Malware Web Threats: SecuredPaymentSystem.com - antivirus360-protection.com - Antivirus360

Thursday, March 12, 2009

SecuredPaymentSystem.com - antivirus360-protection.com - Antivirus360 - Rogue_Antivirus

antivirusplus2009.net, securedpaymentsystem.com
Rogue_Antivirus- Antivirus360

Hosted on:

94.247.2.215 (hs.2-215.zlkon.lv)
215.2.247.94.in-addr.arpa IN PTR hs.2-215.zlkon.lv

whois details

"DATORU EXPRESS SERVISS" Ltd.
94.247.0.0/21

ZlKon HostMaster
94.247.2.0 - 94.247.3.255

Latvia
Kirovohrad Oblast
ns6.public-ns.com
ns5.public-ns.com
AD5952-RIPE

Site in conjunction with securedpaymentsystem. com

allsoftwarepayments. com
antispywareupdateservice. com
basicsconsumersupport. cn
devinepromotions. cn
fastuploadserver. com
internetupdatesystem. com
liveupdateprotection. com
livesoftwareupdates. com
live-pc-update. com
noonelivesforever. cn
onlinesoftwareupdate. com
pc-defence-update. com
powerfullantivirusproduct. com
privateupdatesystem. com
privaetprotectedupdates. com
professionalinternetupdates. com
professionalsoftwareupdates. com
prosecurityupdates. com
prosoftwareupdates. com
protectedsecurityaudit. cn
protectedprivacyupdate. com
protectedsecurityaudit. cn
protectionsoftwarecheck. com
protectionsystemcheck. com
proupdatessoftware. com
rapidsoftwareupdates. com
royalsoftwareupdate. com
securedosupdates. cn
secure.securedpaymentsystem. com
securedpaymentsystem. com
securedprosoftwareupdate. cn
securedprostatsupdates. cn
securedsoftwareproupdate. cn
securedsoftwareupdate. cn
securedupdateslive. cn
securedwindowsupdate. cn
securitysoftwarecheck. com
softwareupdatessystem. com
softwaresecurityupdates. com
thankyou4check. com
updatepcsecuritycenter. com
updateprotectioncenter. com
updatesoftwarecenter. com
windowssecurityupdates. cn

Some domain to block

Same template:

approved-payments. com
central-scan. com	Cryp_FakeAV-9 Family	full.exe
pc-software-payments. com
securedsoftwarepayments. com
paymentsystemonline. com
webscannertools. com
world-trusted-payments. com

By IP

********************
*********************

72.233.64.102	ThreatExpert

	f9671292f66f96dcb23d12929e4f0c74

hxxp://internetupdatesystem. com/download/security.bmp

83.133.126.201	ThreatExpert

	84e641b88eb256ee4979f6eaeadbc53b
	71c6b265c6ee68e2dde825d96b4575b9

hxxp://internetupdatesystem. com/download/security.bmp

83.133.126.201	ThreatExpert

	84e641b88eb256ee4979f6eaeadbc53b

hxxp://windowssecurityupdates. cn/order_xp.php?ver=1

72.233.64.102
	71c6b265c6ee68e2dde825d96b4575b9

hxxp://internetupdatesystem. com/download/security.bmp

78.47.91.153	ThreatExpert

	a31ae007e5b722a93f083e5c47b5e350
	bf143d7b12b59fe6faf20c6fdaa4b4b9
	bf307ed85749900ffcf7ab3fb4deae48
	d091b93cd6f8d6aef7ff839e37db1c72
	1c9f11956c5edf0a8c87e0e3598eceed
	230c7ad29294771b81d835abb842919e
	4561cee1e10687756c2a327df89c066d
	798b4ee1141e547bb9093a11514f777b
	9aad9308ce5ea47878df717f2413cb8d

hxxp://securedupdateslive. cn/order_xp.php?ver=1

89.149.208.212

hxxp://proupdatessoftware. com/download/security.bmp

212.117.165.126	ThreatExpert

	a3937b9d3ee029a420260081eba4c0f6

hxxp://updatesoftwarecenter. com/download/security.bmp
hxxp://thankyou4check. com/order_xp.php?ver=1

