Tag Archive for 'fake-av'

Cybercriminals Abuse ZeuS Tracker To Promote Fake-AV

Published on August 1, 2010 in Monitoring & Reporting and ZeuS Tracker. 0 Comments Tags: , , , , , , .

Everybody loves the ZeuS Tracker – even the bad guys…

Today a friend over PhishLabs contacted me regarding a Fake-AV software (also known as “Rogue Antivirus” or “Scareware”) which obviously uses the ZeuS Tracker to get a good reputation and to promote the product. The software is called Shield EC and is being sold thru the website www.[dot]shieldec[dot]com:

When you read the first sentence on their website you will be pretty surprised:

Shield EC is a result of two-year research and close collaboration of programmers and analysts from Martindale Enterprises LTD and Zeus Tracker, the main center for ZeuS epidemic prevention.

… and in the “About the company” section:

The major achievements of the company count a joint development with ZeuS Tracker of a unique anti virus Shield EC, targeted at fighting banking Zbot (ZeuS) Trojan.

The cybercriminals are using two domain names to spread their rogue security software:

shieldec.com
jokory2.com

The two mentioned domain names are hosted on the Avalanche FastFlux botnet which is also being used for a long time to host malicious ZeuS C&C servers:

Reference: abuse.ch FastFlux Tracker

There is a list of ZeuS C&C domain names hosted on the Avalanche FastFlux botnet available on the ZeuS Tracker:

Reference: List of ZeuS domains hosted on Avalanch FastFlux botnet

Of course the ZeuS Tracker would never cooperate with any criminal organization. The promoted software is 100% rogue so please stay away from it!
economics-recluse
Scene
Urgent!