|
Donation/Premium |
|
 |
|
|
|
|
|
|
|
|
|
| View previous topic :: View next topic |
| Author |
Message |
tetak
MIRT Team Lead
Premium Member
Joined: Jan 19, 2007
Posts: 5869
|
|
| Back to top |
|
 |
ShadowPuterDude
Trooper
Premium Member
Joined: Oct 21, 2006
Posts: 27
|
 Posted: Fri Jan 04, 2008 9:41 pm Post subject: |
|
|
FixIEDef detects and removes Files-Secure since the 24th of December. When I first discovered Files-Secure, a full 3 days before Sun Belt blogged about it.
http://www.malwarebytes.org/forums/index.php?showtopic=3197
_________________
Microsoft MVP Consumer Security 2007-2008
Member - Alliance of Security Analysis Professionals - Since 2006
|
|
| Back to top |
|
|
Drewcat
Guest
IP: 4.242.*.*
|
| Posted: Sun Jan 27, 2008 3:32 pm Post subject: Another name with email addy even |
|
|
Not sure if anyone noticed this, but it hasn't been mentioned. The thieves are on site advisor and sunbelt blog comments. Obviously part of the tactic is to try to fool people into questioning the validity of this product. Funny how they admit some of the problems to try to gain some legitimacy.
They posted under the same name on sunbelt blog as they did with this first post on site advisor- jeremybeadle
Maybe you should try to toss an email their way.
http://www.siteadvisor.com/sites/iedefender.com/msgpage?page=1#reviews
| Quote: | A clean 'test PC' newly installed with a fully updated version of 'Microsoft Windows XP SP2' was used to analyze the official 'IEDefender 2.4' application available on iedefender[DOT]com.
The instillation application made the following changes to the 'test PC':
None of these files/registry entries seemed suspicious and none seemed as if they
were intended to be used with malicious intent.
The program was then run and immediately a 'system scan' begun. The scan was
a little too fast but no malware was detected (which is correct as there was none
present on the machine). The scanner seems to work on a exact database, although
malware scanners now have the ability to detect suspicious behavior in
applications that are not yet on their databases.
The following system diagnostics were then carried out:
First, I carried out an active 'BHO' ('Browser Helper Object') and 'ActiveX' scan,
as I had been informed by many anti-malware companies (some more legitimate than
others) that the supposedly "rogue" anti-malware application 'IEDefender' used
malicious BHOs to create deceptive warnings of malware infections.
However, I was un-able to locate any suspicious BHOs or ActiveX controls.
I then carried out a 'HijackThis' scan and no suspicious entries were located.
UNINSTALL
When a typical windows uninstall attempt was made ('Add/Remove Programs' - 'Windows XP'), the program was
not removed to a satisfactory standard. A minimal amount of files were removed and the registry was hardly edited. Furthermore, the 'IEDefender' application was still able to run after it was "uninstalled" (although it was able to detect no malware due to the removal of the 'DB' format files.
--------------------------------------------------------
THE 'ZLOB' TROJAN
IEDefender is listed on the 'Sunbelt-Software' threat compilation domain as dropping files such as:
media_codec_install_wizard_3912981.exe
and openmp3.exe
However, this only occurs during the instillation of the 'Zlob' varient that advertises 'IEDefender', NOT the official 'IEDefender' application. Could this be another case of misbehaving afflites?
After e-mailing support@iedefender[DOT]com, I was shocked to recieve a reply..
Maybe this needs more looking into.
----------------------------------------------------------
d4rkr1d3r
For more information contact me at jeremybeadle_claw@hotmail.com |
http://www.siteadvisor.com/sites/iedefender.com/msgpage?page=2#reviews
| Quote: | This needs significantly more research.
Many individuals claim IEDefender to be a rogue anti-malware application. The reason for this is mainly (but not entirely) due to the fact that the software is known to be advertised by the 'Zlob' ('Puper'/'Popuper') trojan.
I had heard of IEDefender before and simply considered it to be another rogue anti-malware application. While researching 'MalwareAlarm' (another rogue-anti malware application), I located a blog entry that claimed it was in direct connection with 'IEDefender' (this later turned out to be inconclusive). As a result of this, I promptly opened up Mozilla Firefox within the confines of a sandbox and begun to view the domain: iedefender[DOT]com. I found myself amazed at the wealth of rare and original features for a rogue anti-malware's domain to posses (such as a forum - complete with posts, Recently updated 'Daily updated news & events').
However, the domain did posses many suspicious traits such as blocks of text that appeared to be copied from other anti-malware company's domains and multiple "free scan" requests posted in image form around the site.
I decided I should check for one trait that was surely not going to be present in such a domain: a functional customer support e-mail or contact information. So thusly, I located their e-mail (iedefender@gmail[DOT]com) and send them a test e-mail, requesting the answer to a malware related question. Their response was swift and actually answered my question. I was shocked, many rogue anti-malware domains posses a contact e-mail, but they aren't suppost to actually work!
I then sent an e-mail inquiring as to why the 'Zlob' trojan was marketing their software. This was their response:
"Our software is not a rogue software of course. We have our own database of spyware, malware and suspicious files. And our spyware don't make any fake results, only real spyware at customers computers, that we clean.
