Dancho Danchev's Blog - Mind Streams of Information Security Knowledge: A Diverse Portfolio of Fake Security Software

Monday, July 27, 2009

A Diverse Portfolio of Fake Security Software - Part Twenty Three

Part twenty three of the diverse portfolio of fake security software series, will once again summarize the scareware domains currently in circulation, delivered through the usual channels - blackhat SEO, compromises of legitimate web sites, comment spam and bogus adult web sites, with an emphasis on a yet another bogus company acting as a front-end to an affiliate network - AK Network Commerce Ltd.

Scareware remains the dominant monetization tactic applied by cybercriminals automatically abusing Web 2.0 properties.

The latest scareware domains are as follows:
scanyourcomputeronlinev1 .com - 78.46.251.41; 83.133.126.155; 91.212.107.5; 94.102.48.29; 78.46.251.41 - Email: info@chinainindia.org.in
promalwarescannerv2 .com - Email: info@researchcmr.com
spywarefolderscannerv2 .com Email: willpan@glamoxcon.com
antivirusscannerv10 .com - Email: mohammed32@yahoo.com
scanyourcomputeronlinev1 .com - Email: info@chinainindia.org.in
folder-antivirus-scanv1 .com - Email: info@duebamet.com
personalfolderscanv2 .com - Email: hfbeauty@yahoo.com
spywarefolderscannerv2 .com - Email: willpan@glamoxcon.com
privatevirusscannerv2 .com - Email: hfbeauty@yahoo.com
secure-antivirus-scanv3 .com - Email: info@duebamet.com
bestfoldervirusscanv3 .com - Email: alfonso-li@sohun.com
antispyware-scannerv3 .com - Email: willpan@glamoxcon.com
liveantimalwarescannerv3 .com - Email: hongkong@campusparis.org
onlinespywarescannerv3 .com - Email: Peng@pradac.cn
onlineantivirusscanv4 .com - Email: Peng@pradac.cn
onlineantispywarescanv6 .com - Email: czoao@hotmail.com
antivirus-scannerv6 .com - Email: paul.smith@acdc.cn
antivirusonlinescanv9 .com - Email: info@chinainindia.org.in
antimalwarescannerv9 .com - Email: mohammed32@yahoo.com
antispywarescannerv9 .com - Email: mohammed32@yahoo.com
bestcomputerscanv7 .com - Email: cgrenier@reclamation.com

in5id .com - 67.212.71.196 - Email: getoony@gmail.com
goscantune .com - Email: canrcnad@gmail.com
in5ch .com - Email: getoony@gmail.com
goscanback .com - Email: alcnafuch@gmail.com
goscanlook .com - Email: chinrfi@gmail.com
gotunescan .com - Email: canrcnad@gmail.com
gofatescan .com - Email: alcnafuch@gmail.com
gobackscan .com - Email: alcnafuch@gmail.com
goparkscan .com - Email: canrcnad@gmail.com
in5st .com - Email: getoony@gmail.com
gagtemple .info - Email: tiermity@gmail.com
strelyk .info - Email: tiermity@gmail.com
mixsoul .info - Email: tiermity@gmail.com
loacher .info - Email: tiermity@gmail.com
unvelir .info - Email: tiermity@gmail.com
lendshaft .info - Email: tiermity@gmail.com

goironscan .com - 209.44.126.152 - Email: aloxier@gmail.com
metascan4 .com - Email: exmcon@gmail.com
notescan4 .com - Email: exmcon@gmail.com
genscan4 .com - Email: exmcon@gmail.com
scanlist6 .com - Email: exmcon@gmail.com
goscanpark .com - Email: exmcon@gmail.com
gobackscan .com - Email: exmcon@gmail.com
gomapscan .com - Email: exmcon@gmail.com
scan4gen .com - Email: exmcon@gmail.com
namearra .info - Email: stnorvel@gmail.com
xtraroom .info - Email: stnorvel@gmail.com
sundalet .info - Email: stnorvel@gmail.com

privacy-centre .org - 89.208.136.91 - Email: acapz@freebbmail.com
prvacy-centre .org - Email: acapz@freebbmail.com
privacy-centar .org - Email: acapz@freebbmail.com
prvacy-centar .org - Email: acapz@freebbmail.com
privacy-ceter .org - Email: acapz@freebbmail.com
prvacy-ceter .org - Email: acapz@freebbmail.com
privacy-center .org - Email: acapz@freebbmail.com
prvacy-center .org - Email: acapz@freebbmail.com
privacy-centor .org - Email: acapz@freebbmail.com
privacy-centr .org - Email: acapz@freebbmail.com
prvacy-centr .org - Email: acapz@freebbmail.com
pcenter56 .com
privacyupdate447 .com - Email: prv54@lycos.com
pcenter57 .com

