« Animated cursor vulnerability continues | Main | WinFixer Strikes Again »

NASCAR? No, it's the Spy Sherrif Exploit

Posted by Aaron Weber on April 18, 2007 08:37 PM

NASCAR is one of the most popular and fastest-growing spectator sports in the United States, but that doesn't stop the occasional race track from going under, like Tioga Motorsports Park did in 2005. It looks like their troubles started before that, though: as far back as 2002, someone had registered the domain "tiogamotorsportspark dot com" and set up a different kind of racy site-- one we rate red.

Actually, they did something a little trickier than that: They set up a redirect from there to another red site, impliedscripting dot com, and then from there to the red site repuc dot info and finally from that to the security-risk porno site advancedhunt dot com. On Advanced Hunt, files continue to load from a series of sites identified only by IP address.

Unfortunately for any unsuspecting race fans, the trouble doesn't end there. Our exploit expert Harry says the site is also host to Spy Sheriff, a program that pretends to be anti-spyware and is nearly impossible to remove once it's installed. Spy Sheriff, also known as "Pest Trap," tries to trick computer users into buying the program by warning them about made-up threats to their systems.

Here's a video-- watch the status bar in the lower left corner of the window as it cycles through the different risky websites. Then, notice the dialog that pops up warning about infections: that's Spy Sheriff.

TrackBack

TrackBack URL for this entry:
http://blog.siteadvisor.com/mt/mt-tb.cgi/85

Comments

WHat gets me, is the wikipedia aritcle you linktoo . It turn links to a forum thread describing how to remove the malware. By using a EXE.

Given that the user probably gotinto trouble by running a EXE which purpotede it to remove spyware -what guaranteess have they got that this is any better.

Sigh ;-).
Why do people think distributing binaries is helpful..

Posted by: Roger Gammans | April 20, 2007 12:35 PM

How can SiteAdvisor protect us from sites containing questionable links to other sites?

Posted by: Marc K | May 17, 2007 10:32 AM

Wow!That is just plain tricky.Watch out and use Siteadvisor! Speaking of threats,look out for SpyStormer adware.It's annoying.

Posted by: Dakota | June 2, 2007 01:28 AM

Post a comment

(If you haven't left a comment here before, you may need to be approved by the site owner before your comment will appear. Until then, it won't appear on the entry. Thanks for waiting.)