Don’t. Continuing previous posts with three different portfolios of fake security software, and Zlob malware variants posing as video codecs, the rogue security application XP Shield is the latest addition to the never ending list, with the following domains participating in the campaign :
The detection rates for the time being :
Scanners result : 1/32 (3.13%)
File size: 517632 bytes
Scanners result : 4/32 (12.5%)
File size: 65024 bytes
How would the end user reach these domains from a malicious attacker’s perspective at the first place? Once being redirected to them through an already SQL injected or iFrame embedded legitimate site, with evidence of the practice seen in the majority of massive iFrame, SEO poisoning and SQL injections campaigns from the last couple of months.