The folks over at MX Lab wrote this blog entry about a particularly nasty malware site they discovered recently.
When checking some URLs at MX Lab this one caught our attention because it is a nice trick to distribute malware. The trick is to attract people that want high speed internet for free. Don’t we all want this? I believe so but this one isn’t going to offer you high speed internet at all.
The website starts with a very nice offer:
Attention All Customers: March 19, 2009
Comcast High Speed Self Installation Kit v.4 is a special utility designed to boost the speed of your connection. This tool has advanced features of the 3rd generation high speed internet with multiple connections , download scheduling, and many more. It is free proposition for all Comcast clients (any connection) for 300 days.
The upshot is that they have you download an installer, named ComcastHSkit.exe, which actually installs a rootkit that turns off the Windows firewall and Security Center and then “phones home” to a notorious malicious site. Real nasty stuff.
The reason I’ve designated this as “particularly nasty” is that it looks like the real deal. The bad guys in this case have really done a good job of spoofing the kind of stuff that Comcast spams it’s customers (including me) with regularly. While I wouldn’t expect a network security savvy person to fall for this, sadly I can’t say the same for most folks. I know quite a few people who would see this kind of offer and, not unreasonably, want to take “Comcast” up on their offer to speed up their network connection. Especially here in Colorado where our broadband speeds are, well, not that speedy.
Give this a pass. You’ll be glad you did.
And thanks to the guys at MX Lab.
Security For All 