New set of sites from SSH Zlob Trojan Family
Site Name: Wmvappliance.com
IP Address: 85.255.120.108
Site Name: Avicoupler.com
IP Address: 85.255.118.181
The installers from the site were scanned and here are the results:
Virustotal Scan Result: 5/32 (15.63%)
AntiVir 7.6.0.75 2008.03.18 DR/Zlob.Gen
BitDefender 7.2 2008.03.18 Dropped:Trojan.Downloader.Zlob.ABOS
ClamAV 0.92.1 2008.03.18 Trojan.Dropper-2529
VBA32 3.12.6.3 2008.03.17 suspected of Downloader.Zlob.3
Webwasher-Gateway 6.6.2 2008.03.18 Trojan.Dropper.Zlob.Gen
Scam Internet Security Page:
Site Name: Securitypills.com
IP Address: 85.255.116.213
Screenshot of Securitypills.com site:
404Errorpage Scam:
Site Name: Dnsmserrors.com
IP Address: 85.255.118.244
Screenshot of Dnsmserrors.com site:
Security Guide Scam Page:
Site Name: Asafetyvalue.com
IP Address: 85.255.118.38
Site Name: Asafetyvalue.com
IP Address: 85.255.118.38
Screenshot of Asafetyvalue.com/Test site:
Screenshot of Asafetyvalue.com/Soft site:
Ad-Server-Gate Pages:
Site Name: Gateqy.com
IP Address: 85.255.118.212
Gateqy(dot)com/gatevc.php?pn=srch0p1total7s2&c=441048
Site Name: Gatewp.com
IP Address: 85.255.118.211
Gatewp(dot)com/gatevc.php?id=icn01
The Ad-Server-Gate pages redirects to fake Security center site Protectioncase.com which promotes Rogue security applications.
Site Name: Protectioncase.com
IP Address: 85.255.118.210
Screenshot of Protectioncase.com site:
Screenshot of Protectioncase.com site:
Other component sites
Site Name: Allcollisions.com
IP Address: 85.255.117.204
www(dot)allcollisions.com/get.php?partner=1012 -> downloads VirusHeat Rogue security applciation
Site Name: mspctoolbar.com
IP Address: 85.255.118.35
mspctoolbar(dot)com/go.php?step=1
mspctoolbar(d0t)com/go.php?step=2
The above mentioned URL’s redirect the request to site distributing Rogue security application.
Stay away fom all these sites.
Bharath M N
