setup_1096_MTE1NXwzNXww_.exe (false negative)

[DarthTrader]

Hello,

setup_1096_MTE1NXwzNXww_.exe is a malware sample from hxxp://www.bestantivirus2009.com, which no longer exists, but may come back anytime.  CIMA reports that this file is not suspicious, but in fact it is a fake security app.  I can PM the sample if you wish.

DarthTrader

[Baskar]

Hello Darth Trader,

Could you please submit the file to us.

To know how to submit the file to us, please check the following link,

How to report/submit false positives

Much appreciated.

Regards,

[DarthTrader]

Hello Baskar,

The file was submitted last night with "CIMA FALSE NEGATIVE..." in the subject line.

Baskar, please have a look at this page:

-Removed by 3xist for Safety Reasons of our users-

This page has a list of recently discovered malware sites.  Look for sites like "anti-spyware-this" or "anti-virus-that" and you can download and test the very latest malware samples.  This list is updated several times a day.

Regards,
DarthTrader

[3xist]

Hi Darth.

Please Email the link to Basker. I removed the link to prevent users from accidentally clicking on infected links, etc.

Josh

[DarthTrader]

Hello 3xist,

I have just PMed the link to Baskar.  Please be advised that I do not intend to submit many malware files for analysis.  I think the researchers should be "proactive" at finding samples.  

Some these sites are being taken down:
http://msmvps.com/blogs/hostsnews/archive/2008/09/12/1647592.aspx

But there are still plenty of live ones left and more are being added to "hphosts-partial" list every day.  I spend a lot of time looking for those sites and making sure they get added to that list.

Regards,
DarthTrader