We’ve just spotted another “security website” that offers to aid users in getting rid of spyware plaguing their systems. In reality however, this website does nothing but trick the user into installing an adware application into their system.

Although the website doesn’t automatically download the rogue application, it does a fairly good job of tricking the user to download for themselves.
Similar to the numerous ZLOB-carrying codec websites that proliferated during 2006, this one plays on the unsuspecting user’s gullibility regarding security applications. Click on any of the download links and the file malwarealarmsetup.exe is downloaded on your system. When this file is executed, it displays the usual dialog boxes being used by the usual installation package for legitimate applications, even displaying the standard EULA text.

An appropriate solution for this threat is already underway and it is to be detected as ADW_SPYSHERIF.BG. As a word of caution, do not download or install anything that this website offers.

Yep it is, and it seems like the domain was created for the sole purpose of hosting malware.

A quick look on our malicious URL records shows 97725.com provides malicious downloads for malwares such as PE_LOOKED, TSPY_LEGMIR, TROJ_MULDROP, TSPY_QQPASS, TSPY_WOW, and the most recent Microsoft exploit that hit it big - EXPL_ANIGEN.

The said domain is hosted in China (not suprising) and most of the malwares that download or can be downloaded from 97725.com are all related to online game stealing.
One interesting anti - URL Blocking technique used by the malicious author/s is the use of subdomains. 123.97725.com, down.97725.com, and www.97725.com are the subdomains related to 97725.com discovered by Trend. As of writing, the domain 97725.com is being added to the URL Web Blocking list.

We advise network administrators and IT personnel to check for connection attempts to 97725.com as it could signify an infected computer in the network.