Well, I was wondering when did I install NOD32 on my system? Then I remembered that I had seen that screenshot on S!Ri’ s blog here and recently seen on Paperghost’s blog here.
Further digging revealed that my system was free from infection and the popup that displayed was actually a webpage.
Screenshot of the popups used by the scammers
Well here’s the website detail;
Site Name: Entiremedianet.com
IP Address: 63.219.178.162
The site is involved in distributing well documented rogue security applications like Pc-Antispyware and Pc-Cleaner
Here is the list of other sites that is used in this scam.
Site Name: Antispyware-review.biz
Site Name: Antispyware-reviews.biz
IP Address: 67.19.120.130
Site Name: Pc-Antispyware.com
IP Address: 209.8.45.26
Site Name: Pc-Cleaner.com
IP Address: 209.8.45.18
Reference links:
http://entiremedianet(dot)com/P/s1/
http://entiremedianet(dot)com/P/s2/
http://entiremedianet(dot)com/P/s3/
http://entiremedianet(dot)com/P/s5/
Stay away from all these sites.
Bharath M N
