Total Secure 2009
Friday, August 29, 2008
Tuesday, August 26, 2008
SpywarePreventer
SpywarePreventer
SpywarePreventer is yet another rogue security application from SpywareNo\ SpySheriff Family of rogue security application.
Site Name: SpywarePreventer.com
IP Address: 216.255.186.253
Site Name: SpywarePreventer.com
IP Address: 216.255.186.253
Screenshot of SpywarePreventer site
Screenshot of SpywarePreventer application
Stay away from this site.
Bharath M N
Bharath M N
Friday, August 22, 2008
Power Antivirus
Power Antivirus
Power Antivirus is yet another rogue security application from SpywareNo\ SpySheriff Family of rogue security application.
Site Name: Pwrantivirus.com
IP Address: 91.208.0.231
Site Name: Pwrantivirus.com
IP Address: 91.208.0.231
Screenshot of Power Antivirus site
Site Name: Scanner-Pwrantivirus.com
IP address: 91.208.0.246
IP address: 91.208.0.246
Screenshot of Scare/fake scanner pages used by Power Antivirus
Screenshot of Power Antivirus application
One Rogue up and a few more clones follows it up. This group seems to be really busy cloning their application. Stay away from these sites.
Bharath M N
Bharath M N
XPert Antivirus Enterprise
XPert Antivirus Enterprise
XPert Antivirus Enterprise is yet another rogue security application from SpywareNo\ SpySheriff Family of rogue security application.
Site Name: Xpertantivirus.com
IP Address: 91.208.0.230
Site Name: Xpertantivirus.com
IP Address: 91.208.0.230
Screenshot of XPert Antivirus Enterprise site
Site Name: Scanner-xpertantivirus.com
IP address: 91.208.0.246
IP address: 91.208.0.246
Screenshot of Scare/fake scanner pages used by XPert Antivirus Enterprise
Screenshot of XPert Antivirus Enterprise application
Stay away from these sites.
Bharath M N
Thursday, August 21, 2008
MS Antivirus
MS Antivirus
MS Antivirus is a new rogue security application from SpywareNo\ SpySheriff Family of rogue security application. The application is a clone of Vista Antivirus 2008 rogue security application.
Site Name: Msantivirusxp.com
IP Address: 91.208.0.229
Site Name: Msantivirusxp.com
IP Address: 91.208.0.229
Screenshot of MS Antivirus site
Site Name: Msscanner.com
IP address: 91.208.0.228
IP address: 91.208.0.228
Screenshot of Scare/fake scanner pages used by MS Antivirus
Screenshot of MS Antivirus application
Stay away from these sites.
Bharath M N
Sunday, August 17, 2008
XP-Guard
XP-Guard
XP-Guard is a new rogue security application from SpywareNo\ SpySheriff Family of rogue security application. The application is a near clone of XP-Shield rogue security application.
This group calls themselves as "Pandora Software" any Security related application from this group should be avoided.
Site Name: XP-Guard.com
IP Address: 92.62.101.35
This group calls themselves as "Pandora Software" any Security related application from this group should be avoided.
Site Name: XP-Guard.com
IP Address: 92.62.101.35
Screenshot of XP-Guard site
Screenshot of XP-Guard application
Stay away from this sites.
Bharath M N
Bharath M N
Antivir64
Antivir64
Antivir64 is new rogue security application. The application is a near clone of Win Antivir 2008/ Win Antivirus 2008 rogue security application.
Site Name: Antivir64.com
IP Address: 78.157.142.7
Site Name: Antivir64.com
IP Address: 78.157.142.7
Screenshot of Antivir64 site
Screenshot of Scare/Fake scanner page used by Antivir64
Screenshot of Antivir64 application
This group is very busy releasing new clones every week and constantly use new websites to scam users.
Following sites belongs to the same group
Xpertantivirus.com
Pwrantivirus.com
Powerantivirus2009.com
Powerantivirus-2009.com
Defender-scan.com
Watcher-scan.com
Stay away from these sites.
Bharath M N
Following sites belongs to the same group
Xpertantivirus.com
Pwrantivirus.com
Powerantivirus2009.com
Powerantivirus-2009.com
Defender-scan.com
Watcher-scan.com
Stay away from these sites.
