Tuesday, October 30, 2007

MessengerBlocker

Messenger-blocker.com

This is a new scam that uses the windows Messenger Service to exploit the users into purchasing the rogue security application.

“The scam popup indicates that your computer is vulnarable to pop-ups, viruses, hackers, crackers, unwanted advertisement, spam, etc.”

This scam is directed to scare the users into purchasing the unwanted application to solve the problem.

CA and Symantec have a detail description about the rogue security application.

Avoid the sites and the application that it promotes.

Bharath M N

End-Ads

End-Ads.com

Funny the website is named End-ads and advertises a well documented rogue security application. So the website does the reverse of its name; After installing the application advertised on this webpage you will definitely start receiving ads stating that your system is infected blah blah...

Currently it is advertising SystemDoctor a well known rogue security application.


Site registration details:

Registrar: GODADDY.COM, INC.
Whois Server: whois.godaddy.com
Referral URL: http://registrar.godaddy.com

Expiration Date: 2008-07-13
Creation Date: 2005-07-13
Last Update Date: 2007-03-18


Different domains that share the same IP are listed below:

Blockmessengerspam.com “clone of end-ads.com”
Blockthesepopups.com
Endmessenger.com
Error-safe.org
Escapeads.com
Fightpopups.net “clone of end-ads.com”
Messenger-blocker.com
Messengerservice.info
Messengersoft.com
Messengerstopper.net “clone of end-ads.com”
Phoenixcitylights.com
Stopmessengerads.com
Stoppornads.com
Systemdoctor2008.com
Winantispyware.org
Winantivirus2007pro.com

Looking into the domain one can easily make out that all the websites are malicious. Most of the websites are actively advertising or redirecting to SystemDoctor.

Avoid all these sites and the application that it promotes.

Bharath M N

Friday, October 5, 2007

Protecthips.com! Does this Protects your System?

Protecthips.com

This is a malicious Website which promotes Rogue Security application.

Usually all the users cannot access this website, the system infected by Zlob Trojan usually come up with website mimicking the online/windows security center luring /confusing/goading users to purchase any one of the Rogue Security application advertised in this website.

The website has a test page looks like windows troubleshooting/windows help page which mimics the troubleshooting steps and then finally ask users to use of the Rogue Security application to displayed in the page to fix the issue that they are facing.

This website promotes the following Rogue Security applications:

WinAntiVirus
AntiSpyGolden
VirusHeal
Menace Rescue
Trojans Filter
Antispyware Suite
Drive Cleaner
System Doctor
AntiWorm 2008
GoldenAntiSpy

The Domain shares its IP with the following websites:

asafetyguide.com
ddgate.com
rhgate.com
safeinformations.com
securitysteps.com

All the above listed sites are phony and distribute Rogue Security application.

Avoid all these sites and the application that it promotes.

Bharath M N