Antivirus 360 Distribution – Update Third Party Plugins

Antivirus 360 is the new Antivirus 2009 indeed. It is spreading using the same old commodity plugin exploit techniques as AV 2009. Be sure to update any QuickTime Player or Adobe Plugins that you may be running to the latest versions.

A number of web sites are delivering a variety of exploits to get this rogueware on your system. One method of delivery that seems to be very reliable is via a set of malformed pdf files. The malware files exploit various versions of the Adobe pdf reader, delivering download and execute shellcode, calling URLDownloadToFileA on hxxp://svc .ms / xrun.tmp, and Winexec on that download.

This file is a custom packed downloader. After a long delay, it contacts multiple web sites, then pulls down a number of files, including another awful Vundo package that was at the top of hit lists for years.
The first popup from the downloaded adware on the system was redirected to the Antivirus 360 Web Scanner, which is nothing more than cheap javascript pretending to scan one’s hard drive and fraudulently claim malware is littering the system. On another system, we saw VirusRemover2008 being hucked by the redirected popup with lots of fraudulent detections and shocking warnings.

So please, keep this stuff off of your system. Update all third party plugins on your system.

This entry was posted in Online Fraud, The Law. Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *


You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>