Fake malware scan on Myspace ad
I just accessed a Myspace profile, and after a second or so, a fake malware scan started. The scan was launched from mednetsafety.com. When looking in my history, I see the page was titled SoftCop - Online Protection. This thing eventually tries to drop a setup.exe file.
Scary.. And the scariest was that this was launched from Myspace, so they’ve gotten a bad guy into their ad network.
I don’t see any info on that site and malware, so this might be rather new.
Question is, was the site hacked, or was it set up by bad guys.
Hmm, registered by someone in London - apparently non existent address, with a non-British sounding name, and the registrar is nic.ru. The domain was just registered a few days ago.
In the page loaded, there’s a reference to typesords.com, owned by the same person a few days ago.
Good enough for me, this looks like a bad guy, though probably not a real name:
Contact Name: Johnny Dakaskas
Contact Organization: Johnny Dakaskas
Contact Street1: Sunstayn’s Rd 11
Contact City: London
Contact State: London
Contact Postal Code: 31032
Contact Country: GB
Contact Phone: +44 118 95034543
Contact Fax: +44 118 95034543
Contact E-mail: johnny.dakaskas@gmail.com
According to MalwareURL, Johnny Dakaskas has a group of domains, and most of them are dropping FakeSmoke Trojan.
the same thing happens to me, alot in the past weeks. RuneScape is infected with this. I’ve reported from them 3 times by now from different malware. it is the Wini family, - TrustSoldier, TrustFighter, TrustWarrior, TrustCop, SecureWarrior, SecureFighter, SecureVeteran, SecuritySoldier, SoftSafeness, SaveDefense and more - that are spreading like flu and causing havoc. according to safeweb.norton.com they appear to be from Russia or Ukraine mostly.
In this day and age what is a British sounding name? Here in Britain we have a very diverse range of people.
Also this wouldn’t be the first time MySpace has been used to spread malware.
Who’s to say the MySpace administrators didn’t authorize this themselves?