It's being used in referral spam for one of our clients.
http://antivirus-scanner(dot)com/1/?xx=1&in=2&h=1&ag=2&end=1&g=1&aid=dogma&affid=286& lid=1
That's not even the URL we're seeing, but when you go to the one in the logs, it redirects here.
It's at the very least something like a browser hijack, with the OK+Cancel dialog box, and more to the point, when you try to leave the page, it starts a .EXE file download. FireFox asks you first, but still.
The real question, tho, is what's going on, exactly? It's got some progress bars and text - these are animated gifs, no? There's no way FF is going to serve up all the files on my drive to some malicious web server. And, even if there were, there's no way it could upload them so quickly!
Then it tells you you have a virus. I'm guessing the .EXE file they send you is a virus? Or something to enlist you in a botnet?
What's going on here? |
