Fake security sites
Fake security software :
We did not do a count,
but if you are using or have used
one of these security programs
You are in trouble.
We have posted this list as
a Public Service Announcement.
All info was collected from
While we know the bad guys are making new
bogus sites all the time this gives you a view of the
problem.
spywareguard2009m .com(78.26.179.253; 94.247.2.39)
systemguard2009m .com
spywareguard2009 .com
systemguard2009 .com
getsysgd09 .com
Registrant : Damir Sbil; Email: damirsbils791@googlemail.com
antispyscanner13 .com (94.247.2.39; 78.26.179.253)
sgproductm .com
sgviralscan .com
sg10scanner .com
sg11scanner .com
sg12scanner .com
sg9scanner .com
sgproduct .com
Registrant: Ahmo Stolica; Email: ahmostoln73@yahoo.com
buysysantivirus2009 .com(94.247.2.75)
sysav-download .com
sysav-storage .com
sysantivirus-check .com
antispyware-pro-dl .com
sysantivirus2009 .com
sysav-download .com
sysav-storage .com
sysantivirus-check .com
antispywarefastcheck .com
antispyware-scanner-2009 .com
antispyware-pro-dl .com
Registrant: Dion Choiniere; Email: noelwollenberg@ymail.com
premium-antivirus-defence.com(195.24.78.186)
lite-antispyware-scan.com
computeronlinescan.com
lite-antispyware-scan.com
liteantispywarescan.com
liteantispywarescanner.com
liteantispywareproscan.com
onlineproantispywarescan.com
bestantispywarescan.com
bestantispywarelivescan.com
antispywareliveproscan.com
antispywareinternetproscan.com
bestanti-virusscan.com
antimalware-scanner.com
computerantivirusproscanner.com
antimalwareproscanner.com
antimalware-pro-scanner.com
antimalware-scanner.com
antimalware-scan.com
computeronlineproscanner.com
Registrant: Maksim Hirivskiy Email: alt165@freebbmail.com
DNS servers to keep an eye on, courtesy of UralComp-as Ural Industrial Company LTD (AS48511) :
ns1.europegigabyte .com
fastuploadserver .com
ns1.managehostdns .com
dns3.systempromns .com
ns1.freehostns .com
ns1.singatours .com
ns1.airflysupport .com
ns1.eguassembly .com
ns1.fastfreetest .cn
systemguard2009m .com
spywareguard2009 .com
systemguard2009 .com
getsysgd09 .com
Registrant : Damir Sbil; Email: damirsbils791@
antispyscanner13 .com (94.247.2.39; 78.26.179.253)
sgproductm .com
sgviralscan .com
sg10scanner .com
sg11scanner .com
sg12scanner .com
sg9scanner .com
sgproduct .com
Registrant: Ahmo Stolica; Email: ahmostoln73@yahoo.com
buysysantivirus2009 .com(94.247.2.75)sysav-download .com
sysav-storage .com
sysantivirus-check .com
antispyware-pro-dl .com
sysantivirus2009 .com
sysav-download .com
sysav-storage .com
sysantivirus-check .com
antispywarefastcheck .com
antispyware-scanner-2009 .com
antispyware-pro-dl .com
Registrant: Dion Choiniere; Email: noelwollenberg@ymail.
premium-antivirus-defence.com
computeronlinescan.com
lite-antispyware-scan.com
liteantispywarescan.com
liteantispywarescanner.com
liteantispywareproscan.com
onlineproantispywarescan.com
bestantispywarescan.com
bestantispywarelivescan.com
antispywareliveproscan.com
antispywareinternetproscan.com
bestanti-virusscan.com
antimalware-scanner.com
computerantivirusproscanner.