78.47.248.113	ThreatExpert

	11bd6f30f886ee61ed6abbed0b5398ad
	17613df8694a83a40052c1009aee31f8
	356e297ca6633b6cc3be9cfa3b1f0fef

hxxp://securedsoftwareupdate. cn/order_xp.php?ver=1
hxxp://powerfullantivirusproduct. com/order_av.php?ver=1
hxxp://secure.securedpaymentsystem. com/psbill/?ver=1

89.149.217.205

hxxp://softwaresecurityupdates. com/download/security.bmp

78.47.248.113	ThreatExpert

	2815f8982342fd53e1d8ae645a7f3611
	36a181bbdff14a7a1585df5b9655eaa7
	7cc901c53f2f209350cbd9fcc84c1cbf

hxxp://securedsoftwareupdate. cn/order_xp.php?ver=1

89.149.217.205

hxxp://softwaresecurityupdates. com/download/security.bmp

94.247.3.40	ThreatExpert

	26b2d11ac1b65ad89b91b000e51eb584
	2c4447e1b7f4b91c5ec394e6576237f9
	32164301e17e954949df09687374b347
	e2ab58cf0017f39f4cc692e41d5015ec

hxxp://softwareupdatessystem. com/download/security.bmp
hxxp://securedwindowsupdate. cn/order_xp.php?ver=1

78.47.91.153

hxxp://thankyou4check. com/order_xp.php?ver=1

212.117.165.126	ThreatExpert

	ce355dfe8bce2d60187662f444b21d45

hxxp://updatesoftwarecenter. com/download/security.bmp

78.47.91.153

hxxp://thankyou4check. com/order_xp.php?ver=1

78.47.172.66	ThreatExpert

	c42ff11a1046a865260a5bc4d8eff699

hxxp://securedsoftwareproupdate. cn/order_xp.php?ver=1

89.149.227.225

hxxp://livesoftwareupdates. com/download/security.bmp

83.133.126.201	ThreatExpert

	b2d165288d4847f9b8f5658ab083ea91
	d8734930cd824eb949bc29b07a4a32d0

hxxp://privateupdatesystem. com/order_xp.php?ver=1

217.117.165.127

hxxp://rapidsoftwareupdates. com/download/av_360glof.exe

Timeout

hxxp://basicsconsumersupport. cn/zsa360/winsystems.dll
hxxp://fastuploadserver. com/zsa360/winsystems.dll

83.133.126.201	ThreatExpert

	6765845b4b09edd8d77fdc47824263d0

hxxp://privateupdatesystem. com/firstrun.php?product=A36&aff=&update=2601/360beta13 &crypt=g&time=11:08:59 AM

Timeout

hxxp://fastuploadserver. com/zsa360/zs880000.exe

83.133.126.201	ThreatExpert

	28859a27ecff105b7f8328c039be1942

hxxp://privateupdatesystem. com/order_xp.php?ver=1

212.117.165.127

hxxp://rapidsoftwareupdates. com/download/av_360glof.exe

Time out:

hxxp://fastuploadserver. com/zsa360/zs880000.exe
hxxp://fastuploadserver. com/zsa360/winsystems.dll

83.133.126.201	ThreatExpert

	3ee5d7b00ba9e56f4749b185c53bd0fa
	3182e5f7f334e89a7c7a34542b84c81e
	9cf80b3a896886c74128eb781ed6752c
	d540d5f317cd1bcd33da5b7ff39980c4
	d9009cd6634c4735aa5bcb5ea404b713

hxxp://privateupdatesystem. com/order_xp.php?ver=1

212.117.165.127

hxxp://rapidsoftwareupdates. com/download/security.bmp

78.47.172.66	ThreatExpert

	4c5ee3323071a4939131c6d1bfa1e0b

hxxp://protectionsoftwarecheck. com/order_xp.php?ver=1

89.149.227.225
File not found

hxxp://updateprotectioncenter. com/download/av_360new.exe
hxxp://fastuploadserver. com/zsa360/winconfig.dll

