The opinions expressed herein are entirely my own and do not represent the opinions of any other entity with which I am affiliated. Opinions expressed in comments and trackbacks are those of their respective authors and do not necessarily reflect my own point of view.
All works are licensed under a Creative Commons Attribution-Noncommercial-No Derivative Works 3.0 United States License.
© Copyright 2006-2009 MalwareTeks
If you been following along, many are familiar with the IE Defender discussion at Castle Cops, http://www.castlecops.com/p1017137-iedefender.html#1017137. Previously blogged about, here.
Well, today Andy at Security Cadets, blogged this, Is this the new comedy? IE Defender Related.
Here is what the site looked like yesterday:
Image from Security Cadets.
Today:
The site now displays: IEDefender is coming…
Source: AndyAtHull (securitycadets.com)
Edited: 2007-11-12 12:16 PM EST
Site Live now serving IE Defender:
Whois Information for: xiedefender.com
[whois.estdomains.com]
Registration Service Provided By: ESTDOMAINS INC
Contact: +1.3027224217
Website: http://www.estdomains.comDomain Name: XIEDEFENDER.COMRegistrant:
N/A
Alexander (iedefender@gmail.com)
Yborevicha street
Kiev
Kiev Oblast,93000
UA
Tel. +380.993363649Creation Date: 25-Oct-2007
Expiration Date: 25-Oct-2008Domain servers in listed order:
ns2.xiedefender.com
ns1.xiedefender.comAdministrative Contact:
N/A
Alexander (iedefender@gmail.com)
Yborevicha street
Kiev
Kiev Oblast,93000
UA
Tel. +380.993363649Technical Contact:
N/A
Alexander (iedefender@gmail.com)
Yborevicha street
Kiev
Kiev Oblast,93000
UA
Tel. +380.993363649Billing Contact:
N/A
Alexander (iedefender@gmail.com)
Yborevicha street
Kiev
Kiev Oblast,93000
UA
Tel. +380.993363649Status:ACTIVE
The data in this whois database is provided to you for informationpurposes only, that is, to assist you in obtaining information about or related to a domain name registration record. We make this informationavailable “as is”, and do not guarantee its accuracy. By submitting awhois query, you agree that you will use this data only for lawfulpurposes and that, under no circumstances will you use this data to:( 1) enable high volume, automated, electronic processes that stress orload this whois database system providing you this information; or (2) allow, enable, or otherwise support the transmission of massunsolicited, commercial advertising or solicitations via fascimile,electronic mail, or by telephone. The compilation, repackaging,dissemination or other use of this data is expressly prohibited withoutprior written consent from us. The registrar of record is Critical Internet, Inc.. We reserve the right to modifythese terms at any time. By submitting this query, you agree to abideby these terms.
Same folks, different page.
XHTML:
More Options ...
Categories
Tag Cloud
Blog RSS
Comments RSS
Void « Default
Life 
Earth 
Wind 
Water 
Fire Light
Previous: 
Next: 
Comment Meta:
Last 50 Posts 
Back
8:54 am - November 12th, 2007
[...] Coverage:- MalwareTeks Share this with: These icons link to social bookmarking sites where readers can share and [...]
7:23 pm - December 15th, 2007
This morning, December 15, I was infected by the iedefender malware. It seems they must have updated their malware as the fix posted is no longer working. Any chance your working on an update before I reformat?
8:06 pm - December 15th, 2007
Yes, I will putting out an update in the next couple of hours.
However, to make sure the variant on your system is one of the variants I am adding to FixIEDef; please register at the main site, http://www.malwareteks.com, and post a HijackThis log in the Malware Removal Forum. So, I can determine which variant is responsible for your infection.
10:53 am - December 18th, 2007
I too,am infected( xied….).wish I had dough to go to this scum & take care of him. Any help from You?,I don’t know where to look.(yet)
12:11 pm - December 18th, 2007
hibbsie, if you have not done so, download and run FixIEDef from http://www.malwareteks.com/FixIEDef.php.
If FixIEDef does not remove the infection, then you have a variant that the tool currently does not target. In that case register on the main site, http://malwareteks.com/signup.php and start a new thread in the Malware Removal Forum, and post a HijackThis log. If you do not have HijackThis it can be downloaded from Trendsecure.com