Bharath M N
Saturday, August 16, 2008
Zlob sites update
Zlob sites update
Zlob Trojan Distributing site:
Site Name: Mpegdirection.com
IP Address: 85.255.113.235
Site Name: Flwprocedure.com
IP Address: 77.91.231.201
Scam Internet Security Page:
Site Name: Homepagefile.com
IP Address: 85.255.116.212
404Errorpage Scam:
Site Name: Dnserrorgoal.com
IP Address: 85.255.118.244
Security Guide Scam Page:
Site Name: Shortcutclicks.com
IP Address: 85.255.118.210
Ad-Server-Gate Pages:
Site Name: Opqgrin.com
IP Address: 85.255.118.211
Site Name: Trefuel.com
IP Address: 85.255.118.214
The Ad-Server-Gate pages redirects to fake Security center site Secureonlinetags.com which promotes Rogue security applications.
Site Name: Secureonlinetags.com
IP Address: 85.255.118.211
Other component sites:
Site used in the Internet Explorer tools menu to redirect to fake/scare scanner pages
Site Name: Iexplorerfiles.com
IP Address: 216.255.179.244
The following site is used in Zlob toolbar to redirect users to malicious domains distributing rogue security applications.
Site Name: Clickstoolbar.com
IP Address: 85.255.118.214
All the above mentioned sites advertise/push well documented Rogue security applications. Stay away from these sites.
Bharath M N
Site Name: Mpegdirection.com
IP Address: 85.255.113.235
Site Name: Flwprocedure.com
IP Address: 77.91.231.201
Scam Internet Security Page:
Site Name: Homepagefile.com
IP Address: 85.255.116.212
404Errorpage Scam:
Site Name: Dnserrorgoal.com
IP Address: 85.255.118.244
Security Guide Scam Page:
Site Name: Shortcutclicks.com
IP Address: 85.255.118.210
Ad-Server-Gate Pages:
Site Name: Opqgrin.com
IP Address: 85.255.118.211
Site Name: Trefuel.com
IP Address: 85.255.118.214
The Ad-Server-Gate pages redirects to fake Security center site Secureonlinetags.com which promotes Rogue security applications.
Site Name: Secureonlinetags.com
IP Address: 85.255.118.211
Other component sites:
Site used in the Internet Explorer tools menu to redirect to fake/scare scanner pages
Site Name: Iexplorerfiles.com
IP Address: 216.255.179.244
The following site is used in Zlob toolbar to redirect users to malicious domains distributing rogue security applications.
Site Name: Clickstoolbar.com
IP Address: 85.255.118.214
All the above mentioned sites advertise/push well documented Rogue security applications. Stay away from these sites.
Bharath M N
Friday, August 15, 2008
Happy Independence Day
Happy Independence Day
Vande Mataram
Vande Mataram
Wishing you a very Happy Independence Day
BHARATH
Monday, August 11, 2008
Internet Antivirus
Internet Antivirus
Internet Antivirus is a new rogue security application.
Site Name: Internet-Antivirus.com
IP Address: 216.32.69.165
Site Name: Internet-Antivirus.com
IP Address: 216.32.69.165
Screenshot of Internet Antivirus site
Site Name: IA-Scanner.com
IP Address: 216.32.69.162
IP Address: 216.32.69.162
Screenshot of Scare/Fake scanner pages used by Internet Antivirus
Screenshot of Internet Antivirus application
The rogue also uses Software-Payment.com for payment processing. Software-Payment.com is used by many rogue security applciations for payment processing.
Following sites also belongs to the same family
Site Name: IA-Payment.com
Site Name: IA-License.com
Site Name: IA-Support.com
IP Address: 216.32.69.165
The rogue is pretty new detections of this rogue is really poor. Stay away from all these sites.
Bharath M N
Following sites also belongs to the same family
Site Name: IA-Payment.com
Site Name: IA-License.com
Site Name: IA-Support.com
IP Address: 216.32.69.165
The rogue is pretty new detections of this rogue is really poor. Stay away from all these sites.
Bharath M N
Saturday, August 9, 2008
Antispyware 2008 XP
Antispyware 2008 XP
Antispyware 2008 XP is a rogue security application. Antispyware 2008 XP is a clone of WinSpywareProtect/ Antivirus 2008 XP rogue security application
Site Name: Antispyware2008scanner.com
IP Address: 85.255.119.149
Site Name: Antispyware2008scanner.com
IP Address: 85.255.119.149
Screenshot of Scare/Fake scanner pages used by Antispyware 2008 XP
Screenshot of Antispyware 2008 XP application
The scanner pages uses the following site to push Antispyware 2008 XP installers:
Site Name: AS2008dl.com
IP Address: 85.255.118.69
Reference links: dwl.as2008dl. com/load/setup_100542_4_.exe
Which furthers downloads the application from the following site
Site Name: Getas2008xp.com
IP Address: 85.255.119.132
Reference links: dl.getas2008xp. com/get/?type=scanner&pin=100542&lnd=4
Further there are many other sites that is used by this family of rogue security application. Below is a list of sites that belongs to this family.