Also we know about problems with Zlob, one of our distributors used it to sell our software and that was the reason, why some of antispyware companies mark us as a rogue spyware, we've contacted them and some of them delete our software. In any case we're going to make a rebrending soon, because some people associate us with Microsoft and we don't need any problems with this association and also we're going to get a digital certificate for our software.
Hope, that information helped you."
This information did not help me, although it did raise some questions. Is it possible that IEDefender was simply marketed through 'Zlob' by a paid partner WITHOUT their consent?
The most interesting find however, was IEDefender's 'CastleCops' forum profile. The URL is:  /modules.php?name=Forums&file=profile&mode=viewprofile&u=182415
Here, they make many statements regarding their product being considered as rogue. It is worth viewing if you are interested in the subject.
I would also wish to finally add, that there are MANY signs that lead to the conclusion that IEDefender is a rogue anti-malware software (domain registered to 'ESTDOMAINS.INC', exploitation of the name 'IE', e.t.c..)
and this review was not intended to lead to any other conclusion. I would also like to add for users information that this particular domain was rated green by SiteAdvisor staff on Wednesday, 28th November 2007 (the date of this review).
---------------------------------------------------------------
d4rkr1d3r |
http://www.haloscan.com/comments/alexeck/8490199377668533318/
http://sunbeltblog.blogspot.com/2007/11/rather-heated-debate-with-rogue.html
Look in Comments
| Quote: | You are all wrong and you don't even realise it. Maybe you should further research the matter and then you will see.
----------------------------------------
jeremybeadle_claw@hotmail.com
Jay | 12.08.07 - 8:26 am | # |
[/quote]
|
|
| Back to top |
|
|
Drewcat
Guest
IP: 4.242.*.*
|
| Posted: Sun Jan 27, 2008 3:43 pm Post subject: ROFL |
|
|
hahaha
| Quote: | | However, the domain did posses many suspicious traits such as blocks of text that appeared to be copied from other anti-malware company's domains and multiple "free scan" requests posted in image form around the site. |
rofl, I do find these posts by the IEdefender fool quite entertaining in context of having just read the whole CC thread. It took me forever to re-find the link to the Sunbelt blog comments, so I hope you guys enjoy  .
[/code]
|
|
| Back to top |
|
|
Drewcat
Guest
IP: 4.242.*.*
|
| Posted: Sun Jan 27, 2008 3:53 pm Post subject: |
|
|
Um ya Im just reading back through some of this as I hadnt read it all the first time.
Someone may want to take care of this CClink he has going and listed in one of his posts
/modules.php?name=Forums&file=profile&mode=viewprofile&u=182415
Sorry, guess I should sign in so I can edit.
|
|
| Back to top |
|
|
d4rkr1d3r
Cadet
Joined: Feb 09, 2008
Posts: 5
Location: Uk
|
| Posted: Sat Feb 09, 2008 12:30 am Post subject: Hello |
|
|
Woah, wasn't expecting this 
No, I do not work with 'IEDefender', though I know a lot about it and it's authors.
I have come to the conclusion that yes, it is in fact rouge. I have also come to a lot of other conclusions but that's besides the point.
Instead of posting my review on a forum, why didn't you just try e-mailing me?
Well, I'll fill ya in:
'IEDefender' was created by the 'RBN' ('RussianBusinessNetwork'), as with many other rogue anti-malware applications,
the makers of 'IEDefender' recently produced the fist rogue anti-malware application aimed at the 'Mac' platform ('MacSweeper' - 'macsweeper[DOT]com' - this has it's own 'Windows' clone: 'Cleanator' - 'cleanator[DOT]com'),
As many of you have already figured out, they have created a clone of 'IEDefender' called 'files-secure',
'IEDefender' did remove threats and did not install malware on it's own accord.
Any other questions and I'll be happy to awnswer them but please direct them to:
Email address deleted by moderator
------------------------------------------------------------------------
d4rkr1d3r
|
|
| Back to top |
|
|
Drewcat
Cadet
Joined: Dec 24, 2007
Posts: 4
Location: USA
|
| Posted: Sun Feb 10, 2008 1:26 pm Post subject: |
|
|
Lies...
I am sorry CC allows you to stay here to peddle your wares and pat yourself on the back. I see people right now who are trying to clean their computers of your crud. You're a manipulative person who can not execute manipulation with any skill. So what you're saying is you don't get paid? Because you surely "work with" them or are some poser.
You sure weren't acting like you knew "a lot about it and it's authors" as you parroted exactly on site advisor any and all complaints the security people had, just to turn around and try to make iedefender look legit. "They emailed me back!What a surprise!They must be legit!". I mean really, do you think people are going to fall for it? Then putting a link back here to your IEdefender account hoping to steer Pm's your way while at the same time showing your own threads full of profanity was a stroke of genius. Stroke of genius I tell you, well genius or brain damage, one of the two.
