Hit it again: the site that downloaded a program that wiped Hal’s computer clean as a whistle. And I stumbled across it while researching Lotrel, of all things! When I realized I was at the Malicious Drive-By Download site (MDBD), I wrote down the web address then tried to close the window. Which was more than a little difficult because, when you get one closed, other windows pop-up. Eventually, you have to press "OK" to get the MDBD window to close… iffy pressing OK.

When I did get it closed, I did an AVG, my anti-virus program, sweep and the thing had downloaded anyway! Creepy. On top of that, it was such a stubborn little program, AVG couldn’t get it to the virus vault so I had to manually delete it. Sheesh.

Because I’m a dummy, I went back to the web address and took a bunch of screen shots so you’d know what to look for and won’t fall for the ruse. Despite what I thought in the previous post, the MDBD warning window that pops up is an actual movable Windows window, a pop-up that gets around your pop-up blocker somehow. I’d thought it was a graphic on the webpage when it happened to Hal, but it’s not. It’s a window. Those MDBD guys are clever.

According to AVG 1 in a 1000 websites are MDBD sites. That sounds like a lot…

Here are the screenshots and what happened. To see the screenshots, click on them and they will open up in a bigger window:

Lotril_search1. To start with, I misspelled Lotrel. My initial search was on Lotril with an i. That’s why I got all these sites about impotence. Lotrel is for high blood pressure so I guess the marketing whizzes at MDBD saw an opportunity to appeal to geezers. When I went back to that first search results page to find which link had led me to the MDBD, I found almost all of them did. Except the one that led to a porn site. So the misspelling started me off on the wrong foot.

Virus_1_without_avg2. This is the MDBD website and the first window that comes up. Notice the pop up window is labeled Windows Internet Explorer. Looks pretty authentic.

BTW, this is actually the second time I went to the MDBD site because I didn’t think to get a screen shot the first time. The first time, the little pop up window said: "Attention! Your PC may not have virus protection system. This may lead to your PC being infected. Now your system will be scanned for security risks. Press OK to continue." Clearly, whoever wrote this is not a native speaker of English.

Virus_2 3. Between the first and second visits, I installed the AVG toolbar. So on the second visit, AVG warned me about the site. The first time I saw the AVG warning window I thought it was another MDBD fake one!

This trip through the MDBD site, while I’m taking the screenshots, I had to close the AVG window via the "x" in the upper right corner. If I had closed with the AVG "OK" button, it would have closed the MDBD website and I couldn’t have proceeded through to see what happens and get the screenshots. So I risk it all to get some screenshots… brilliant.

Virus_34. Once I got the initial MDBD pop-up closed, this webpage appeared (with my trusty AVG alert on top.) I closed the AVG alert window via the "x" so I could see the MDBD page.

Virus_45. Notice MDBD’s "logo" is shaped like a Window’s security logo but with the colors of my AVG logo. Going for an authentic look without getting sued for logo infringement. When I clicked the "x" to close the MDBD website …

Virus_56. … I got this pop-up. I did not want to press "OK" or "Cancel" – they both were suspect as far as I was concerned – so I closed the pop-up with the "x". That worked. Then I closed the webpage with its "x". That worked.

Virus_67. Only, look, the MDBD has opened a new pop-up ("Antivirus 2008…") with my AVG warning window on top of it. AVG is on the job, I like that! Now you can also see AVG and Skype that have been open on the desktop.

Virus_78. So. I closed the AVG warning window so I can get the screenshot. You can see the MDBD site. If you don’t have an anti-virus software program like AVG, this is all you’ll see. You won’t get any warning. The MDBD site is very well done… it looks completely authentic to me. Even though the English is a give-away, you have to read it carefully to notice.

Virus_89. Unfortunately, closing this last MDBD page is not easy. The little pop-up kept coming up. I’d close the MDBD pop-up by clicking the "x". Then click the "x" on the main window and the little MDBD pop-up would pop back up asking again did I really want to close this valuable website?Virus_9_2 This is where I finally had to click "OK" to close the whole thing down.

The Evil Opposite Tactic: Notice that you are instructed by the MDBD pop-up that clicking "Cancel" gets you the software, while clicking "OK" gets you out of the site. Most of us will automatically click "Cancel" to get out of something… but those clever bad guys set it up to trick you. Evil.

Virus_deleted_210. Once I finally gave in and clicked "OK" and got the last of the windows closed, I ran AVG again and it found the MDBD software again. Both times the software had downloaded, even though I tried my best to avoid it.

I visited the site a third time, while I was checking the links from my Lotril search. As soon as my AVG warning box came up, I clicked "OK" (instead of closing it via the "x") which gave AVG permission to block the site and keep the software from being downloaded.

We’ve used AVG for at least four years. We bought a package of five licenses and just keep renewing them. It works great, especially now with the toolbar on the browser. Without the toolbar, the virus slips in… you need that toolbar!

My question is: why do people spend their time creating malicious software? What do they get out of it? The Conspiracy Theory is that anti-virus software creators create some of ’em… There’s a certain logic to that. I used to suspect my monthly pest control expert of spraying sugar water around the house once every few months, too. Yeah, completely paranoid. I think I’ll keep my AVG subscription current. Just in case.

AddThis Social Bookmark Button
Previous Post
Next Post