antimalwareproscanner.com
antimalware-pro-scanner.com
antimalware-scanner.com
antimalware-scan.com
computeronlineproscanner.com
Registrant: Maksim Hirivskiy Email: alt165@freebbmail.com
DNS servers to keep an eye on, courtesy of UralComp-as Ural Industrial Company LTD (AS48511) :ns1.europegigabyte .com
fastuploadserver .com
ns1.managehostdns .com
dns3.systempromns .com
ns1.freehostns .com
ns1.singatours .com
ns1.airflysupport .com
ns1.eguassembly .com
ns1.fastfreetest .cn
rapidspywarescanner .com (78.47.172.67)
live-antiviruspc-scan .com
professional-virus-scan .com
proantiviruscomputerscan .com
bestantivirusfastscan .com
premium-advanced-scanner .com
Domain owner:
Name: Aennova M Decisionware
Organization: NA
Address: Rua Maestro Cardim 1101 cj. 112
City: Sgo Paulo
Province/state: NA
Country: BR
Postal Code: 01323
Phone: +5.5113245388
Fax: +5.5113245388
Email: victor@aennovas.com
rapidantiviruspcscan .com(78.46.216.237)
securedserverdownload .com
securedonlinewebspace .com
securedupdateupdatesoftware .com
bestantivirusdefense .com
live-pc-antivirus-scan .com
best-antivirus-protection .com
proantivirusprotection .com
best-anti-virus-scanner .com
best-antivirus-scanner .com
bestantivirusproscanner .com
bestantivirusfastscanner .com
protectedsystemupdates .com
liveantispywarescan .com
live-antispyware-scan .com
internet-antispyware-scan .com
Domain owner:
Vadim Selin anzo45@freebbmail.com
+74952783432 fax: +74952783432
ul. Vorobieva 98-34
Moskva Moskovskay oblast 127129
ru
antivirus-scan-your-pc .com (75.126.175.232; 209.160.21.126)
bestantivirusdefence .com
best-antivirus-defense .com
premiumadvancedscan .com
bestantivirusproscan .com
best-antivirus-pro-scanner .com
internetprotectedpayments .com
Domain owner:
Name: Nikolai V Chernikov
Address: yl. Kravchenko 4 korp. 2 kv.17
City: Moskva
Province/state: NA
Country: RU
Postal Code: 119334
Email: promasteryouth@gmail.com
It's interesting to point out that so far, none of the hundreds of typosquatted domains is taking advantage of a legitimate online payment processor. Instead, they not only self-service themselves, but offer to process payments for other participants in the affiliate network. In respect to these bogus domains, we have the following payment processors working for them :
secure.softwaresecuredbilling .com (209.8.45.122) registered to Viktor Temchenko (TemchenkoViktor@googlemail.com )
secure.goeasybill .com (209.8.25.202) registered to Chen Qing (dophshli@gmail.com)
secure-plus-payments .com (209.8.25.204) registered to John Sparck (sparck000@mail.com)
live-antiviruspc-scan .com
professional-virus-scan .com
proantiviruscomputerscan .com
bestantivirusfastscan .com
premium-advanced-scanner .com
Domain owner:
Name: Aennova M Decisionware
Organization: NA
Address: Rua Maestro Cardim 1101 cj. 112
City: Sgo Paulo
Province/state: NA
Country: BR
Postal Code: 01323
Phone: +5.5113245388
Fax: +5.5113245388
Email: victor@aennovas.com
rapidantiviruspcscan .com(78.46.216.237)securedserverdownload .com
securedonlinewebspace .com
securedupdateupdatesoftware .com
bestantivirusdefense .com
live-pc-antivirus-scan .com
best-antivirus-protection .com
proantivirusprotection .com
best-anti-virus-scanner .com
best-antivirus-scanner .com
bestantivirusproscanner .com
bestantivirusfastscanner .com
protectedsystemupdates .com
liveantispywarescan .com
live-antispyware-scan .com
internet-antispyware-scan .com
Domain owner:
Vadim Selin anzo45@freebbmail.com
+74952783432 fax: +74952783432
ul. Vorobieva 98-34
Moskva Moskovskay oblast 127129
ru
antivirus-scan-your-pc .com (75.126.175.232; 209.160.21.126)
bestantivirusdefence .com
best-antivirus-defense .com
premiumadvancedscan .com
bestantivirusproscan .com
best-antivirus-pro-scanner .com
internetprotectedpayments .com
Domain owner:
Name: Nikolai V Chernikov
Address: yl. Kravchenko 4 korp. 2 kv.17
City: Moskva
Province/state: NA
Country: RU
Postal Code: 119334
Email: promasteryouth@gmail.com
secure.softwaresecuredbilling .com (209.8.45.122) registered to Viktor Temchenko (TemchenkoViktor@googlemail.
secure.goeasybill .com (209.8.25.202) registered to Chen Qing (dophshli@gmail.com)
secure-plus-payments .com (209.8.25.204) registered to John Sparck (sparck000@mail.com)
Try the very latest rogue security domains courtesy of three domainers (Fedor Ibragimov cndomainz@yahoo.com, Anton Golovaykgpdomains@yahoo.com and Ivan Durov idomains.admin@gmail.com ) whose portfolios can always keep you updated about the latest releases of such popular software as The Best Antivirus Cleaner 2008.
powerfullantivirusscan .com (78.159.118.217; 89.149.253.215; 208.72.168.185)
protection-update .com
updatepcprotection .com
updateyourprotection .com
mac-imunizator .net (67.205.75.10)
avproinstall .com (78.157.141.26)
winavpro .com (92.241.163.30)
As far as proactive threat intell is concerned, try the following "upcoming fake security software domains" :
spywaredefender2009 .com
spywaredestroyer2009 .com
spywareeliminator2009 .com
spywareprotector2009 .com
powerfullantivirusscan .com (78.159.118.217; 89.149.253.215; 208.72.168.185)
protection-update .com
updatepcprotection .com
updateyourprotection .com
mac-imunizator .net (67.205.75.10)
avproinstall .com (78.157.141.26)
winavpro .com (92.241.163.30)
As far as proactive threat intell is concerned, try the following "upcoming fake security software domains" :spywaredefender2009 .com
spywaredestroyer2009 .com
spywareeliminator2009 .com
spywareprotector2009 .com
Last week, the noadware .net (69.20.71.82; 69.20.104.139) software was persistently advertised in such a way, mostly by generating Wordpress accounts promising to remove competing software :
antiviruspro2009.wordpress .com
ultraantivirus2009.wordpress .com
smartantivirus.wordpress .com
antiviruslab2009.wordpress .com
antivirusvip.wordpress .com
personaldefender2009.wordpress .com
malwareremoval.wordpress .com
Naturally, it didn't take long before blackhat SEO farms were created for the purpose, like these very latest ones :
removal-tool.blogspot .com
cgidoctor .com
spywareremoval .net
spyware-adware-remover .com
spywarestop .com
zero-adware .net
adware-remove .com
antispywaresecrets .com
protectyourcomputerfromspyware .info
cleanpcfree .net
spyware-bot .com
spywarezapper.co .uk
thepcsecurity .com
noadware-official-site .com
spywaredoctorfavor .cn
removespywareedge .cn
thespywareremover .com
virusremovalguru .com
virusremovalguide .org
The day when fake security software sites start attracting traffic by promising to remove other fake security software, is the day when we have clear evidence that an ecosystem has emerged.
antiviruspro2009.wordpress .com
ultraantivirus2009.wordpress .com
smartantivirus.wordpress .com
antiviruslab2009.wordpress .com
antivirusvip.wordpress .com
personaldefender2009.wordpress .com
malwareremoval.wordpress .com
Naturally, it didn't take long before blackhat SEO farms were created for the purpose, like these very latest ones :
removal-tool.blogspot .com
cgidoctor .com
spywareremoval .net
spyware-adware-remover .com
spywarestop .com
zero-adware .net
adware-remove .com
antispywaresecrets .com
protectyourcomputerfromspyware .info
cleanpcfree .net
spyware-bot .com
spywarezapper.co .uk
thepcsecurity .com
noadware-official-site .com
spywaredoctorfavor .cn
removespywareedge .cn
thespywareremover .com
virusremovalguru .com
virusremovalguide .org
The day when fake security software sites start attracting traffic by promising to remove other fake security software, is the day when we have clear evidence that an ecosystem has emerged.
premium-pc-scan .com(78.159.118.217; 89.149.253.215; 91.203.92.47)
antivirus-pc-scan .com (208.72.169.100)
securityfullscan .com (84.243.197.184)
antivirus-live-scan .com (84.243.196.136; 89.149.227.196)
windefender-2009 .com - (200.63.45.55)
windefender2009 .com
antivirus-pc-scan .com (208.72.169.100)
securityfullscan .com (84.243.197.184)
antivirus-live-scan .com (84.243.196.136; 89.149.227.196)
windefender-2009 .com - (200.63.45.55)
windefender2009 .com
save-my-pc-now .com
real-antivirus .com
liveantivirustest .com
antiviruspctest .com
premium-live-scan .com
liveantivirustest .com
antiviruspersonaltest .com
mysecuritysupport .com
updateyourprotection .com
antivirus-premiumscan .com
securitylivescan .com
security-full-scan .com
secured-liveupdate .com
livepcupdate .com
protection-update .com
antivirus-scan-online .com
xpsoftupgrade .com
live-virus-defence .com
real-antivirus .com
liveantivirustest .com
antiviruspctest .com
premium-live-scan .com
liveantivirustest .com
antiviruspersonaltest .com
mysecuritysupport .com
updateyourprotection .com
antivirus-premiumscan .com
securitylivescan .com
security-full-scan .com
secured-liveupdate .com
livepcupdate .com
protection-update .com
antivirus-scan-online .com
xpsoftupgrade .com
live-virus-defence .com
antivirus-freescan .com(208.72.169.100)
defendyourpc .com
mycupupdate .com
secureupdatecenter .com
secureupdateserver .com
webscannertools .com
secureyourpayments .com
protection-overview .com
save-my-pc-now .com (84.243.196.136; 89.149.227.196; 89.149.227.232)
antivirus-pcscan .com
hiqualityscan .com
active-scanner .com
perfectscanner .com
livesecurityinfo .com (216.240.134.208)
protection-freescan .com
antvirushelp .com
prosecurity-audit .com
scan-my-pc .com (89.149.251.56)
securedclickhere .com
premiumlivescan .com(78.159.118.217; 89.149.253.215; 216.240.134.211)
quick-live-scan .com
ekerberos .com(77.244.220.134; 119.47.81.140; 218.106.90.227)
virtualpcguard .com(67.55.81.200)
antivirus-vip .com (216.32.76.87)
defendyourpc .com
mycupupdate .com
secureupdatecenter .com
secureupdateserver .com
webscannertools .com
secureyourpayments .com
protection-overview .com
save-my-pc-now .com (84.243.196.136; 89.149.227.196; 89.149.227.232)
antivirus-pcscan .com
hiqualityscan .com
active-scanner .com
perfectscanner .com
livesecurityinfo .com (216.240.134.208)
protection-freescan .com
antvirushelp .com
prosecurity-audit .com
scan-my-pc .com (89.149.251.56)
securedclickhere .com
premiumlivescan .com(78.159.118.217; 89.149.253.215; 216.240.134.211)quick-live-scan .com
ekerberos .com(77.244.220.134; 119.47.81.140; 218.106.90.227)
virtualpcguard .com(67.55.81.200)
antivirus-vip .com (216.32.76.87)
go-scan-pro .com(78.157.143.184)
internet-antivirus-2008 .com
ia-stat-ia .com
ia-scanner-pc .com
ia-scanner-pro .com
goscanpc .com
go-iascan .com
