The "campaign managers" behind these fake security software propositions are not just starting to take park them at up to three different locations, localize the sites to different languages and introduce client-side exploits, just in case the end user gets suspicious and doesn't install it, but also, the natural evasive practices. For instance, once some of their domains get detected and blocked, they put them in a stand by mode and relaunch them online in a week or so, or ensure that only those coming to the domains from where they are supposed to come - yet another blackhat SEO or SQL injection attack - are the only ones getting to see the download screen.
Some of the new additions parked at the same IPs offered by the "known suspects" include :
main-scanner .com - (77.244.220.138; 78.159.97.247; 89.149.209.251; 212.95.37.154)
scanner-mainpro .com
scanner-online1 .com
alldiskscheck300 .com
myscanners101 .com
download-a1 .com
scanner-online1 .com
multilang1 .com
ratemyblog1 .com
multisearch1 .com
filescheck-list303 .com
woodst-sale .com
scanner-mainpro .com
main-scanner .com
directrevisions .com
supersolution-freeantivirus .com - (213.155.2.69)
antivirus-bestsolution .net
antivirus4protection .net
antivirusproxp .com
freebest-antivirus .net
goodantivirus-free .net
noadwareantivirus .com
pwrantivirus2009 .com
solution-freeantivirus .com
supersolution-antivirus .com
supersolution-freeantivirus .com
antivirusdwl .com
securesoftdl .com
viva-codec .com
win-antivirus-protect .com
avxp-2008 .net
antivirusq .net
antivirus2008b .net
antivirus2008m .net
antivirus2008n .net
antivirus2008v .net
antivirus777 .com
antivirusq .net
antivirusr .net
antivirust .net
antivirusw .net
antivirusu .net
expressantivirus2009 .com
spywarezscan .net
antispywareq .net
free-anti-spywaree .net
avcheckyourpc .net
software-for-me08 .com - (78.157.143.250)
software-for-me-08 .com
softwarefor-me2008 .com
softwarefor-me-2008 .com
software-forme08 .com
doctor2antivirus .com - (217.112.94.226; 87.248.163.56)
doctor5antivirus .com
doctor6antivirus .com
doctor7antivirus .com
doctor8antivirus .com
doctorantivirus2008a .com
doctor-antivirus .com
bcodecnow .net
mysoftwarefreezone .com - (91.203.92.97)
hotvid44 .com
totsec2009 .com
getdefender2009 .com
totalsecure2009 .com
myveryprivatevid .com
mustseethatvid .com
onlythebestvid .com
ie-antivirus-order .com
ie-anti-virus .com
secure-order-box .com
secureexpertcleaner .com - (89.149.227.50)
bestxpclean2008 .com
virusremover2008 .com
registrydoctor2008 .com
securefileshredder .com
hypersecurefileshredder .com
bestsecureexpertcleaner .com
getdefender2009 .com - (58.65.238.34)
malwarebell .com
free-viruscan .com
tmptmpservvv .com
cometoseemyshow .com
getneededsoftware .com - (91.203.93.25)
gettotalsec2008 .com
thedownloadvid .com
scan.pc-antispyware-scanner .com
totalsecure2009 .com
wista-antivirus2009 .com - (216.255.179.203)
usawindowsupdates .com - (85.17.143.213)
mswindowsupdates .com
The campaigns and the hosting providers are continuously monitored, especially taking into consideration the fact that the domains are already appearing in Alexa's web rankings with sudden peaks of traffic.
Related posts:
Fake Security Software Domains Serving Exploits
A Diverse Portfolio of Fake Security Software - Part Four
A Diverse Portfolio of Fake Security Software - Part Three
A Diverse Portfolio of Fake Security Software - Part Two
Localized Fake Security Software
Diverse Portfolio of Fake Security Software
Got Your XPShield Up and Running?
Fake PestPatrol Security Software
RBN's Fake Security Software
Lazy Summer Days at UkrTeleGroup Ltd
Geolocating Malicious ISPs
The Malicious ISPs You Rarely See in Any Report
Independent Contractor. Bitcoin: 15Zvie1j8CjSR52doVSZSjctCDSx3pDjKZ Email: dancho.danchev@hush.com OMEMO: ddanchev@conversations.im | OTR: danchodanchev@xmpp.jp | TOX ID: 2E6FCA35A18AA76B2CCE33B55404A796F077CADA56F38922A1988AA381AE617A15D3D3E3E6F1
Tuesday, September 02, 2008
A Diverse Portfolio of Fake Security Software - Part Five
Independent Security Consultancy, Threat Intelligence Analysis (OSINT/Cyber Counter Intelligence) and Competitive Intelligence research on demand. Insightful, unbiased, and client-tailored assessments, neatly communicated in the form of interactive reports - because anticipating the emerging threatscape is what shapes the big picture at the end of the day. Approach me at dancho.danchev@hush.com
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment