Friday, July 4, 2008

Malicious sites

Malicious sites

Trojan distributing sites:

Zlob Trojan Distributing site:
Site Name: Aviutility.com
IP Address: 85.255.117.245

DNS Changer Trojan Distributing site:
Site Name: Megazticket.net
IP Address: 64.28.184.179

Trojan-Downloader Distributing sites
Site Name: Getvideoc.com
IP Address: 77.92.88.22

The trojan installs the following Malicious BHO

O2 - BHO: AVG Safe Search - {1C1B8A44-61FE-411E-8F33-813A4E2E2984} - C:\WINDOWS\system32\avgsafe.dll


The BHO nags user into downloading IE-Antivirus which is a well documented rogue security application. The Trojan uses random name for the dll file, usually in the format a%safe.dll

MediaTubeCodec Trojan Distributing site:
Site Name: Bestsoft-ware08.com
IP Address: 91.203.70.18

The Trojan further changes the Background with the following fake warning message and also silently installs "Antivirus2008PRO" rogue security application.

Reference links:
77.91.227.179/bingo/Antivirus2008PRO.exe


Rogue/Fake scanner pages:

Totalantivirus

Totalantivirus is yet another clone of the current rogue Antivirus series.

Site Name: Totalantivirusonline.com
IP Address: 72.233.81.107

Screenshot of Totalantivirus application

Some new sites assosiated with this rogue series:
Site Name: XP-Registration.com
IP Address: 209.67.214.194

Site Name: XPonlinescanner9.com
reference links:
xponlinescanner9(dot)com/2009/3/_freescan.php?aid=77011813

Stay away from all these sites.

Bharath M N

blog comments powered by Disqus