ia-install-pro .com
ia-scan-pro .com
ia-scanner-pro .com
ia-scanpro .com
ia-scannerpro .com
ia-free-scanner .com
ia-scan-now .com
online-antivirus .net(91.203.70.57)
virus-scan-online .com
online-virus-scanning .com
scanner-protection .com
online-scan .net
s-avirus2009 .com(92.241.177.70)
sa-vir2009-buy .com
s-avir2009-buy .com
xpas-2009 .com (96.9.135.85; 206.161.120.26)
xp-as-2009 .com
antimalwaresuite2009 .com (58.65.234.193)
cleaner2009pro .com
pcdefender2008 .com (89.149.241.228)
database-virus .com (75.125.215.35)
internet-antivirus-2008 .com
ia-stat-ia .com
ia-scanner-pc .com
ia-scanner-pro .com
goscanpc .com
go-iascan .com
ia-install-pro .com
ia-scan-pro .com
ia-scanner-pro .com
ia-scanpro .com
ia-scannerpro .com
ia-free-scanner .com
ia-scan-now .com
online-antivirus .net(91.203.70.57)virus-scan-online .com
online-virus-scanning .com
scanner-protection .com
online-scan .net
s-avirus2009 .com(92.241.177.70)
sa-vir2009-buy .com
s-avir2009-buy .com
xpas-2009 .com (96.9.135.85; 206.161.120.26)
xp-as-2009 .com
antimalwaresuite2009 .com (58.65.234.193)
cleaner2009pro .com
pcdefender2008 .com (89.149.241.228)
database-virus .com (75.125.215.35)
pcvirusremover2008 .com(78.157.142.47; 92.62.101.67)
registrydoctorpro2008 .com
powerfulvirusremover2008 .com
registrydoctor2008 .com
topregistrydoctor2008 .com
securefileshredder2009 .com
securefilesshred .com
registrydoctor2008-scan .com
registrydoctor2008-pro .com
prosecureexpertcleanerpro .com
supersecurefileshredder .com
hypersecurefileshredder .com
securefilesshredder .com
secureexpertcleaner .com
winsecureexpertcleaner .com
prosecureexpertcleaner .com
yoursecureexpertcleaner .com
bestsecureexpertcleaner .com
mysecureexpertcleaner .com
energysavecenter .com
virusremover2008plus .com
malwarecrashpro .com(195.5.117.248)
antimalwareguard .com
malwarecrash .com
antimalwareguardpro .com
antimalwaremasterpro .com
xp-antispyware-2009 .com(206.161.120.21)
xp-antispyware2009 .com(206.161.120.20)
xp-as-2009 .com (206.161.120.24)
xpantispyware-2009 .com (206.161.120.22)
xpas2009 .com (206.161.120.23)
killwinpc .com (200.63.45.20)
registryupdate .org(216.122.218.11)
antivirus-2009-pro .net(217.20.175.44)
a-a-v-2008 .com (92.241.163.27)
aav2008 .com
adv-a-v .com
ietoolsupdate .com (208.72.168.84)
iexplorerfile .com
Registrants of notice for cross-checking purposes :
Sagent Group (adminsagent@gmail.com)
Billy A. Schmitt (admiragroup@yahoo.com)
Shestakov Yuriy (alexvasiliev1987@cocainmail.com )
Andrej Kazanski (akazanski@europe.com)
registrydoctorpro2008 .com
powerfulvirusremover2008 .com
registrydoctor2008 .com
topregistrydoctor2008 .com
securefileshredder2009 .com
securefilesshred .com
registrydoctor2008-scan .com
registrydoctor2008-pro .com
prosecureexpertcleanerpro .com
supersecurefileshredder .com
hypersecurefileshredder .com
securefilesshredder .com
secureexpertcleaner .com
winsecureexpertcleaner .com
prosecureexpertcleaner .com
yoursecureexpertcleaner .com
bestsecureexpertcleaner .com
mysecureexpertcleaner .com
energysavecenter .com
virusremover2008plus .com
malwarecrashpro .com(195.5.117.248)antimalwareguard .com
malwarecrash .com
antimalwareguardpro .com
antimalwaremasterpro .com
xp-antispyware-2009 .com(206.161.120.21)
xp-antispyware2009 .com(206.161.120.20)
xp-as-2009 .com (206.161.120.24)
xpantispyware-2009 .com (206.161.120.22)
xpas2009 .com (206.161.120.23)
killwinpc .com (200.63.45.20)registryupdate .org(216.122.218.11)
antivirus-2009-pro .net(217.20.175.44)
a-a-v-2008 .com (92.241.163.27)
aav2008 .com
adv-a-v .com
ietoolsupdate .com (208.72.168.84)
iexplorerfile .com
Registrants of notice for cross-checking purposes :
Sagent Group (adminsagent@gmail.com)
Billy A. Schmitt (admiragroup@yahoo.com)
Shestakov Yuriy (alexvasiliev1987@cocainmail.
