Jump to content


Photo

Warning: Do not visit lolcounterS.com


  • Please log in to reply
9 replies to this topic

#1 InfiniteIce

InfiniteIce

    Newbie

  • Members
  • Pip
  • 23 posts

Posted 06 May 2012 - 03:04 AM

To keep people aware:
Upvote on Reddit http://www.reddit.co...scom_with_an_s/
Bump on LoL forums: http://na.leagueofle...d.php?t=2095369


There's another one of these around. I saw this one being spammed in stream chats.

www.lolcounter.com is a legitimate website used for finding counters to a champion.

www.lolcounterS.com (with an 'S') is a copy paste of lolcounter.com text. On loading, it asks you to run a JAVA applet. The JAVA applet has the same certificate details as the last malware site (that one was a ripoff/imposter site of www.leagueofstats.com), originating from Northern Kenya.

It also tells you that your Flash is out of date/missing, and AUTOMATICALLY starts downloading a fake flash installer (legitimate file name copied from the real Flash installer so as to avoid suspicion, but it's more malware)

On viewing the source code, you can see many explicit references to basically ripping text from the legitimate website lolcounter.com, as well as references to the IP 46.166.***.*** which leads to the ANON JDB. This is an FUD JAVA control panel. I'm not going to give the full IP, because I don't really want more people having access to this, to be honest.

http://blog.webroot....e-by-downloads/ confirms that this site follows the exact behavior of an offered paid malware distribution service. JAVA applet, fake flash infection...

AnonJDB – a Java based malware distribution platform for drive-by downloads.

What’s particularly interesting about AnonJDB is its easy-to-manage command and control interface, and the fact that the cybercriminals are offering Dual Infection Via Adobe Flash Update.

...the service is outsourced to a vendor offering managed hosting services for the entire platform, including the supply of fully undetected malicious Java applets and executable binaries.


So, do not go to lolcounterS.com. I would like to reiterate that www.lolCOUNTER.com is legitimate and a lot of people use it. The one with the 'S' on the end is dirty.

Just wanted to let people know, because I'm sure people will go "oh hey looks useful" on a stream chat, or wherever else.
  • 0

#2 Ryan Firecrotch

Ryan Firecrotch

    Member

  • Members
  • PipPip
  • 32 posts

Posted 06 May 2012 - 03:06 AM

Thank you for this, do you mind if I post this on reddit or have you already?
  • 0
Posted Image

#3 InfiniteIce

InfiniteIce

    Newbie

  • Members
  • Pip
  • 23 posts

Posted 06 May 2012 - 03:18 AM

Thank you for this, do you mind if I post this on reddit or have you already?

I posted it
http://www.reddit.co...scom_with_an_s/
  • 0

#4 SouthernSun

SouthernSun

    Cute like Teemo

  • Members
  • 1031 posts

Posted 06 May 2012 - 01:11 PM

Oh fuck, I clicked on it and accepted that Flash update thing.

What do I do now.
  • 0
Posted Image

#5 RawCape

RawCape

    Professional Thread Derailer

  • Members
  • 2991 posts

Posted 06 May 2012 - 01:25 PM

Oh fuck, I clicked on it and accepted that Flash update thing.

What do I do now.


Put your computer in the microwave! Quick! Dyrus did this as well!
  • 1
"Humans are the embodiment of change, change and permanency. I'm no different. Except in the ways that I am."

"It's really simple, if you don't think about it."

Posted Image

#6 IGN Eneco

IGN Eneco

    Member

  • Members
  • PipPip
  • 88 posts

Posted 06 May 2012 - 01:55 PM

real advice on how to get rid of the virus would be nice.
  • 0

#7 RawCape

RawCape

    Professional Thread Derailer

  • Members
  • 2991 posts

Posted 06 May 2012 - 02:09 PM

real advice on how to get rid of the virus would be nice.


Fine, fine.. I'll be helpful for once.

http://www.surfright.nl/en

Go there, download it. Install it and follow the steps. (You can choose to run it once or keep it on your computer).

It'll remove most (if not all) viruses/spyware/malware you have.

After that I'd advice you get an Antivirus(Eset NOD32 for e.x.), Anti-Malware(Malware Bytes for e.x.) and Anti-Spyware (Spybot, search and destroy for e.x.)

Also, I highly suggest getting Adaware. It's pretty useful for those who love to watch pr0n on non-safe websites.

If you can't/don't want to afford Eset NOD32, you can use AVG Free, which will fill up most needs, as long as you have the other 2 softwares installed.

GLHF
  • 2
"Humans are the embodiment of change, change and permanency. I'm no different. Except in the ways that I am."

"It's really simple, if you don't think about it."

Posted Image

#8 IGN Eneco

IGN Eneco

    Member

  • Members
  • PipPip
  • 88 posts

Posted 06 May 2012 - 02:22 PM

Fine, fine.. I'll be helpful for once.

http://www.surfright.nl/en

Go there, download it. Install it and follow the steps. (You can choose to run it once or keep it on your computer).

It'll remove most (if not all) viruses/spyware/malware you have.

After that I'd advice you get an Antivirus(Eset NOD32 for e.x.), Anti-Malware(Malware Bytes for e.x.) and Anti-Spyware (Spybot, search and destroy for e.x.)

Also, I highly suggest getting Adaware. It's pretty useful for those who love to watch pr0n on non-safe websites.

If you can't/don't want to afford Eset NOD32, you can use AVG Free, which will fill up most needs, as long as you have the other 2 softwares installed.

GLHF


<3
  • 0

#9 SouthernSun

SouthernSun

    Cute like Teemo

  • Members
  • 1031 posts

Posted 06 May 2012 - 02:31 PM

Fine, fine.. I'll be helpful for once.

http://www.surfright.nl/en

Go there, download it. Install it and follow the steps. (You can choose to run it once or keep it on your computer).

It'll remove most (if not all) viruses/spyware/malware you have.

After that I'd advice you get an Antivirus(Eset NOD32 for e.x.), Anti-Malware(Malware Bytes for e.x.) and Anti-Spyware (Spybot, search and destroy for e.x.)

Also, I highly suggest getting Adaware. It's pretty useful for those who love to watch pr0n on non-safe websites.

If you can't/don't want to afford Eset NOD32, you can use AVG Free, which will fill up most needs, as long as you have the other 2 softwares installed.

GLHF


Hey, thanks man.

+1 for you. :)
  • 0
Posted Image

#10 IGN Eneco

IGN Eneco

    Member

  • Members
  • PipPip
  • 88 posts

Posted 06 May 2012 - 02:54 PM

Hey, thanks man.

+1 for you. :)



Here is the path for the virus

C:\Users\%Username%\Appdata\Roaming\JavaUpdater\setup.exe
  • 0