78.47.172.66	ThreatExpert

	9ec07cf8472b49fd5d03e6e31cd998d2

hxxp://protectionsoftwarecheck. com/order_xp.php?ver=1

89.149.227.225
File not found

hxxp://updateprotectioncenter. com/download/av_360glof.exe
hxxp://fastuploadserver. com/zsa360/zs880000.exe
hxxp://fastuploadserver. com/zsa360/winsystems.dll

78.47.172.66	ThreatExpert

	7353f458765d693c9dfb4bcfc9f89062

hxxp://protectionsoftwarecheck. com/order_xp.php?ver=1

89.149.227.225
File not found

hxxp://updateprotectioncenter. com/download/security.bmp

212.117.165.127	ThreatExpert

	65d416509d176828a882710b4202af95

hxxp://rapidsoftwareupdates. com/download/av_360glof.exe x

Time out:

hxxp://fastuploadserver. com/zsa360/zs880000.exe
hxxp://fastuploadserver. com/zsa360/winsystems.dll

http://safeweb.norton.com/report/show?name=fastuploadserver.com

83.133.126.201
hxxp://securedosupdates.cn/order_xp.php?ver=1

72.233.64.102
hxxp://prosoftwareupdates. com/download/security.bmp

************************
83.133.126.201
hxxp://windowssecurityupdates. cn/order_xp.php?ver=1
hxxp://allsoftwarepayments. com/order_av.php?ver=1

************************
78.47.91.153
hxxp://thankyou4check. com/order_xp.php?ver=1
hxxp://protectionsystemcheck. com/order_av.php?ver=1

************************
http://www.threatexpert.com/report.aspx?md5=2b93fc94d615ba74cd40ec850b971634
hxxp://proupdatessoftware. com/download/security.bmp

************************
http://www.threatexpert.com/report.aspx?md5=183dc3ed230ecd0d09a23522b4d88567
hxxp://fastuploadserver. com/zsa360/winsystems.dll

************************
http://www.threatexpert.com/report.aspx?md5=84adfc43d1b44243a5396062c799aa56
hxxp://proupdatessoftware. com/download/security.bmp

************************
http://www.threatexpert.com/report.aspx?md5=210777b875accb0592235169beff513d
hxxp://proupdatessoftware. com/download/security.bmp

************************
http://www.threatexpert.com/report.aspx?md5=edfc0fe6b7bb16178c2fbb1d0a561f88
hxxp://updateprotectioncenter. com/download/security.bmp

************************
http://www.threatexpert.com/report.aspx?md5=4311231c0eab3b353c21b2bf730266dd

78.47.91.153
hxxp://securedupdateslive. cn/firstrun.php?product=A36&aff=&update=2302/360&c
rypt=g&time=6:44:30 PM

78.46.216.233
hxxp://onlinesoftwareupdate. com/zsa360/winconfig.dll

www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_FAKEAV.AJK&VSect=T

************************
http://www.threatexpert.com/report.aspx?md5=d2cc9741618e4456990a580a43b22ddf

78.47.248.113
hxxp://securitysoftwarecheck. com/firstrun.php?product=A36&aff=&update=2601/360
beta13&crypt=g&time=2:22:41 PM

Time out
hxxp://fastuploadserver. com/zsa360/zs880000.exe
hxxp://fastuploadserver. com/zsa360/winsystems.dll

Analysis:

http://safeweb.norton.com/report/show?name=fastuploadserver.com

************************
http://www.threatexpert.com/report.aspx?md5=85dcd9b6fb374eab383360fc57b9ab50
http://www.threatexpert.com/report.aspx?md5=dc1da98f1fa936e3998ef57273aafe9f