Andrej Kazanski (akazanski@europe.com)
antivirus-scanner-online.com (67.205.75.14)
archivepacker.com (78.157.142.111)
winpacker.com
xh-codec.net
securedownloadcenter.com (89.18.189.44)
winupdates-server.com
browserssecuritypage.com
megatradetds0.com
quickscanpc.com(78.159.118.144)
clickchecker6.com
gensoftdownload.com(91.203.93.25)
online-av-scan2008.com (66.232.105.232)
anothersoftportal09.com
bigfreesoftarchive.com
celebs-on-video-08.com
celebs-on-video-2008.com
cleansoftportal2009.com
hot-p0rntube.com
hot-porn-tube-2008.com
hot-porn-tube2008.com
hot-porn-tube2009.com
justdomain08.com
new-porntube-2008.com
online-av-scan2008.com
s0ftvvarep0rtal.com
s0ftvvareportal.com
s0ftvvareportal08.com
s0ftwarep0rtal08.com
softportalforfun.com
softportalforfun08.com
softportalforfun2008.com
softvvareportal.com
softvvareportal08.com
softvvareportal2008.com
trustedsoftportal06.com
trustedsoftportal2008.com
antivirus-online-08.com(89.187.48.155; 218.106.90.227)
anti-virus-xp.com
anti-virus-xp.net
anti-virusxp2008.net
antimalware09.com
antivirxp.net
av-xp08.net
av-xp2008.com
av-xp2008.net
avx08.net
axp2008.com
e-antiviruspro.com
eantivirus-payment.com
ekerberos.com
online-security-systems.com
xpprotector.com
youpornzztube.com
sp-preventer.com(92.241.163.32)
spypreventers.com
u-a-v-2008.com(92.241.163.31)
uav2008.com
power-avcc.com (92.62.101.57)
power-avc.com
pvrantivirus.com
m-s-a-v-c.com (92.62.101.55)
ms-avcc.com
ms-avc.com
wav2008.com (92.241.163.30)
wiav2009.com
win-av.com
windows-av.com
windowsav.com
xh-codec.net
securedownloadcenter.com (89.
browserssecuritypage.com
megatradetds0.com
gensoftdownload.com(91.203.93.
bigfreesoftarchive.com
celebs-on-video-08.com
celebs-on-video-2008.com
cleansoftportal2009.com
hot-p0rntube.com
hot-porn-tube-2008.com
hot-porn-tube2008.com
hot-porn-tube2009.com
justdomain08.com
new-porntube-2008.com
online-av-scan2008.com
s0ftvvarep0rtal.coms0ftvvareportal.com
s0ftvvareportal08.com
s0ftwarep0rtal08.com
softportalforfun.com
softportalforfun08.com
softportalforfun2008.com
softvvareportal.com
softvvareportal08.com
softvvareportal2008.com
trustedsoftportal06.com
trustedsoftportal2008.com
antivirus-online-08.com(89.anti-virus-xp.net
anti-virusxp2008.net
antimalware09.com
antivirxp.net
av-xp08.net
av-xp2008.com
av-xp2008.net
avx08.net
axp2008.com
e-antiviruspro.com
eantivirus-payment.com
ekerberos.com
online-security-systems.com
xpprotector.com
youpornzztube.com
sp-preventer.com(92.241.163.u-a-v-2008.com(92.241.163.31)
uav2008.com
power-avcc.com (92.62.101.57)
power-avc.com
pvrantivirus.com
m-s-a-v-c.com (92.62.101.55)
ms-avcc.com
ms-avc.com
wav2008.com (92.241.163.30)
wiav2009.com
win-av.com
windows-av.com
windowsav.com
Antivirus-Alert .com (203.117.111.47) where pepato .org a domain that was used in the Wired.com and History.com IFRAME injections, which back in March was also hosted at Hostfresh (58.65.238.59).
softload2008name .com (78.157.143.250)
softload2008nm .com
softload2008n .com
softload2008jq .com
microantivir-2009 .com (91.208.0.223)
scanner.microantivir-2009 .com
microantivir2009 .com
microantivirus-2009 .com
microantivirus2009 .com
ms-scan .com (91.208.0.228)
msscanner .com
ms-scanner .com
Personalantispy .com (93.190.139.197)
freepcsecure .com
quickinstallpack .com
quickdownloadpro .com
advancedcleaner .com
performanceoptimizer .com
internetanonymizer .com
ieprogramming .com (92.62.101.83)
uptodatepage .com
fileliveupdate .com
qwertypages .com
sharedupdates .com
ierenewals .com
norton-antivirus-alert .com
norton-anti-virus-2007 .com
norton-antivirus-2007 .com
norton-antivirus2007 .com
nortonantivirus2007 .com
norton-antivirus-2008 .com
nortonantivirus2008 .com
nortonantivirus2008freedownload .com
norton-antivirus-2009 .com
nortonantivirus2009 .com
norton-antivirus-2010 .com
nortonantivirus2010 .com
nortonantivirus360 .com
nortonantivirus8 .com
nortonantivirusa .com
nortonantivirusactivation .com
norton-antivirus-alert .com
nortonantivirusalerts .com
norton--anti-virus .com
norton-anti-virus .com
norton-antivirus .com
nortonanti-virus .com
nortonantivirus.com
nortonantiviruscom .com
nortonantiviruscorporate .com
nortonantiviruscorporateedition .com
nortonantiviruscoupon .com
nortonantivirusdefinition .com
nortonantivirusdefinitions .com
nortonantivirusdirect .com
Fake Antivirus Inc. is not going away as long as the affiliate based model remains active. If the real vendors were greedy enough not to share the revenues with others, they would have been the one popping up on the radar, compared to the situation where it's the affiliate network's participations greed that's increasing their visibility online.
