Thursday, April 16, 2009

A Diverse Portfolio of Fake Security Software - Part Nineteen

You know things are getting out of hand when the scareware ecosystem scales to the point when typosquatted scareware domains offering removal services for the very same scareware distributed under multiple brands.

In response to the potential Conficker-ization of the scareware business, part nineteen of the Diverse Portfolio of Fake Security Software is the most massive update since the series started, and with a reason - to squeeze the cybercrime ecosystem, and ruin their malicious economies of scale revenue generation approaches.

Here are the most recent additions, with their associated registrant emails for clustering, cross-checking, and case building purposes:

vundofixtool .com (174.132.250.194)
remove-winpc-defender .com
remove-virus-melt .com
remove-ultra-antivir-2009 .com
remove-ultra-antivirus-2009 .com
remove-total-security .com
remove-system-guard .com
remove-spyware-protect-2009 .com
remove-spyware-protect .com
remove-spyware-guard .com
remove-personal-defender .com
remove-ms-antispyware .com
remove-malware-defender .com
remove-ie-security .com
remove-av360 .com
remove-antivirus-360 .com
remove-a360 .com
av360removaltool .com
antivirus360remover .com
remove-winpc-defender .com
remove-virus-melt .com
remove-virus-alarm .com
remove-ultra-antivirus-2009 .com
remove-ultra-antivir-2009 .com
remove-total-security .com


gotipscan .com (66.197.154.199) Robert Sampson Email: bausness@gmail.com
scanline6 .com
scanstep6 .com
scanbest6 .com
goscandata .com
goscanhigh .com
true6scan .com
any6scan .com
golitescan .com
gofanscan .com
gotipscan .com
gostarscan .com
goluxscan .com
goonlyscan .com
scan6step .com
goscanstep .com
scan6fast .com
scanline6 .info
scanlog6 .info
linescan6 .info
mainscan6 .info
log6scan .info
main6scan .info


addedantiviruslive .com (94.247.2.215) Administrative Email: werracruz99008@gmail.com
searchrizotto .com
easyaddedantivirus .com
yourcountedantivirus .com
av-plus-support .com
yourguardonline .cn
easydefenseonline .cn
bestprotectiononline .cn
yourguardstore .cn
examinepoisonstore .cn
freecoverstore .cn
myexaminevirusstore .cn
bestexaminedisease .cn
yourfriskdisease .cn
friskdiseaselive .cn
bestdefenselive .cn
bigprotectionlive .cn
bigcoverlive .cn
easyserviceprotection .cn
easypersonalprotection .cn
myascertainpoison .cn
yourguardpro .cn
refugepro .cn
mycheckdiseasepro .cn
yourcheckpoisonpro .cn
bigdefense2u .cn
newguard4u .cn
mydefense4u .cn
bestcover4u .cn


fullsecurityshield .com (209.44.126.14) Gregory Bershk Email: bershkapull@gmail.com
greatsecurityshield .com
trustsecurityshield .com
anytoplikedsite .com
topsecurityapp .com
inetsecuritycenter .com
securitytopagent .com
thebestsecurityspot .com
topsecurity4you .com
fullandtotalsecurity .com


extrantivirus.com (94.75.209.11)
rapid-antivir-2009.com
rapid-antivir2009.com
rapidantivirus2009.com
rapidantivirus09.com
rapidantivirus.com
ultraantivirus2009.com
soft-traffic.com

seresult.com is a traffic management domain for the campaign (e.g seresult .com/go.php?id=3466)

greatstabilitytraceonline .com (94.247.3.4) Jacquelyn Jain Email: jacquelynjjain@gmail.com
beststabilityscan .com
beststabilityscans .com
esnetscanonline .com
greatstabilitytraceonline .com
greatvirusscan .com
networkstabilitytrace .com
onlinestabilityscanada .com
protectionexamine .com
quickstabilityscan .com
safetyexamine .com
stabilityinetscan .com
stabilitysolutionslook .com
swiftsafetyexamine .com
webprotectionscan .com
webwidesecurity .com

scanmix4 .com (63.146.2.92) Clifford Barton Email: learnico@gmail.com
bestscan7 .com
goscandata .com
scan7live .com
new7scan .com
godatascan .com
gosidescan .com
goluxscan .com
goonlyscan .com
goscanstep .com
scantool4 .info
newscan4 .info
scannew4 .info
tool4scan .info


exstra-av-scanner .net (78.26.179.237) Joan Oglesby Email: extra.antivirus@gmail.com
msantivir-storage .com
ms-antivirus-storage .com
goodproantispyware .com
ms-antivir-scan .com
anispy-storage-ms .com
ms-av-storage-best .com
antivir-scanner-ms-av .com


msscan-files-antivir .com (195.88.81.93)
hot-girl-sex-tube .com
msscan-files-antivir .com
msscanner-top-av .com
msscanner-files-av .com
antivir-4pc-ms-av .com


ultraantivirus2009 .com (64.86.17.9)
virusalarmpro .com
vmfastscanner .com
mysuperviser .com
pay-virusdoctor .com
virusmelt .com
payvirusmelt .com
mysupervisor .net


msscanner-top-av .com (195.88.81.93)
msscanner-files-av .com
antivir-4pc-ms-av .com
hot-girl-sex-tube .com


antivirus-av-ms-check .com (78.26.179.131)
antivirus-av-ms-checker .com
ms-anti-vir-scan .com
mega-antiviral-ms .com


extremetube09 .com (94.247.2.7) Mariya Latinina Email: latinina40@gmail.com
softupdate09 .com
extrafastdownload .com
myrealtube .net

extraantivir .com (206.53.61.74)
no-as-scanner .com (195.88.81.37) Roy Latoya Email: latoysmith@gmail.com
pro-scanner-av-pc .com
tantispyware .com (65.110.60.123; 65.110.60.122)
webantispy .com
pantispyware09 .com

fastantivirus09 .com (94.75.209.74)

Blacklisting --until the domains themselves get suspended -- the scareware domains proactively protects your customers from the "final output" of a huge percentage of attacks taking advantage of blackhat SEO, SQL injection, site compromise, malvertising, and automatic abuse of Web 2.0 services through human-based CAPTCHA solving such as Digg; LinkedIn, Bebo, Picasa and ImageShack, YouTube and Google Video.

Related posts:
A Diverse Portfolio of Fake Security Software - Part Eighteen
A Diverse Portfolio of Fake Security Software - Part Seventeen
A Diverse Portfolio of Fake Security Software - Part Sixteen
A Diverse Portfolio of Fake Security Software - Part Fifteen
A Diverse Portfolio of Fake Security Software - Part Fourteen
A Diverse Portfolio of Fake Security Software - Part Thirteen
A Diverse Portfolio of Fake Security Software - Part Twelve
A Diverse Portfolio of Fake Security Software - Part Eleven
A Diverse Portfolio of Fake Security Software - Part Ten
A Diverse Portfolio of Fake Security Software - Part Nine
A Diverse Portfolio of Fake Security Software - Part Eight
A Diverse Portfolio of Fake Security Software - Part Seven
A Diverse Portfolio of Fake Security Software - Part Six
A Diverse Portfolio of Fake Security Software - Part Five
A Diverse Portfolio of Fake Security Software - Part Four
A Diverse Portfolio of Fake Security Software - Part Three
A Diverse Portfolio of Fake Security Software - Part Two
Diverse Portfolio of Fake Security Software

No comments:

Post a Comment