This is the translated version of the original post (german version).
The internet is full of risk – at every corner. In general you can catch a trojan horse, backdoor, spyware or other malicious software on every internet page. And the bad guys do improve their tricks ongoing. It’s not a fault to take care and always be suspicious. A homepage witch is camouflaged as helpful could track your computer or install bad software. The baddies do use perfidious and unusual tricks to catch the credulous user where it causes the most damage: at the infection of the own computer. But nobody does guess an unfair business idea with PC Pandora in combination with malicious software.
The newest trick uses the domain address scanner.lastdefender.net. I stumbled on a helpful offer, as suddenly the online scanner from Pandora opened a popup page.
[click for full size]
An online scanner with a professionel appearance opened and made a scan of my hard disk. At least it appears as a real scan. But during the scan I got perplex. None of the scanned and found files are on my hard disk. The online scanner only showed windows files, such as ipsecsnp.dll or driverquery.exe. But I do use a linux system and there aren’t any dll- or exe-files. Therefor I followed the scan till the result. The program funnily enough scanned very rapidly. But which BDU does recognize this attitude? The fear of a local virus infection would be bigger than the care of a proper scan result. The scanner rapidly notified an infected file. Dear god, I do have a virus into my system! The story continued. A lot of file are infected – informed me the online scanner. At the end the program showed me the deflating „truth“:
[click for full size]
The scanner found two backdoors (Win32/NTRoot and Win32/Sivuxa.) and one trojan horse (Trojan.Caiijing). Damn it! At this point for a windows BDU the pulse would be at 180 and the fingers start to sweat. But the real security risk would follow. If you are ingenuous, you would somewhere click on the page. You do not need to push „Remove all“ – it’s unimportant for the effect: a windows software is beginning to download (install_ltd.exe). Thanks for the service 😉 In conclusion it would be the best four you and your system to remove all the viruses. To speed up the process, you get involved to permit an activex-control to get access to your Internet Explorer. Safety is the highest goal. Nothing bad could happen – the software is developed by Pandora. The company’s name stand up for a high quality of security programs. I would love to believe the mean well of the software.
[click for full size]
Also the final windows program does notify a virus infection on my system. A warning message pops up with the following options: „Heal“, „Delete“ or „Move to Quarantine“. If you want to get rid of the virus you have to register *smile*. But this service is not for free. For an legal license you have to go to www.thelastdefender.com/buy.php. One click on „Credit Card“ will forward you to secure.pandora-software.com/cgi-bin/… At this point the story is getting criminal. You have to pay 50 US-$ by credit card. The domain „pandora-software.com“ constitutes a high level of security. Nothing bad could happen. Only one thing: a whois-check to this domain shows some oddly information:
ThePayOnline Company Mark D Frank (nike525252@*****) Cleveland Ohio
Where is gone Pandora Software? Who is Mark D Frank? And why do he use such an strangely Yahoo-address? A cheater? Who knows! Someone who ordered this piece of software by his credit card have to figure out bad late effects.
Later at a little bit more investigation on the domain www.pandora-software.com the name Oleg Dvorezky is striking out. After a few queries at Google I found out this. All the following websites are dealing with the same kind and maybe are part of this internet deception:
- easyspywarecleaner.com
- infestop.com
- i-kerberos.com
- lastdefender.com
- lastdefender.net
- pandora-software.com
- perfectcleaner2007.com
- spyaway2007.com
- spy-rid.com
- stable2.com
- winifixer.com
A lot of these domains are registered by the anonymization service privacyprotect.org or by the hoster estdomains.com. The hint ends somewhere in Russia. And finally I could not except that this anti virus software includes a backdoor functionality. On my linux system the program could not run with the whole functionality because some dll and other windows functions are missing.
Finally I will advert to the real Pandora Corporation, which is developing real and effective security programs.
nice share, good
article, very usefull for me…thank you