NEWS FROM THE LAB - Monday, November 10, 2008

Stupid Rogue Trick Posted by Sean @ 14:02 GMT

We came across a rogue today called Antivirus Professional 2008 that uses GeoIP Lookup as part of its scare tactics.

This site uses Flash and script to create the effect of an online scan, that then attempts to push an installer at the visitor.

The NoScript extension for Mozilla Firefox is an excellent way to mitigate against this kind of garbage.

Antivirus Professional 2008 Helsinki

But here's the interesting thing…

The "antivirus online scanner" site is using the visitor's IP address to customize the so-called threat.

Oh no. Trojan.Helsinki.Downloader.26. Right.


Refreshing the page regenerates the supposed threat.

Antivirus Professional 2008 Helsinki