Scam Misleading Site?

This is probably the dumbest question I ever asked. Is this a spyware site? Misleading site?

Code:

hxxp://www.dixalivop.com/recherche/katmandu-c/investing/727-798.html

All it does is ask you something, honestly, don't be afraid to click it. I would not post something that automatically installs.

 

Don't really know but something is going on here.

If I access the site with FF with NoScript enabled, it shows me a different site. If I disable NoScript for this site, it redirects me to different sites - it has redirected me to youtube, microsoft, yahoo with option for a Program to Install.

I would be very wary of this site & stay clear of it.

 

That site is redirecting to install flashplayer, supposedly from macromedia, however the url gives it away to those who are paying attention, note the red part, which is the actual domain the file is coming from, not macromedia:

Code:

hxxp://fpdownload.macromedia.com.get.flashplayer.current.usasrv01.[COLOR="Red"]hk[/COLOR]/downloads/install_flash_player.exe

It has already been scanned by Virus Total originally on Nov1, which had it 4\36, but now scans at 8\36, not much better really:
File install_flash_player.exe received on 11.01.2008 17:12:56 (CET)

Result: 8/36 (22.23%)
AntiVir 7.9.0.31 2008.11.11 TR/Dropper.Gen
Avast 4.8.1248.0 2008.11.11 Win32:Trojan-gen {Other}
BitDefender 7.2 2008.11.12 Trojan.PWS.Games.C
eSafe 7.0.17.0 2008.11.11 Suspicious File
GData 19 2008.11.12 Trojan.PWS.Games.C
Panda 9.0.0.4 2008.11.11 Suspicious file
SecureWeb-Gateway 6.7.6 2008.11.12 Heuristic.Malware
Symantec 10 2008.11.11 Trojan Horse


http://www.virustotal.com/analisis/bf6ab999b653362de00bd65e98b61a96

There is a quick stop at:
hxxp://n3t.cc/in.cgi?default&seoref=&parameter=$keyword&se=$se&ur=1&HTTP_REFERER=http%3A%2F%2Fwww.dixalivop.com%2Frecherche%2Fkatmandu-c%2Finvesting%2F727-798.html&default_keyword=727%20798&tag=lfnew

So rsinfo you were certainly right in avoiding that site.

Users need to always be leery whenever prompted to install any file to view any sort of media content.

I'm going to install it and see what runs.

 

Here is what I wound up with:

File vinrunerz.exe received on 11.11.2008 22:29:34 (CET)
Current status: finished

Result: 11/36 (30.56%)
AntiVir - - TR/Crypt.XPACK.Gen
Avast - - Win32:Trojan-gen {Other}
AVG - - SHeur.CRWF
BitDefender - - Trojan.PWS.Games.C
eSafe - - Suspicious File
GData - - Trojan.PWS.Games.C
Norman - - W32/Smalltroj.IEDO
Prevx1 - - Worm
SecureWeb-Gateway - - Trojan.Crypt.XPACK.Gen
Symantec - - Downloader
TrendMicro - - PAK_Generic.001


http://www.virustotal.com/analisis/95ab07a11d68187af6614dffbaefac31

And analysis by some experienced people:
http://www.threatexpert.com/report.aspx?uid=9ea1a6f2-0ae7-470d-b8e3-9061f147a654

http://research.sunbelt-software.com/threatdisplay.aspx?name=Goldun.Fam&threatid=43858

the link referenced in the Threat Expert is the exact link I got the file from.

 

Amazing

It is amazing how an inexperienced user can get caught in that scam. Not only did it mention flash player once, but also asked me to install a microsoft security update WHICH I DENIED OBVIOUSLY. This is especially weird after Patch Tuesday.

 

wait so what malware did you get?

 

Very brave.

Note to beginners/inexperienced users - I won't try that even with fully patched computer, with anti virus, anti spyware loaded. Its downright dangerous & not for faint hearted.

 

Sniper ........

............. Just when it looked like you might be coming around based on some of your other posts in a couple of other threads But wait a minute - I'm going to give you the benefit of the doubt and encourage you to continue reforming your past habits.

Now, for a little different perspective and a bit of humor - lets look at your posts in this thread (and please don't take offense, just look at this objectively). Chalk it up to a good learning experience.