Fake A/V Scamware Revisited

Following up on my post from yesterday, if you’re interested in IPS or web filter URL pathings, a majority of the fake a/v paths have been consistent:

  • /2009/download/trial/InstallAV*
  • /download/av_2009glof.exe
  • /download/av_360glof.exe
  • /promo/download/trial/InstallAV*
  • /spygd08/install.php

Blocking these or blocking executable downloads from URLs including these paths won’t stop them all but they will certainly help.