softload2008name .com (78.157.143.250)
softload2008nm .com
softload2008n .com
softload2008jq .com
microantivir-2009 .com (91.208.0.223)
scanner.microantivir-2009 .com
microantivir2009 .com
microantivirus-2009 .com
microantivirus2009 .com
ms-scan .com (91.208.0.228)
msscanner .com
ms-scanner .com
Personalantispy .com (93.190.139.197)
freepcsecure .com
quickinstallpack .com
quickdownloadpro .com
advancedcleaner .com
performanceoptimizer .com
internetanonymizer .com
ieprogramming .com (92.62.101.83)
uptodatepage .com
fileliveupdate .com
qwertypages .com
sharedupdates .com
ierenewals .com
norton-antivirus-alert .comnorton-anti-virus-2007 .com
norton-antivirus-2007 .com
norton-antivirus2007 .com
nortonantivirus2007 .com
norton-antivirus-2008 .com
nortonantivirus2008 .com
nortonantivirus2008freedownloa
norton-antivirus-2009 .com
nortonantivirus2009 .com
norton-antivirus-2010 .com
nortonantivirus2010 .com
nortonantivirus360 .com
nortonantivirus8 .com
nortonantivirusa .com
nortonantivirusactivation .com
norton-antivirus-alert .com
nortonantivirusalerts .com
norton--anti-virus .com
norton-anti-virus .com
norton-antivirus .com
nortonanti-virus .com
nortonantiviruscom .com
nortonantiviruscorporate .com
nortonantiviruscorporateeditio
nortonantiviruscoupon .com
nortonantivirusdefinition .com
nortonantivirusdefinitions .com
nortonantivirusdirect .com
Fake Antivirus Inc. is not going away as long as the affiliate based model remains active. If the real vendors were greedy enough not to share the revenues with others, they would have been the one popping up on the radar, compared to the situation where it's the affiliate network's participations greed that's increasing their visibility online.
anti-spyware8 .com
anti-spyware4 .com
anti-spyware11 .com
anti-spyware10 .com
antivirus-cs1 .com
antivirus-cs14 .com
antivirus-cs4 .com
antivirus-cs15 .com
antivirus-cs5 .com
antivirus-cs7 .com
antivirus-cs8 .com
antivirus-cs9 .com
trustedpaymenssite .com
altawebgl-500 .com
masterspitetds09 .com
protectionaudit .com
prt3ctionactiv3scan .com
prtectionactivescan .com
smartantivirusv2 .com
smartantivirus2009v2 .com
smartantivirus2009v2-buy .com
smartantivirus-2009v2buy .com
smart-antivirus2009v2buy .com
anti-virus-xp .com
anti-virus-xp .net
e-antiviruspro .com
ultimate-anti-virus .com
antimalwarewarrior2009 .com
spyware-buy .com
superantivirus2009 .com
total-secure2009 .com
pcprivacycleanerpro .com
bestguardownload .com
trustedantivirus .com
antivirus-buy1 .com
spyware-quickscan-2008 .com
securealertbar .com
secureclick1 .com
megantivirus2009 .com
micro-antivirus2008 .com
superantivirus2009 .com
advanced-anti-virus .com
antivirusmaster2009 .com
scanner-online1 .com
internet-scanner2009 .com
filescheck-list303 .com
virus-webscanner .com
virus9-webscanner .com
spamnuker .com
detect-file101 .com
googlescanners-360 .com
onlinescannersite9 .com
bestantivirusscan .com
hottystars .com
internet-defenses .com
globals-advers .com
quickupdates29 .com
myscanners101 .com
myfreescan500 .com
scanthnet .com
scanners-pro .com
megatradetds0 .com
xp-licensingpages .com
bestantivirusscan .com
power-avc .com
pvrantivirus .com
online-xp-antivirus-checker .com
antivir-online-scan .com
online-win-xpantivirus .com
tube-911 .com
favoredmovie .com
getqtysoftware .com
softwareportal2008 .com
megazcodec .com
soft-upgrade-network .com
download-base .com
fastsoftdownloads .com
software-downloadz .com
download-soft-basez .com
plupdate .com
0scan .com
virus-online-scan .com
0scanner .com
porno-tds .com
jirolu .com
virus-online-scanz .com
red-tubbe .info
win-xp-antivir-hqscanne .com
xp-protections .com
xp-registration .com
xp2008-protect .com
getdefender2009 .com
gettotalsec2008 .com
msantivirus-xp .com
xp-licensingpages .com
protectionpurchase .com
winxp-antivir-on-line-scan .com
