Tuesday, October 28, 2008

A Diverse Portfolio of Fake Security Software - Part Eleven

The following portfolio of fake security software appear to have been integrated within traffic redirection doorways during the weekend, consequently redirecting hundreds of thousands of users acquired from blackhat hat SEO, malvertising, email spam and SQL injections, to non-existent security vendors and their non-existent security products. Here's an excerpt from one of the templates that they're using :


"Since its first establishement in 2001, Antivirus V.I.P consistently maintained its position as one of the world's leading companies in antivirus research and product development. Antivirus V.I.P is known mostly for Antivirus V.I.P, its powerful mix of Anti-Malware, Anti-Virus, Anti-Trojan, Anti-Backdoor, Anti-Worm and Anti-PornoDial in one program. Antivirus V.I.P scans and removes trojans and other malware, which can be placed on a computer without the owner's knowledge.

Antivirus V.I.P is a powerful and easy-to-use Trojan horses, Viruses and all types of Malware removal software, which detects and eliminates more than 100'000 Trojan Horses and Spywares. It also detects viruses, trojans, worms, spyware, malicious ActiveX controls and Java applets. The latest version of Antivirus V.I.P features outstanding detection abilities, together with high performance. Antivirus V.I.P creates best anti-virus, anti-trojan and anti-spyware security solutions that protect computer users from ever-increasing cyber threats and all the dangers of the new century.
"

And the domains and their associated IPs :

antivirus-freescan .com (208.72.169.100)
defendyourpc .com
mycupupdate .com
secureupdatecenter .com
secureupdateserver .com
webscannertools .com
secureyourpayments .com
protection-overview .com

save-my-pc-now .com (84.243.196.136; 89.149.227.196; 89.149.227.232)
antivirus-pcscan .com
hiqualityscan .com
active-scanner .com
perfectscanner .com

livesecurityinfo .com (216.240.134.208)
protection-freescan .com
antvirushelp .com
prosecurity-audit .com

scan-my-pc .com (89.149.251.56)
securedclickhere .com

premiumlivescan .com (78.159.118.217; 89.149.253.215; 216.240.134.211)
quick-live-scan .com

ekerberos .com (77.244.220.134; 119.47.81.140; 218.106.90.227)
virtualpcguard .com (67.55.81.200)
antivirus-vip .com (216.32.76.87)

As I've already pointed out numerous times in the past, on the majority of occasions the "campaigners" aren't fully taking advantage of the evasive features that their traffic management kits empower them with.

Related posts:
A Diverse Portfolio of Fake Security Software - Part Ten
A Diverse Portfolio of Fake Security Software - Part Nine
A Diverse Portfolio of Fake Security Software - Part Eight
A Diverse Portfolio of Fake Security Software - Part Seven
A Diverse Portfolio of Fake Security Software - Part Six
A Diverse Portfolio of Fake Security Software - Part Five
A Diverse Portfolio of Fake Security Software - Part Four
A Diverse Portfolio of Fake Security Software - Part Three
A Diverse Portfolio of Fake Security Software - Part Two
Diverse Portfolio of Fake Security Software