Site Name: AS2008dl.com
IP Address: 85.255.118.69
Reference links: dwl.as2008dl. com/load/setup_100542_4_.exe
Which furthers downloads the application from the following site
Site Name: Getas2008xp.com
IP Address: 85.255.119.132
Reference links: dl.getas2008xp. com/get/?type=scanner&pin=100542&lnd=4
Further there are many other sites that is used by this family of rogue security application. Below is a list of sites that belongs to this family.
Stay away from all these sites.
IP Address Site Name
85.255.118.226 Wspldrept.com
85.255.118.226 Wspexrept.com
85.255.119.154 Wspreprt.com
85.255.119.26 Winspywareprotection.com
64.28.185.138 Winspywareprotect2008.com
85.255.119.30 Av2008sales.com
85.255.119.158 Avcntxp.com
85.255.119.158 Avcntxp.com
85.255.119.150 Av2008check.com
85.255.119.156 As2008rep.com
85.255.119.29 Antispywaresales.com
85.255.118.228 Woeiruweoriu.com
85.255.118.227 Idreptavxp.com
Bharath M N
Wednesday, August 6, 2008
Malware distributing sites
Malware distributing sites
Zlob Trojan Distributing site:
Site Name: Flwinstrument.com
IP Address: 77.91.231.183
Site Name: Mpegutility.com
IP Address: 85.255.113.236
Trojan-Downloader Distributing sites
Site Name: Pressdownloadtostart.com
IP Address: 91.203.92.53
The Trojan installs the following Malicious BHO
O2 - BHO: Gold Manager - {D26AAB3B-B0DD-456C-A7E5-4DA9565FD6EE} - C:\WINDOWS\system32\goldman.dll
Site Name: Clickruntostartshow.com
IP Address: 91.203.92.53
The Trojan installs the following Malicious BHO
O2 - BHO: IE Optimizer - {BACA5B3B-DD57-4E62-B986-9A5677FBF001} - C:\WINDOWS\system32\iea32.dll
This site belongs to IE-defender family and the BHO is used to push IE-Antivirus which is a well documented rogue security application.
MediaTubeCodec Trojan Distributing site:
Site Name: Megabestsoftnah08.com
IP Address: 78.157.143.250
DNS Changer Trojan Distributing site:
Site Name: Ticketmoon.net
Site Name: Ticketlight.com
Site Name: Red-codec.net
Site Name: Nitrocodec.net
Stay away from all these sites.
Bharath M N
Site Name: Flwinstrument.com
IP Address: 77.91.231.183
Site Name: Mpegutility.com
IP Address: 85.255.113.236
Trojan-Downloader Distributing sites
Site Name: Pressdownloadtostart.com
IP Address: 91.203.92.53
The Trojan installs the following Malicious BHO
O2 - BHO: Gold Manager - {D26AAB3B-B0DD-456C-A7E5-4DA9565FD6EE} - C:\WINDOWS\system32\goldman.dll
Site Name: Clickruntostartshow.com
IP Address: 91.203.92.53
The Trojan installs the following Malicious BHO
O2 - BHO: IE Optimizer - {BACA5B3B-DD57-4E62-B986-9A5677FBF001} - C:\WINDOWS\system32\iea32.dll
This site belongs to IE-defender family and the BHO is used to push IE-Antivirus which is a well documented rogue security application.
MediaTubeCodec Trojan Distributing site:
Site Name: Megabestsoftnah08.com
IP Address: 78.157.143.250
DNS Changer Trojan Distributing site:
Site Name: Ticketmoon.net
Site Name: Ticketlight.com
Site Name: Red-codec.net
Site Name: Nitrocodec.net
Stay away from all these sites.
Bharath M N
Sunday, August 3, 2008
More Rogue Security applications
More Rogue Security applications
PyroAntiSpy
PyroAntiSpy is new rogue security application from SpyLocked family of Rogue security applications.
Thanks to Donna for the information
Site Name: Pyroantispy.com
IP Address: 207.226.174.20
PyroAntiSpy is new rogue security application from SpyLocked family of Rogue security applications.
Thanks to Donna for the information
Site Name: Pyroantispy.com
IP Address: 207.226.174.20
Screenshot of PyroAntiSpy site
Site Name: Fastpyroscan.com
IP Address: 207.226.174.20
IP Address: 207.226.174.20
Screenshot of Scare/Fake scanner page used by PyroAntiSpy
Screenshot of PyroAntiSpy application
Antivirus 2008 XP
Antivirus 2008 XP is a rogue security application. Antivirus 2008 XP is a clone of WinSpywareProtect rogue security application
Site Name: Antivirus2008xp.com
IP Address: 216.195.50.93
Antivirus 2008 XP is a rogue security application. Antivirus 2008 XP is a clone of WinSpywareProtect rogue security application
Site Name: Antivirus2008xp.com
IP Address: 216.195.50.93
Secreenshot of Antivirus 2008 XP site
Site Name: Antivirus2008scanner.com
IP Address: 85.255.119.150
IP Address: 85.255.119.150
Screenshot of Scare/Fake scanner pages used by Antivirus 2008 XP
The scammer are not only mimicking Google's Malware warning page to advertise Antivirus 2008 XP but also falsely claims that their scanner is powered by BitDefender scanning engine. Dont fall for these false claims.
Screenshot of Antivirus 2008 XP application
The scanner pages uses the following site to push Antivirus 2008 XP installers:
Site Name: Av2008dl.com
IP Address: 85.255.118.70
Reference links: dwl.av2008dl. com/load/setup_1_2_.exe
Which furthers downloads the application from the following site
Site Name: Av2008store.com
IP Address: 85.255.119.134
Reference links: dl.av2008store. com/get/?type=scanner&pin=1&lnd=2
Stay away from all these sites.
Bharath M N
Site Name: Av2008dl.com
IP Address: 85.255.118.70
Reference links: dwl.av2008dl. com/load/setup_1_2_.exe
Which furthers downloads the application from the following site
Site Name: Av2008store.com
IP Address: 85.255.119.134
Reference links: dl.av2008store. com/get/?type=scanner&pin=1&lnd=2
Stay away from all these sites.
Bharath M N
Friday, August 1, 2008
Zlob sites update
Zlob sites update
Zlob Trojan Distributing site:
Site Name: Mpegversion.com
IP Address: 85.255.113.237
Scam Internet Security Page:
Site Name: Dryhomepage.com
IP Address: 85.255.116.214
404Errorpage Scam:
Site Name: Dnswebpage.com
IP Address: 85.255.118.246
Security Guide Scam Page:
Site Name: Topsafetysoft.com
IP Address: 85.255.118.214
Ad-Server-Gate Pages:
Site Name: Abcways.com
IP Address: 85.255.118.35
Site Name: Xyztogo.com
IP Address: 85.255.118.34
The Ad-Server-Gate pages redirects to fake Security center site Webbestlink.com which promotes Rogue security applications.
Site Name: Webbestlink.com
IP Address: 85.255.118.214
Other component sites:
The following site is used in Internet Explorer tools menu to redirect users to fake/scare scanner pages
Site Name: Iexplorerclue.com
IP Address: 216.255.179.244
The following site is used in Zlob toolbar to redirect users to malicious domains distributing rogue security applications.
Site Name: Websecurebar.com
IP Address: 85.255.118.213
All the above mentioned sites advertise/push well documented Rogue security applications. Stay away from these sites.
Bharath M N
Site Name: Mpegversion.com
IP Address: 85.255.113.237
Scam Internet Security Page:
Site Name: Dryhomepage.com
IP Address: 85.255.116.214
404Errorpage Scam:
Site Name: Dnswebpage.com
IP Address: 85.255.118.246
Security Guide Scam Page:
Site Name: Topsafetysoft.com
IP Address: 85.255.118.214
Ad-Server-Gate Pages:
Site Name: Abcways.com
IP Address: 85.255.118.35
Site Name: Xyztogo.com
IP Address: 85.255.118.34
The Ad-Server-Gate pages redirects to fake Security center site Webbestlink.com which promotes Rogue security applications.
Site Name: Webbestlink.com
IP Address: 85.255.118.214
Other component sites:
The following site is used in Internet Explorer tools menu to redirect users to fake/scare scanner pages
Site Name: Iexplorerclue.com
IP Address: 216.255.179.244
The following site is used in Zlob toolbar to redirect users to malicious domains distributing rogue security applications.
Site Name: Websecurebar.com
IP Address: 85.255.118.213
All the above mentioned sites advertise/push well documented Rogue security applications. Stay away from these sites.
Bharath M N
Subscribe to:
Posts (Atom)