78.47.248.113
hxxp://securitysoftwarecheck. com/order_xp.php?ver=1

89.149.217.205
hxxp://updatepcsecuritycenter. com/download/av_360glof.exe

************************
http://www.threatexpert.com/report.aspx?md5=3e8fa7b6f15501deb73400af48bbc07d

213.239.210.54
hxxp://protectedsecurityaudit. cn/order_xp.php?ver=77001116

Time Out
hxxp://protectedprivacyupdate. com/download/av_360glof.exe
hxxp://privaetprotectedupdates. com/zsa360/winsystems.dll

hxxps://secure.securedpaymentsystem. com/psbill/?ver=77001116

************************
http://www.threatexpert.com/report.aspx?md5=694e2510f569e7450182428764f3a5fb

83.133.126.201
hxxp://privateupdatesystem. com/firstrun.php?product=A36&aff=&update=2401/360
beta13&crypt=g&time=2:24:54 PM

Time Out
hxxp://basicsconsumersupport. cn/zsa360/zs880000.exe

************************
http://www.threatexpert.com/report.aspx?md5=210777b875accb0592235169beff513d
http://www.threatexpert.com/report.aspx?md5=b4f0eec7b06252d57ebc2818c93f4aa2

Filesize: 172,032 bytes

94.247.3.40 hs.3-40.zlkon.lv

hxxp://professionalsoftwareupdates. com/download/security.bmp

************************
http://www.threatexpert.com/report.aspx?md5=0b63ebb55ea0ccdfcb69f796cf4e0865
http://www.threatexpert.com/report.aspx?md5=fd31effec02bae459d106aa97822e55a

78.47.172.66
hxxp://securedpowerupdates. cn/order_xp.php?ver=1

212.117.165.126
hxxp://prosecurityupdates. com/download/security.bmp

************************
http://www.threatexpert.com/report.aspx?md5=048a431eafa602f3810652aa5f10cdc2
http://www.threatexpert.com/report.aspx?md5=e0a95e9d7c4436dabc9c45fbde591c25
http://www.threatexpert.com/report.aspx?md5=e8eda76798358970d0f6912a3ea31615
http://www.threatexpert.com/report.aspx?md5=3ec09f1f143b2f83aae78ac6152d8a2b
http://www.threatexpert.com/report.aspx?md5=540a3d4621f2ddc46a8389b669d0ef3b
http://www.threatexpert.com/report.aspx?md5=919647058036ee4b9ca968fec35912d3
http://www.threatexpert.com/report.aspx?md5=dc844fdcb35befd6a3c0c8f84732bc86

83.133.126.201
hxxp://securedprostatsupdates. cn/order_xp.php?ver=1

212.117.165.127
hxxp://liveupdatesoftware. com/download/security.bmp

************************
http://www.threatexpert.com/report.aspx?md5=f66483379e2aa700b0cb0067609013c0
http://www.threatexpert.com/report.aspx?md5=66577af25af8a1f244fe1dbddbd6f569
http://www.threatexpert.com/report.aspx?md5=86ccd41c5386c98989e460dddc60ca54
http://www.threatexpert.com/report.aspx?md5=9a10b2fb3f67e1f1af367cbda7e59586

Time out
91.211.64.68
hxxp://noonelivesforever. cn/order_xp.php?ver=1

94.247.3.40 hs.3-40.zlkon.lv
hxxp://professionalsoftwareupdates. com/download/security.bmp