personalonlinescanv3 .com - 78.46.251.41 - Email: vms@hellofm.in
antivirusfolderscanv5. com - Email: Bush.Mussar@yahoo.com
antivirusfolderscannerv5 .com - Email: Bush.Mussar@yahoo.com
privatevirusscannerv5 .com - Email: cs@pakoil.com.pk
antivirusforcomputrerv5 .com - Email: Bush.Mussar@yahoo.com
spywarefastscannerv6 .com - Email: cs@pakoil.com.pk
antimalwarescanv7 .com - Email: Bush.Mussar@yahoo.com
antimalwareproscannerv8 .com - Email: Bush.Mussar@yahoo.com
antimalwareproscannerv9 .com - Email: Bush.Mussar@yahoo.com
antivirusscannerv9 .com - Email: Bush.Mussar@yahoo.com
advanedspywarescan .com - Email: xors678@freebbmail.com
securedvirusscan .com - Email: adsff@freebbmail.com
secured-virus-scanner .com - Email: adsff@freebbmail.com

free-spyware-cleaner .com - 212.117.160.18 - Email: robertsimonkroon@gmail.com
free-spyware-checker .org - Email: robertsimonkroon@gmail.com
fast-spyware-cleaner .org - Email: robertsimonkroon@gmail.com
clean-pc-now .org - Email: robertsimonkroon@gmail.com
spyware-scaner .com - Email: robertsimonkroon@gmail.com
free-spyware-cleaner .com - Email: robertsimonkroon@gmail.com
free-tube-orgasm .net - Email: robertsimonkroon@gmail.com
free-spyware-cleaner .net - Email: robertsimonkroon@gmail.com
clean-pc-now .net - Email: robertsimonkroon@gmail.com
spyware-killer .biz - Email: robertsimonkroon@gmail.com

protectionsystemlab .com - 89.149.254.174; 91.212.198.36
ez-scanner-online .com
smart-antivirus-online .com
uptodatesystem .com
checks-files-now .com
download-filez-now .us
files-download-now .net
check-files-now .net

antispyware2009 .com - 75.125.241.58
remover .org
antispyware .com
regsweep .com
registryclear .com
adwarebot .com

cleanmalwarefree .com - 218.93.205.244 - Email: IvanMaltzev@gmail.com
killlabs .com - Email: ad6@safe-mail.net
cleanmalwarefast .com - Email: ad6@safe-mail.net
cleanmalwareeasy .com - Email: ad6@safe-mail.net

adware-2010 .com - 67.211.161.49
adware-2009.comantispyware2013 .com - 98.124.199.1; 98.124.198.1
antispyware2012 .com
securityscanweb .com - 209.44.126.22 - Email: Gerald.A.Flowers@trashymail.com
securitytestavailable .com - 209.44.126.81 - Email: Roy.M.Tucker@pookmail.com
liveantivirusinfov2 .com - 78.47.132.222; 78.47.172.69 - Email: cgrenier@reclamation.com
antivirus-scannerv9 .com - Email: paul.smith@acdc.cn
purchuaseonlinedefence .com - 78.47.91.154 - Email: jenny@allbestmarine.com.sg
purchuaseliveprotection .com - Email: jenny@allbestmarine.com.sg

windowssecurityinfo .com - 83.133.123.113 - Email: arziw12@freebbmail.com
antimalwarescanner-v2 .com - Email: tareen@yahoo.com
maliciousbaseupdates .com - Email: freight@beds.com
ieprotectionlist .com - Email: vanmullem@yahoo.com

personalcleaner2009 .com - 88.208.19.4 - Email: personalcleaner2009.com@liveinternetmarketingltd.com
ak-networkcommerce .com - Email: ak-networkcommerce.com@liveinternetmarketingltd.com
pc-antimalwaresuite .com - Email: pc-antimalwaresuite.com@liveinternetmarketingltd.com
basepayment .com - Email: basepayment.com@liveinternetmarketingltd.com

