Wednesday, July 30, 2008

A list of Malicious sites

A list of Malicious sites

Zlob Trojan Distributing site:

Site Name: Releasedvideo.com
IP Address: 77.91.231.201

Site Name: Videoexternal.com
IP Address: 85.255.120.110

Zlob Component sites:
Site Name: Ihatemondayand.com
IP Address: 85.255.117.204

www.Ihatemondayand. com/get.php?partner= -> downloads Antispycheck Rogue security application


WinSpywareProtect rogue distributing sites:

Scare/Fake scanner page:
Site Name: Scan.Wsp2008scanner.com
IP Address: 85.255.119.146

The installer is downloaded from the following site:
Site Name: Dwl.getwsp.com
IP Address: 85.255.118.66

SpyShedder rogue distributing site
Site Name: Shredder-scan.com
IP Address: 91.208.0.243

WinXDefender rogue distributing site
Site Name: Win-x-defenders.com
IP Address: 91.208.0.243

The site Win-x-defender.com also shares the same IP Address.


Win Antivir 2008

Win Antivir 2008 is the latest rogue security application from SpywareNo/SpySheriff family. Its a near clone of WinXSecurityCenter rogue security application.

Site Name: Win-antivir-2008.com
IP Address: 91.208.0.234

Screenshot of Win Antivir 2008 site

Screenshot of Scare/Fake scanner page used by Win Antivir 2008

Screenshot of Win Antivir 2008 application


Win Antivirus 2008

Win Antivirus 2008 is a near clone of Win Antivir 2008 rogue security application.

Site Name: Win-antivirus-2008.com
IP Address: 91.208.0.253

Screenshot of Win Antivirus 2008 application

WinDefender 2008

WinDefender 2008 is a rogue security application.

Site Name: Win-defender.com
IP Address: 207.226.179.162

Screenshot of Scare/Fake scanner page used by WinDefender 2008

Screenshot of WinDefender 2008 application


Following are the sites involved in this scam

Site Name: Trafficrotator.net
IP Address: 207.226.179.165

Reference: Trafficrotator. net/MTAwNg== which further redirects to one of the following Scare/Fake scanner sites

Site Name: Internetscannerlive.com
Site Name: Netscannerlive.com
Site Name: Webscanneronline.com
IP Address: 207.226.179.163

The following sites are also involved in distributing WinDefender 2008 rogue security application

Site Name: Dns-problem.com
IP Address: 207.226.179.147

Dns-problem. com site is a fake DNS error page which redirects to WinDefender 2008 registration page. Heads up to Malekal for posting it

Site Name:Registerwindefender.com
IP Address: 207.226.179.148

Stay away from all these sites.

Bharath M N

blog comments powered by Disqus