It has been discovered by threatfire research blog that several malicious web sites are distributing exploits to spread the Antivirus 360 rogue anti-spyware program. One form of delivering this malware is through malformed pdf files affecting different versions of Adobe’s pdf reader program. The executed shellcode calls the command URLDownloadToFileA on hxxp://svc .ms / xrun.tmp and Winexec. QuickTime Player plugins may also be used as an exploit for downloading this malware onto your system.

The actual malicious file is a downloader that contains instructions to contact different websites that downloads several files including the Vundo trojan package. From the previous Antivirus 2009 rogue application we know how security researchers found that in some cases the rogue application came from the Vundo Trojan. This time it is Antivirus 360 web scanner that is advertised through popups coming from the downloaded adware. The message is nothing but a javascipt that pretends to have scanned the infected machine and found malware. This is the typical path taken by malware infections such as those related to Antivirus 360 and Antivirus 2009.

Learn more...»