green button “Download Now!”.

Bad guys must be very good in SEO, as their choice of good keywords leads to displaying this exact ad on this exact page.

By clicking the button, you get to the fraudulent page. See the next picture…

Clicking anywhere on this page starts the downloading of the executable file (~300k). This file is lite downloader, but  not malicious. It does download 5MB file in proprietary format and installs it to common Program Files directory. There is suspicious additional file “PrinterSetup.exe” written in Delphi.

Many thanks for analysis and description to our user Pavel Hejrovský.

Categories: analyses, Virus Lab Tags:
  1. February 11th, 2010 at 04:05 | #1

    Hi Michal,

    As your information at this blog, is it that website have suspicious malware if user clicked it?

    Cheers,
    yanto chiang

  2. February 11th, 2010 at 18:37 | #2

    Yes, exactly

  3. February 12th, 2010 at 11:14 | #3

    Michal Trs :
    Yes, exactly

    Hi Michal,

    Ok then,

    Nice information to share.
    Keep updating about malware or virus family in this blog.
    So this blog will be more interesting to visit.

    Cheers,
    Yanto chiang

  4. February 18th, 2010 at 05:03 | #4

    IN my computer
    all the files icons in some folders are displayed with a check box and cant open or select with a single click, the the check box shows a tick mark
    if we change the folder name then the files inside shows no problem. if we change to the previous name the problem reappearing..
    nothing found with virus scan..
    how can i solve this problem?

  5. February 22nd, 2010 at 13:25 | #5

    Shocking to know that attackers are using such a popular ad network to spread virus. Warrants the need to exercise more caution!!

Comments are closed.