Wednesday, October 22, 2008

A Diverse Portfolio of Fake Security Software - Part Ten

Popping up like mushrooms, these are the very latest rogue security software domains for your case building, cross-checking, or blackholing pleasure. Interestingly, next to decentralizing the hosting locations, they're also using legitimate hosting providers, whose reputation they've also been abusing for spamming in the past :

go-scan-pro .com (78.157.143.184)
internet-antivirus-2008 .com
ia-stat-ia .com
ia-scanner-pc .com
ia-scanner-pro .com
goscanpc .com
go-iascan .com
ia-install-pro .com
ia-scan-pro .com
ia-scanner-pro .com
ia-scanpro .com
ia-scannerpro .com
ia-free-scanner .com
ia-scan-now .com

online-antivirus .net (91.203.70.57)
virus-scan-online .com
online-virus-scanning .com
scanner-protection .com
online-scan .net

s-avirus2009 .com (92.241.177.70)
sa-vir2009-buy .com
s-avir2009-buy .com

xpas-2009 .com (96.9.135.85; 206.161.120.26)
xp-as-2009 .com

antimalwaresuite2009 .com (58.65.234.193)
cleaner2009pro .com

pcdefender2008 .com (89.149.241.228)
database-virus .com (75.125.215.35)

Moreover, a new template which you can see in the attached screenshots that mimicking a local AV scanning, has been circulating for a while. Naturally, it's localized and based on the browser's default language is serving a local version of the message. Follow the customer and expose the vendor still works, however, in between the average time it takes to track them down, a great number of people have already purchased the rogue software. The rogue security software business model is very similar to the spamming business model in the sense that they don't care whether 5, 10 or 15 people get tricked and install it, since even if 4 people out of the 100,000 unique daily visits fall victim - they break even.

Related posts:
-

No comments:

Post a Comment