Time out
78.47.91.153
hxxp://devinepromotions. cn/order_xp.php?ver=1

212.117.165.126
hxxp://royalsoftwareupdate. com/download/security.bmp

************************
http://www.threatexpert.com/report.aspx?md5=4feb2883a00a4ac67753e8911923b581

78.47.248.113
hxxp://thankyouforinstall. cn/order_xp.php?ver=1

78.47.248.113
hxxp://powerfullantivirusproduct. com/order_av.php?ver=1

78.47.248.115
hxxps://secure.securedpaymentsystem. com/psbill/?ver=1

89.149.217.205
hxxp://antispywareupdateservice. com/download/security.bmp
************************
http://www.threatexpert.com/report.aspx?md5=015835865c30eea3cfa45a53fcfb3648
http://www.threatexpert.com/report.aspx?md5=262eb47abc021b0fe24ea649008de250
http://www.threatexpert.com/report.aspx?md5=366ab787fce44cb116c1e0fcf7804c3a
http://www.threatexpert.com/report.aspx?md5=41fc7f1c23f3ad4aaa302b8c725fdf72
http://www.threatexpert.com/report.aspx?md5=821178fdfba76c1244eb0b92791033fe
http://www.threatexpert.com/report.aspx?md5=f9ec9a2dcf7d9eda8b981587caebc534

78.47.248.113
hxxp://securedprosoftwareupdate. cn/order_xp.php?ver=1

78.47.248.113
hxxp://powerfullantivirusproduct. com/order_av.php?ver=1

78.47.248.115
hxxps://secure.securedpaymentsystem. com/psbill/?ver=1

89.149.217.205
hxxp://professionalinternetupdates. com/download/security.bmp
************************
http://www.threatexpert.com/report.aspx?md5=13addbdc9ce34c437353c9ca57e8c0da1

212.117.165.126
hxxp://royalsoftwareupdate. com/download/security.bmp
************************
http://www.threatexpert.com/report.aspx?md5=88925f04b85d32e66ec94d61866355b5

Time out
hxxp://pc-defence-update. com/firstrun.php?product=A36&aff=&update=1512/360beta4
&crypt=g&time=6:44:30 PM
************************
http://www.threatexpert.com/report.aspx?md5=6ef9a7e4657e59da0d0edf543c656ecf

213.239.210.54
hxxp://protectedsecurityaudit. cn/firstrun.php?product=A36&aff=&update=360beta&
crypt=g&time=9:19:44 PM
************************
http://www.threatexpert.com/report.aspx?md5=6ef9a7e4657e59da0d0edf543c656ecf

Time out
hxxp://live-pc-update. com/firstrun.php?product=A36&aff=&update=1712/360beta7&
crypt=g&time=8:48:41 AM
************************
http://www.threatexpert.com/report.aspx?md5=7c4f33dab4302a98da8d2e0998689a8d

Time out
hxxp://liveupdateprotection. com/firstrun.php?product=A36&aff=&update=1112/360
beta3&crypt=g&time=12:07:38 PM
************************
http://www.threatexpert.com/report.aspx?md5=cd55adb19380a413c88fdb2815ab3e39

78.47.248.113
hxxp://securitysoftwarecheck. com/firstrun.php?product=A36&aff=&update=0202/360
&crypt=g&time=2:22:29 PM

Time out
hxxp://fastuploadserver. com/zsa360/winconfig.dll
************************

Size of malware: 2,711,552 Bytes

Alias:
InternetAntivirus [Symantec]
FakeAlert-AB.gen.e [McAfee]
TROJ_FAKEAV.AKO [TrendMicro]

ThreatExpert Analysis

Topic related:

BlueTack
Antivirus 2009 /2010 / 360 Redirects

Site associated :

The following domain have the same template and same
location for the payload

hxxp://approved-payments. com
hxxp://pc-software-payments. com
hxxp://securedsoftwarepayments. com
hxxp://paymentsystemonline. com
hxxp://webscannertools. com
hxxp://world-trusted-payments.com

The spyware is located on:

hxxp://central-scan.com (212.117.165.126)

File Analysis:

Filename: full.exe
File size: 1597440 bytes
MD5...: 6f2d8bcf1bff87a82e0f88259597b7fb
SHA1..: 532e1dbc668ff41373e959e20454be99bbcbd8c2

TrID..: File type identification
Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
VXD Driver (0.1%)

