Week End Update on Malicious Domains
Rogue Security Applications:
Antivirus-Scan.Net
Antivirus-Scan.Net is a clone site of Antivermins (A well documented Rogue Security application). The Site still doesn’t have an active link to download the software.
The scammers are so lazy that they have forgotten to put up the ordering pages on their server. The cost of the Product as mentioned on the website is 49.95$ much costly than a genuine Anti-Spyware software.
So I would say be aware of this company and if in future if your browser is redirected to this site, then assume that your system is infected by spyware. The scammers are related to SSH family so they might push this software through Zlob Trojan. Beware of the site and don’t purchase this software.
The scammers are so lazy that they have forgotten to put up the ordering pages on their server. The cost of the Product as mentioned on the website is 49.95$ much costly than a genuine Anti-Spyware software.
So I would say be aware of this company and if in future if your browser is redirected to this site, then assume that your system is infected by spyware. The scammers are related to SSH family so they might push this software through Zlob Trojan. Beware of the site and don’t purchase this software.
SpyBurner.com
Another Rogue security application, this website is making use of copyrighted text from the PC Tools website. Nosirrah has posted this information on PC tool Discussion Forum here is the link.
This application is also like the SSH Rogue family and the application is pushed/advertised through fake warning messages.
Currently none of the scanners on Virustotal Picks up this rogue. So beware of this site and don’t waste your money purchasing this application.
The application is also distributed through pcsecuritycenter.net. The site pcsecuritycenter.net also distributes SystemErrorFixer (a clone of AVSystemCare Rogue) and AdvancedCleaner which are all well documented rogue security applications.
This application is also like the SSH Rogue family and the application is pushed/advertised through fake warning messages.
Currently none of the scanners on Virustotal Picks up this rogue. So beware of this site and don’t waste your money purchasing this application.
The application is also distributed through pcsecuritycenter.net. The site pcsecuritycenter.net also distributes SystemErrorFixer (a clone of AVSystemCare Rogue) and AdvancedCleaner which are all well documented rogue security applications.
Malicious Domains:
Zlob Trojan Distributing site:
Site Name: Encodeinstrument.com
IP Address: 85.255.120.109
Registrar: ESTDOMAINS, INC.
Zlob Trojan Distributing site:
Site Name: Encodeinstrument.com
IP Address: 85.255.120.109
Registrar: ESTDOMAINS, INC.
Name Servers:
ns2.encodeinstrument.com [85.255.120.110]
ns2.encodeinstrument.com [85.255.120.110]
ns1.encodeinstrument.com [85.255.120.109]
Site Name: Viewdevice.com
IP Address: 85.255.118.180
Registrar: ESTDOMAINS, INC.
Site Name: Viewdevice.com
IP Address: 85.255.118.180
Registrar: ESTDOMAINS, INC.
Name Servers:
ns1.viewdevice.com [85.255.118.180]
ns1.viewdevice.com [85.255.118.180]
ns2.viewdevice.com [85.255.118.181]
A sample downloader from the site was scanned at VirusTotal and here are the results:
VirusTotal Scan Result: 3/30 (10%)
ClamAV 0.92.1 2008.02.16 Trojan.Dropper-2529
Microsoft 1.3204 2008.02.16 TrojanDownloader:Win32/Zlob.gen!AL
VBA32 3.12.6.1 2008.02.14 suspected of Downloader.Zlob.3
Detection of the Trojan is really poor.
DNS Changer Trojan Distributing Site:
Site Name: Blackcodec.com
IP Address: 64.28.184.180
Registrar: ESTDOMAINS, INC.
A sample downloader from the site was scanned at VirusTotal and here are the results:
VirusTotal Scan Result: 3/30 (10%)
ClamAV 0.92.1 2008.02.16 Trojan.Dropper-2529
Microsoft 1.3204 2008.02.16 TrojanDownloader:Win32/Zlob.gen!AL
VBA32 3.12.6.1 2008.02.14 suspected of Downloader.Zlob.3
Detection of the Trojan is really poor.
DNS Changer Trojan Distributing Site:
Site Name: Blackcodec.com
IP Address: 64.28.184.180
Registrar: ESTDOMAINS, INC.
Name Servers:
ns1.blackcodec.com [64.28.184.162]
ns1.blackcodec.com [64.28.184.162]
ns2.blackcodec.com [64.28.184.180]
Stay away from all these malicious domains.
Bharath M N
Stay away from all these malicious domains.
Bharath M N
