I've downloaded the software and provided Michael with screenshots.
In summary it's a Get Rich Quick scam. The software download page has one of those
lengthy videos so I just skipped to 2/3 and caught the guy saying "the software is
free but you too can get rich by buying the rights to giveaway a branded version, for only
So the guy paid for it and decided door-to-door was the best thing.
Once the software is installed it downloads the Mozilla engine and uses it as a browser to
have access to a directory of (crap) sites. Also to an "academy" teaching you
how to "connect to the Internet", things like sending emails, registering on
Facebook. Also offers 1-on-1 help desk - but when you click that button it says you have
to pay to have access to it. And all while showing some very ugly banner on the bottom of
While the AV on my VM didn't scream murder, I'm pretty sure you'd find out it
full of adware, spyware, crapware too...
From: nznog-bounces(a)list.waikato.ac.nz [mailto:email@example.com] On Behalf
Of Dean Pemberton
Sent: Friday, 5 August 2011 13:25
Subject: Re: [nznog] New(?) scam: Door to door malware in Christchurch
Anyone else seen anything similar?
I'm at a loss to understand if this is:
a) a really lame targetted attack
b) a wide scale attack that we have only heard one example of.
On 2/08/11 12:55 PM, Michael Fincham wrote:
Just had a visit to our Christchurch offices from a shady guy claiming
"ISPs snoop on all your traffic, you should download this free, secure
browser" who then proceeded to hand our tech who answered the door
several URLs on a piece of paper.
I can't imagine a world in which the "linked" executable is anything
aside from a malware payload, though VirusTotal returns nothing for
the file, so it may be new or just creatively packed.
Here's a picture of the piece of paper given to our tech:
The URLs on the paper are:
I'm happy to provide a copy of the payload for analysis and I'm sure
our tech could give a more thorough description of the chap if anyone
wants to take this further.
NZNOG mailing list