I've seen this a handful of times within the last month or so, seems to be more prevalent recently.
Don Guyer Windows Systems Engineer RIM Operations Engineering Distributed - A Team, Tier 2 Enterprise Technology Group Fiserv don.gu...@fiserv.com Office: 1-800-523-7282 x 1673 Fax: 610-233-0404 www.fiserv.com <http://www.fiserv.com/> From: Erik Goldoff [mailto:egold...@gmail.com] Sent: Friday, May 20, 2011 8:34 AM To: NT System Admin Issues Subject: RE: Fake AV site Hmmm, must be a fake-av construction kit. The interior dialog box titled 'Windows Security Alert' is identical, word for word, letter for letter, except for a seemingly random display of the 'threats' found to a fake-av I dealt with at a client site a few months ago, that was triggered from momentecue4.com . Identical including the same heinous spelling and grammatical errors ! Erik Goldoff IT Consultant Systems, Networks, & Security ' Security is an ongoing process, not a one time event ! ' From: Jeff Bunting [mailto:bunting.j...@gmail.com] Sent: Thursday, May 19, 2011 8:29 PM To: NT System Admin Issues Subject: Fake AV site Ran across a fake AV site this evening, with a faux-windows explorer web page. Anyone have favorite places to report this sort of thing? I sent the URL to Google's malware reporting, didn't know if there were other well-regarded places to submit these Here's a .png screenshot of the web page I took if anyone's interested (SkyDrive). The green progress bar was animated and completed its "scan" before the "windows security alert" popped up. The page was easily closed by killing the IE tab (the domain name appears in the image) http://public.blu.livefilestore.com/y1pHzOqf6GUpj4i-Jmq3CZd6VhkMg0yNK33p u-4PcTBzLjmkydC3bY_BUfYoKsbnH-a7DaUXp9fq8CyGwHEQAepWw/FakeAV.png?psid=1 Jeff ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin