Monday, January 26, 2009

New rogue: IE-Security

IE-Security is new rogue software that belongs to IEDefender family. The IE-Security installer, ie.exe, is hosted at 216.240.151.112 and http://ie-security.com (216.240.151.135). The user-interface of IE-Security is a rip-off of Microsoft Windows Defender.


VirusTotal scan result of IE-Security installer can be found here. By the way, people at IE-Security provide 27x7 support ;)


Files dropped by IE-Security installer:
%PROGRAMFILES%\IE-Security\ies.s1
%PROGRAMFILES%\IE-Security\ies.s2
%PROGRAMFILES%\IE-Security\ies.s3
%PROGRAMFILES%\IE-Security\ies.s4
%PROGRAMFILES%\IE-Security\iescan.exe
%PROGRAMFILES%\IE-Security\uninstall.exe
%USERPROFILE%\Desktop\IE-Security.lnk
%USERPROFILE%\Start Menu\Programs\IE-Security.lnk

where,
%PROGRAMFILES% is \Program Files\ directory in root-drive,
%USERPROFILE% is \Documents and Settings\UserName\ directory in root-drive.

Registry keys created by IE-Security installer:
HKEY_CURRENT_USER\Software\IE-Security
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "IE-Security"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE-Security

0 Comments:

Post a Comment

<< Home