antispychecker .com
errorofbrowser .com
fresh-video-news .com
newschannel2008 .com
internet--daily-news .com
secure.signupsecurity .com
xpacodec .com
xpbcodec .com
gmkvideo .com
hqsextube08 .com
antivirusworld9 .com
viacodecright1 .com
viacodecright2 .com
quickupdates29 .com
antivirusworld9 .com
scanthnet .com
city-codec .com
citycodec .net
codecdownload.anothersoftportal09 .com
viacodecright2 .com
sextubecodec023dfs41 .com
hot-sextubedriver2 .com
viacodecright2 .com
anti-spyware4 .com
anti-spyware11 .com
anti-spyware10 .com
antivirus-cs1 .com
antivirus-cs14 .com
antivirus-cs4 .com
antivirus-cs15 .com
antivirus-cs5 .com
antivirus-cs7 .com
antivirus-cs8 .com
antivirus-cs9 .com
trustedpaymenssite .com
altawebgl-500 .com
masterspitetds09 .com
protectionaudit .com
prt3ctionactiv3scan .com
prtectionactivescan .com
smartantivirusv2 .com
smartantivirus2009v2 .com
smartantivirus2009v2-buy .com
smartantivirus-2009v2buy .com
smart-antivirus2009v2buy .com
anti-virus-xp .com
anti-virus-xp .net
e-antiviruspro .com
ultimate-anti-virus .com
antimalwarewarrior2009 .com
spyware-buy .com
superantivirus2009 .com
total-secure2009 .com
pcprivacycleanerpro .com
bestguardownload .com
trustedantivirus .com
antivirus-buy1 .com
spyware-quickscan-2008 .com
securealertbar .com
secureclick1 .com
megantivirus2009 .com
micro-antivirus2008 .com
superantivirus2009 .com
advanced-anti-virus .com
antivirusmaster2009 .com
scanner-online1 .com
internet-scanner2009 .com
filescheck-list303 .com
virus-webscanner .com
virus9-webscanner .com
spamnuker .com
detect-file101 .com
googlescanners-360 .com
onlinescannersite9 .com
bestantivirusscan .com
hottystars .com
internet-defenses .com
globals-advers .com
quickupdates29 .com
myscanners101 .com
myfreescan500 .com
scanthnet .com
scanners-pro .com
megatradetds0 .com
xp-licensingpages .com
bestantivirusscan .com
power-avc .compvrantivirus .com
online-xp-antivirus-checker .com
antivir-online-scan .com
online-win-xpantivirus .com
tube-911 .com
favoredmovie .com
getqtysoftware .com
softwareportal2008 .com
megazcodec .com
soft-upgrade-network .com
download-base .com
fastsoftdownloads .com
software-downloadz .com
download-soft-basez .com
plupdate .com
0scan .com
virus-online-scan .com
0scanner .com
porno-tds .com
jirolu .com
virus-online-scanz .com
red-tubbe .info
win-xp-antivir-hqscanne .com
xp-protections .com
xp-registration .com
xp2008-protect .com
getdefender2009 .com
gettotalsec2008 .com
msantivirus-xp .com
xp-licensingpages .com
protectionpurchase .com
winxp-antivir-on-line-scan .com
antispychecker .com
errorofbrowser .com
fresh-video-news .com
newschannel2008 .com
internet--daily-news .com
secure.signupsecurity .com
xpacodec .com
xpbcodec .com
gmkvideo .com
hqsextube08 .com
antivirusworld9 .com
viacodecright1 .com
viacodecright2 .com
quickupdates29 .com
antivirusworld9 .com
scanthnet .com
city-codec .com
citycodec .net
codecdownload.
viacodecright2 .com
sextubecodec023dfs41 .com
hot-sextubedriver2 .com
viacodecright2 .com
The domain in question bestantivirus2009.com - (68.180.151.21) is hosting the binary at bestantivirus2009 .com/setup_1096_MTYwM3wzNXww_.exe and has an IFRAME pointing to huytegygle .com/index.php (200.46.83.246).
Here's another exampleantivirus0003.net with an IFRAME pointing to a different location - 124.217.250.85 /~ave/etc/count.php?o=16.
Despite that these domains are part of the "International Virus Research Lab" fake domains portfolio, it remains to be seen whether others will start multitasking as well.
Here's another exampleantivirus0003.net with an IFRAME pointing to a different location - 124.217.250.85 /~ave/etc/count.php?o=16.Despite that these domains are part of the "International Virus Research Lab" fake domains portfolio, it remains to be seen whether others will start multitasking as well.
