A new Rogue Antivirus program called Total Defender appeared over the weekend.
The following data is included for informational purposes only. Please do not attempt to view or download files from the website.
Domain: Total-Defender. com
IP: 94.247.2.41
Country: Latvia
Host: DATORU EXPRESS SERVISS Ltd.
Organization: ZlKon
File: total-defender-setup.exe
Connects to:
0 200 HTTP 94.247.2.41 /ck.php 21
1 200 HTTP 94.247.2.41 /tdd.php?i=1
2 200 HTTP 94.247.2.41 /ck.php
3 301 HTTP 94.247.2.41 /tdp.php?ak=24DIGITHASH
4 200 HTTP CONNECT pp-pay.net:443
5 200 HTTP CONNECT pp-pay.net:443
6 200 HTTP CONNECT pp-pay.net:443
7 200 HTTP CONNECT bill-support.com:443
Additional Info:
An interesting thing we noticed is that the Rogue did not attempt to
scare us into purchasing it, rather telling us that the computer was
secure after the scan. The Rogue authors are probably doing this to
keep a high amount of Rogue installations active for the purposes of
data theft or for hire services.
Panda Security specializes in the development of endpoint security products and is part of the WatchGuard portfolio of IT security solutions. Initially focused on the development of antivirus software, the company has since expanded its line of business to advanced cyber-security services with technology for preventing cyber-crime.