All one has to do is read the information available. Sure it may take some time but people can easily see what you are. What you have posted on site advisor is more then clear especially in relation to this thread. It matters not "who" you are so much as that it's well documented "what" you are doing.
For those interested to see the truth of this matter-
read this CC thread and then read the reviews here
http://www.siteadvisor.com/sites/iedefender.com/msgpage?page=1#reviews
It will give you a good laugh.
It's more then clear for anyone to see what you are up to. You really should try to get better at what you do if you are going to keep doing it. Trying to act all 1337 is really funny too.
Go ahead post away Mr. 1337, hang yourself some more. Plus, if I feel like it then I can write up a detailed post outlining what you have done for "proves".
|
|
| Back to top |
|
|
ShadowPuterDude
Trooper
Premium Member
Joined: Oct 21, 2006
Posts: 27
|
| Posted: Sun Feb 10, 2008 2:34 pm Post subject: |
|
|
d4rkr1d3r,
Nobody knows you, you show up start posting and try to make IE Defender sound legit, mostly at Site Advisor. There are a couple of other sites you have posted on, but not nearly as often as you have posted on Site Advisor.
No one, is going to email you to carry on a discussion, in private with you. You posted on public boards and the conversation will be carried out on those very same public boards.
| Quote: | | 'IEDefender' did remove threats and did not install malware on it's own accord. |
Of course, all the rouges seem to remove some of the more benign threats, but nothing really major. No one ever said IE Defender installs malware, at least I never did.
Trying to figure out who you are:
Google Link
Google Link
Google Link
Google Link
Google Link
Google Link
Google Link
Your YouTube Profile:
http://www.youtube.com/user/darkrider53
Which, indicates that you are 14 years old.
[img]http://images.malwareteks.com/d4rkr1d3r.png[/img]
You profess to be a PC malware analyst; but 3 weeks ago on The Effects of Spyware, Google Cache is so cool, you say:
| Quote: | If I gave you my IP ... ( 3 weeks ago by darkrider53)
If I gave you my IP and e-mail, perhaps you could tell me how you could accomplish any malicious activity with such information? Simply possessing an individual's IP address does not constitute a method for malware infection. The only possible methods of spreading malware using email are exploits contained in the text of an e-mail opened using a HTML (Hypertext Markup Language) format e-mail client (of which I do not use) or an executable attachment on an e-mail (of which I would not open). |
and
| Quote: | Another way of ... ( 3 weeks ago by darkrider53)
Another way of sending malware through e-mail? |
If you really are a Malware Analyst, there is no need to ask such questions.
The last few Google searches, I posted, for Jeremy Beadle, all return pages for someone you clearly are not.
You appear to be intelligent, and well spoken. However, no one in this community knows you?
So, who are you?
_________________
Microsoft MVP Consumer Security 2007-2008
Member - Alliance of Security Analysis Professionals - Since 2006
|
|
| Back to top |
|
|
PAN_IRISH
Currently banned
Major
Premium Member
Joined: Feb 01, 2007
Posts: 1005
|
| Posted: Sun Feb 10, 2008 11:43 pm Post subject: |
|
|
| ShadowPuterDude wrote: |
Your YouTube Profile:
http://www.youtube.com/user/darkrider53
Which, indicates that you are 14 years old.
[img]http://images.malwareteks.com/d4rkr1d3r.png[/img]
So, who are you? |
Probably an ALIAS,
OF SOMEONE UNDER INDICTMENT
by the FBI in SACRAMENTO,CA.
Love the name darkrider,
sure is stealthy!
ROFL
.
.
|
|
| Back to top |
|
|
hedvigue
Trooper
Joined: Nov 13, 2007
Posts: 17
|
| Posted: Tue Feb 12, 2008 11:04 am Post subject: |
|
|
Guys moved to a new host. This time in Germany.
iedefender.com 89.149.227.195
Anyone from Germany here or speaks german? Can you please abuse to that hosting provider or even call? I suppose they still don`t understand that they host malware! 
|
|
| Back to top |
|
|
tetak
MIRT Team Lead
Premium Member
Joined: Jan 19, 2007
Posts: 5869
|
|
| Back to top |
|
|
tetak
MIRT Team Lead
Premium Member
Joined: Jan 19, 2007
Posts: 5869
|
|
| Back to top |
|
|
hedvigue
Trooper
Joined: Nov 13, 2007
Posts: 17
|
|
| Back to top |
|
|
hedvigue
Trooper
Joined: Nov 13, 2007
Posts: 17
|
|
| Back to top |
|
|
maditellyou
Cadet
Joined: Feb 14, 2008
Posts: 1
Location: USA
|
| Posted: Thu Feb 14, 2008 12:45 am Post subject: |
|
|
Okay, I think I've finally found the right place. This insufferable monster has got my computer by the short and curlies, and I'm at a loss as to how to get rid of it. Please, one of you valiant knights rescue this poor, wart-ridden peasant.
Please. I'll give you my daughter.
|
|
| Back to top |
|
|
|
|
|
You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You cannot download files in this forum
|
Powered by phpBB © 2001 phpBB Group
|
Forum FAQ
Search
Usergroups
Profile
Login to check your private messages
Login
