It's 2008 and I've recently spotted a currently circulating malicious and fraudulent scareware-serving malicious domain portfolio which I'll expose in this post with the idea to share actionable threat intelligence with the security community further exposing and undermining the cybercrime ecosystem the way we know it potentially empowering security researchers and third-party vendors with the necessary data to stay ahead of current and emerging threats.
Related malicious domains known to have participated in the campaign:
hxxp://50virus-scanner.com
hxxp://700virus-scanner.com
hxxp://antivirus-test66.com
hxxp://antivirus200scanner.com
hxxp://antivirus600scanner.com
hxxp://antivirus800scanner.com
hxxp://antivirus900scanner.com
hxxp://av-scanner200.com
hxxp://av-scanner300.com
hxxp://av-scanner400.com
hxxp://av-scanner500.com
hxxp://inetproscan031.com
hxxp://internet-scan020.com
hxxp://novirus-scan00.com
hxxp://stopvirus-scan11.com
hxxp://stopvirus-scan13.com
hxxp://stopvirus-scan16.com
hxxp://stopvirus-scan33.com
hxxp://virus66scanner.com
hxxp://virus77scanner.com
hxxp://virus88scanner.com
hxxp://antivirus-scan200.com
hxxp://antispy-scan200.com
hxxp://av-scanner200.com
hxxp://av-scanner300.com
hxxp://antivirus-scan400.com
hxxp://antispy-scan400.com
hxxp://av-scanner400.com
hxxp://av-scanner500.com
hxxp://antivirus-scan600.com
hxxp://antispy-scan600.com
hxxp://antivirus-scan700.com
hxxp://antispy-scan700.com
hxxp://av-scanner700.com
hxxp://antispy-scan800.com
hxxp://antivirus-scan900.com
hxxp://novirus-scan00.com
hxxp://stop-virus-010.com
hxxp://spywarescan010.com
hxxp://antispywarehelp010.com
hxxp://internet-scan020.com
hxxp://internet-scanner020.com
hxxp://insight-scan20.com
hxxp://internet-scanner030.com
hxxp://stop-virus-040.com
hxxp://internet-scan040.com
hxxp://insight-scan40.com
hxxp://internet-scan050.com
hxxp://internet-scanner050.com
hxxp://insight-scan60.com
hxxp://stop-virus-070.com
hxxp://internet-scan070.com
hxxp://internet-scanner070.com
hxxp://insight-scan80.com
hxxp://stop-virus-090.com
hxxp://internet-scan090.com
hxxp://internet-scanner090.com
hxxp://insight-scan90.com
hxxp://antispywarehelpk0.com
hxxp://inetproscan001.com
hxxp://novirus-scan01.com
hxxp://spyware-stop01.com
hxxp://antivirus-inet01.com
hxxp://stopvirus-scan11.com
hxxp://inetproscan031.com
hxxp://novirus-scan31.com
hxxp://antivirus-inet31.com
hxxp://novirus-scan41.com
hxxp://antivirus-inet41.com
hxxp://antivirus-inet51.com
hxxp://inetproscan061.com
hxxp://novirus-scan61.com
hxxp://inetproscan081.com
hxxp://novirus-scan81.com
hxxp://inetproscan091.com
hxxp://spyware-stopb1.com
hxxp://spyware-stopm1.com
hxxp://spyware-stopn1.com
hxxp://spyware-stopz1.com
hxxp://antispywarehelp002.com
hxxp://antispywarehelp022.com
hxxp://novirus-scan22.com
hxxp://antispywarehelpk2.com
hxxp://insight-scanner2.com
hxxp://spywarescan013.com
hxxp://stopvirus-scan13.com
hxxp://novirus-scan33.com
hxxp://stopvirus-scan33.com
hxxp://antispywarehelp004.com
hxxp://antispywarehelpk4.com
hxxp://spywarescan015.com
hxxp://novirus-scan55.com
hxxp://insight-scanner5.com
hxxp://stopvirus-scan16.com
hxxp://stopvirus-scan66.com
hxxp://antispywarehelpk6.com
hxxp://spywarescan017.com
hxxp://insight-scanner7.com
hxxp://antispywarehelp008.com
hxxp://spywarescan018.com
hxxp://stopvirus-scan18.com
hxxp://novirus-scan88.com
hxxp://stopvirus-scan88.com
hxxp://antivirus-test88.com
hxxp://antispywarehelpk8.com
hxxp://insight-scanner8.com
hxxp://insight-scanner9.com
hxxp://10scanantispyware.com
hxxp://20scanantispyware.com
hxxp://30scanantispyware.com
hxxp://60scanantispyware.com
hxxp://80scanantispyware.com
hxxp://2scanantispyware.com
hxxp://3scanantispyware.com
hxxp://5scanantispyware.com
hxxp://7scanantispyware.com
hxxp://8scanantispyware.com
hxxp://spyware200scan.com
hxxp://spyware500scan.com
hxxp://spyware800scan.com
hxxp://spyware880scan.com
hxxp://50virus-scanner.com
hxxp://90virus-scanner.com
hxxp://antivirus900scanner.com
hxxp://antivirus10scanner.com
hxxp://virus77scanner.com
hxxp://virus88scanner.com
hxxp://net001antivirus.com
hxxp://net011antivirus.com
hxxp://net111antivirus.com
hxxp://net021antivirus.com
hxxp://net-02antivirus.com
hxxp://net222antivirus.com
hxxp://net-04antivirus.com
hxxp://net-05antivirus.com
hxxp://net-07antivirus.com
We'll continue monitoring the campaign and post updates as soon as new developments take place.
Saturday, October 20, 2018
Historical OSINT - Massive Scareware Dropping Campaign Spotted in the Wild
Independent Security Consultancy, Threat Intelligence Analysis (OSINT/Cyber Counter Intelligence) and Competitive Intelligence research on demand. Insightful, unbiased, and client-tailored assessments, neatly communicated in the form of interactive reports - because anticipating the emerging threatscape is what shapes the big picture at the end of the day. Approach me at dancho.danchev@hush.com