Error Check System: As we pointed out in yesterday's post, the timing of the Facebook "Error Check System" application and the subsequent Google search results pointing to rogue antivirus sites was almost too perfect to be a coincidence.
It's entirely possible that the whole situation was designed to promote XP Antivirus variants such as "Antivirus 360" and "XP Police" (Rogue:W32/XPAntivirus). That's the formula, create something that spawns a search, then be ready to provide results that redirect to malicious sites.
Either that or the bad guys are very quick on their feet and are ruthlessly opportunistic… They're both.
Let's take a look at another recent example.
Parking Tickets: That's right, Parking tickets in North Dakota.
Many XP Antivirus variants hamper analysis by checking for an Internet connection. Our test networks need be configured to provide the expected reply if we want to automate our analysis.