Sampled malware phones back to od32qjx6meqos .cn/ua.php, more phone back locations are also parked there:
0ni9o1s3feu60 .cn - 220.196.59.23 - Email: robertsimonkroon@gmail.com
mf6gy4lj79ny5 .cn - Email: robertsimonkroon@gmail.com
84u9wb2hsh4p6 .cn - Email: robertsimonkroon@gmail.com
7bs5nfzfkp8q8 .cn - Email: robertsimonkroon@gmail.com
kt4lwumfhjb7a .cn - Email: robertsimonkroon@gmail.com
q2bf0fzvjb5ca .cn - Email: robertsimonkroon@gmail.com
rncocnspr44va .cn - Email: robertsimonkroon@gmail.com
t1eayoft9226b .cn - Email: robertsimonkroon@gmail.com
4go4i9n76ttwd .cn - Email: robertsimonkroon@gmail.com
kzvi4iiutr11e .cn - Email: robertsimonkroon@gmail.com
hxc7jitg7k57e .cn - Email: robertsimonkroon@gmail.com
mt3pvkfmpi7de .cn - Email: robertsimonkroon@gmail.com
fyivbrl3b0dyf .cn - Email: robertsimonkroon@gmail.com
z6ailnvi94jgg .cn - Email: robertsimonkroon@gmail.com
p7keflvui9fkl .cn - Email: robertsimonkroon@gmail.com
f1uq1dfi3qkcm .cn - Email: robertsimonkroon@gmail.com
p0umob9k2g7mp .cn - Email: robertsimonkroon@gmail.com
7zju2l82i2zhz .cn - Email: robertsimonkroon@gmail.com

One of the latest front-ends to scareware affiliate networks is AK Network Commerce Ltd (ak-networkcommerce .com) :

"Implementing latest anti-hacker technology based on expert and user reviews AK Network Commerce Ltd enables hacker-proof defense, blocks unauthorized access to your private information, and hides your identity. Having combined latest features of cutting-edge privacy protection technologies our knowledgeable team designed products to easily and effectively fight perilous cyber attempts. Thorough selection and step-by-step application of elements and tools required for comprehensive protection of your personal data helped us achieve success and become industry leading representatives. We did our best to prove that the time has come to leave behind worries about private data theft."

The company is the very latest attempt of a bogus company to build legitimacy into their "latest anti-hacker technology". Meanwhile, the blacklisting , sample distribution, and shutting down the scareware domains not only undermines the effectiveness of their largely centralized malware campaigns, costs them missed revenue projections, but also, it increases the opportunity costs for the gang.

Related posts:
A Diverse Portfolio of Fake Security Software - Part Twenty Two
A Diverse Portfolio of Fake Security Software - Part Twenty One
A Diverse Portfolio of Fake Security Software - Part Twenty
A Diverse Portfolio of Fake Security Software - Part Nineteen
A Diverse Portfolio of Fake Security Software - Part Eighteen
A Diverse Portfolio of Fake Security Software - Part Seventeen
A Diverse Portfolio of Fake Security Software - Part Sixteen
A Diverse Portfolio of Fake Security Software - Part Fifteen
A Diverse Portfolio of Fake Security Software - Part Fourteen
A Diverse Portfolio of Fake Security Software - Part Thirteen
A Diverse Portfolio of Fake Security Software - Part Twelve
A Diverse Portfolio of Fake Security Software - Part Eleven
A Diverse Portfolio of Fake Security Software - Part Ten
A Diverse Portfolio of Fake Security Software - Part Nine
A Diverse Portfolio of Fake Security Software - Part Eight
A Diverse Portfolio of Fake Security Software - Part Seven
A Diverse Portfolio of Fake Security Software - Part Six
A Diverse Portfolio of Fake Security Software - Part Five
A Diverse Portfolio of Fake Security Software - Part Four
A Diverse Portfolio of Fake Security Software - Part Three
A Diverse Portfolio of Fake Security Software - Part Two
Diverse Portfolio of Fake Security Software

This post has been reproduced from Dancho Danchev's blog.

Dancho Danchev

Independent Security Consultancy, Threat Intelligence Analysis (OSINT/Cyber Counter Intelligence) and Competitive Intelligence research on demand. Insightful, unbiased, and client-tailored assessments, neatly communicated in the form of interactive reports - because anticipating the emerging threatscape is what shapes the big picture at the end of the day. Approach me at dancho.danchev@hush.com

Dancho Danchev's Blog - Mind Streams of Information Security Knowledge

Monday, July 27, 2009

A Diverse Portfolio of Fake Security Software - Part Twenty Three

No comments:

Post a Comment