Found this new domain spreading rogue anti-malware programs. These are fraudulent programs trying to extort money from you. This is the same scheme that has been running. This of course was found through search results. Here are the details…
This is similar to the one I previously blogged about that has multiple websites with fake porn websites that try to get you to install a codec.
/promo1/ Fake Adult-archive.net website
/promo2/ Fake porntube.com website
/promo3/ Fake scanning page
/promo4/ Fake sextube website
Whois entry for antivirus-protection-tools.com 78.129.166.166 (Registered 5/27/09)
antispyware-center.com
best-xmovies.com
fuck-me-pumps.com
hot-tube-tuberzzz.net
hot-xmovies.com
my-fuck-movies.com
niche-tube-videos-here.net
security-components.com
top-porn-tubes.com
tubes-xxx-movies.com
tubezzz-boobezzz.net
xtube-downloads.com
xtubes-xmovies.com
xxxtube-for-xxxtube.com
www.antispyware-center.com
www.antovirus-pro.com
www.free-xtubes-host.com
www.porn-hub-xmovies.com
www.porn-movies-central.com
www.top-porn-tubes.com
The referrer in this case was:
http://macrosoftwarego.com/go.php?id=2009-01&key=cd19f5036&p=1.
Whois entry for macrosoftwarego.com 83.133.123.140 (Registered 5/15/09)
advanedmalwarescanner.com
antiviruspaymentsystem.com
antivirusquickscanv1.com
live-payment-system.com
liveavantbrowser2.cn
macrosoftwarego.com
flash_player_plugin.exe
Result: 20/40 (50%)
MD5: 2f03c33b7a8b8a36a0aa1db7b1c78767
VirusTotal
2 Responses to “New rogue domain: antivirus-protection-tools.com”
Leave a Reply
You must login to post a comment.