04.02.09
mydwnld .com (94.102.51.14; 88.198.8.15; 94.102.51.14)
desktoprepairpackage .com
malwareremovingtool .com
spywareprotectiontool .com
pcantimalwaresolution .com
pcsolutionshelp .com
removespywarethreats .com
yournetcheckonline .com (94.247.2.215)
bestnetcheckonline .com
easynetcheckonline .com
yourwebexamine .com
bestwebexamine .com
easywebexamine .com
yourinternetexamine .com
myinternetexamine .com
linkcanlive .com
yourwebscanlive .com
easywebscanlive .com
internethomecheck .com
websecurecheck .com
websportscheck .com
websmartcheck .com
yournetascertain .com
yournetcheckpro .com
bestwebscanpro .com
security-check-center .com
downloadantivirusplus .com
theantivirusplus .com
myantivirusplus .com
safeyouthnet .com
av-plus-support .com
antispywareproupdates .com (94.76.213.227) Jeanne M Bartels Email: dev@angelespd.com
microsoft.infosecuritycenter .com
microsoft.softwaresecurityhelp .com
professionalupdateservice .com
platinumsecurityupdate .com
platinumsecurityupdate .com
antispywarequickupdates .com (78.137.168.33)
paymentsystemonline .com (213.239.210.54) Jerom M Collins Email:admin@routerpayments.com
liveupdatesoftware .com
royalsoftwareupdate .com
protectionsoftwarecheck .com
securitysoftwarecheck .com
privateupdatesystem .com
updatesoftwarecenter .com
updateprotectioncenter .com
updatepcsecuritycenter .com
powerdownloadserver .com
rapidsoftwareupdates .com
professionalsoftwareupdates .com
allsoftwarepayments .com
powerfullantivirusproduct .com
securedprostatsupdates .cn
liveantimalwareproscan .com (91.211.64.47) Giang B Ahrens Email: chu-thi-huong@giang.com
liveantimalwarequickscnan .com
online-antimalware-scanner .com
advancedprotectionscanner .com
advancedproantivirusscanner .com
securedsystemupdates .com (78.47.248.113) Anatoliy Lushko Email: tvdomains@lycos.com
premiumworldpayments .com
systemsecuritytool .com (209.44.126.16)
systemsecurityonline .com
internetsafetyexamine .com (91.212.65.55)
youronlinestability .com
promotion-offer .com (78.46.148.49; 85.17.254.158; 88.198.233.225; 89.248.168.46) Email: Roland Peters rolandpeters@europe.com
During March, a new type of scareware with elements of ransomware started circulating in the wild. It will be interesting to monitor whether it will become the de-facto standard for optimizing revenues out of rogue security software.
desktoprepairpackage .com
malwareremovingtool .com
spywareprotectiontool .com
pcantimalwaresolution .com
pcsolutionshelp .com
removespywarethreats .com
yournetcheckonline .com (94.247.2.215)
bestnetcheckonline .com
easynetcheckonline .com
yourwebexamine .com
bestwebexamine .com
easywebexamine .com
yourinternetexamine .com
myinternetexamine .com
linkcanlive .com
yourwebscanlive .com
easywebscanlive .com
internethomecheck .com
websecurecheck .com
websportscheck .com
websmartcheck .com
yournetascertain .com
yournetcheckpro .com
bestwebscanpro .com
security-check-center .com
downloadantivirusplus .com
theantivirusplus .com
myantivirusplus .com
safeyouthnet .com
av-plus-support .com
antispywareproupdates .com (94.76.213.227) Jeanne M Bartels Email: dev@angelespd.com microsoft.infosecuritycenter .com
microsoft.softwaresecurityhelp .com
professionalupdateservice .com
platinumsecurityupdate .com
platinumsecurityupdate .com
antispywarequickupdates .com (78.137.168.33)
paymentsystemonline .com (213.239.210.54) Jerom M Collins Email:admin@routerpayments.com
liveupdatesoftware .com
royalsoftwareupdate .com
protectionsoftwarecheck .com
securitysoftwarecheck .com
privateupdatesystem .com
updatesoftwarecenter .com
updateprotectioncenter .com
updatepcsecuritycenter .com
powerdownloadserver .com
rapidsoftwareupdates .com
professionalsoftwareupdates .com
allsoftwarepayments .com
powerfullantivirusproduct .com
securedprostatsupdates .cn
liveantimalwareproscan .com (91.211.64.47) Giang B Ahrens Email: chu-thi-huong@giang.com liveantimalwarequickscnan .com
online-antimalware-scanner .com
advancedprotectionscanner .com
advancedproantivirusscanner .com
securedsystemupdates .com (78.47.248.113) Anatoliy Lushko Email: tvdomains@lycos.com
premiumworldpayments .com
systemsecuritytool .com (209.44.126.16)
systemsecurityonline .com
internetsafetyexamine .com (91.212.65.55)
youronlinestability .com
promotion-offer .com (78.46.148.49; 85.17.254.158; 88.198.233.225; 89.248.168.46) Email: Roland Peters rolandpeters@europe.com
During March, a new type of scareware with elements of ransomware started circulating in the wild. It will be interesting to monitor whether it will become the de-facto standard for optimizing revenues out of rogue security software.
Labels: Fake security sites
posted by gerald at
2/22/2009 02:24:00 PM
READ MORE
READ OR SUBSCRIBE, Our WAR OSINT on Twitter
Tweet
0 Comments:
Post a Comment
Subscribe to Post Comments [Atom]
<< Home