Alias:

Win32.FraudTool.Antivirus2009
FraudTool.Win32.Antivirus2009
Trojan.FakeAntivirus
Generic Dropper.bw
a variant of Win32/Kryptik.EJ
Mal/FakeAV-I
Antivirus 2009
Cryp_FakeAV-9

***

Virustotal Result
25/39 (64.10%)

***

ThreatExpert Result

***

Packed.Generic.187 [Symantec]
FraudTool.Win32.Antivirus2009.fs [Kaspersky Lab]
Generic Dropper.bw [McAfee]
Mal/FakeVirPk-A, Mal/FakeAV-I [Sophos]
Trojan.FakeAntivirus [Ikarus]

***

Trend Micro Virus Description / Statistics
Cryp_FakeAV-9 Family

***

Sunbelt Software™ CWSandbox Report
Malware Report for ID: 6897949

Malware Web Threat Research

Active attacks: LATEST ADDITIONS

78.129.166.166
Malware drop

my-xtube.com
free-porn-host.com
xmovies-central.com
top-porn-tubes.com
my-fuck-movies.com
youtube-xmovies.com
yourporn-xmovies.com
209.44.126.22
Malware drop: Fake Antivirus

websecuritypolice.com
futureinternetsecurity.com
websecuritybureau.com
techsecurityscan.com
securityexamination.com
webbrowsersecurity.com
onlinebrandsecuritys.com
209.44.126.241
Malware drop: Fake Antivirus

freeforscanpc.com
xvirusdescan.com
trustedwebsecurity.com
allowedwebsurfing.com
truevirusshield.com
greatscansecurity.com
216.240.143.7
Malware drop

better-tube-show.com
hot-tube-area.com
megacooltubes2009.com
91.212.132.11
Malware drop

xmovies-host.com
porn-tube-host.com
91.212.65.54
Malware drop

sdfv-programs.com
91.212.65.55
Malware drop: Fake Antivirus

thesecurityscan.com
91.207.61.37
Malware drop

googleanalytlcs.net
google-analytlcs.com
pornorawa.com
209.44.126.102
Malware drop: Fake Antivirus

star4scan.info
scanfan4.info
scanstar4.info
scanray4.info
scanmix4.info
scanmini4.info
scanatom4.info
209.44.126.102
Malware drop: Fake Antivirus

ray4scan.info
scanmix4.info
206.53.61.74
Malware drop: Fake Antivirus

virussweeperpro.com
update1.virusshieldpro.com
206.53.61.76
Malware drop: Fake Antivirus

virussweeper-scan.net
206.53.61.76
Malware drop: Fake Antivirus

virusshield-scanvirus.net
194.165.4.77
Fraudulent Payment for Rogue AV

securebill09.com/pp/
194.165.4.77
Fraudulent Payment for Rogue AV

winpcdefender09.com
194.165.4.140
Fraudulent Payment for Rogue AV

iantivirus-pro.com
iantiviruspro.com
91.212.65.55
Malware drop: WinWebSecurity

webeyesecurity.com
209.44.126.102
Malware drop: Fake Antivirus

scan4fan.info
fan4scan.info
lux4scan.info
atom4scan.info
scan4mini.info
scan4mix.info
mini4scan.info
scanline6.info
209.44.126.102
Malware drop: Fake Antivirus

scan4star.info
scan4ray.info
scan4atom.info
38.105.19.27
Malware drop: Fake Antivirus

scan6open.com
open6scan.com
scan6fuse.com
fusescan6.com
78.159.115.216
Malware drop: Fake Antivirus

way6scan.com
fuse6scan.com
91.212.65.54
Malware drop

kxc-softwaresportal.com
cls-softwares.com
slk-softwareportal.com2
212.95.58.156
Malware drive-by-download

berusimcom.com
95.129.144.236
Malware drop: Fake Antivirus

winpc-antivirus.com
freewebmypcscan.com
91.212.41.110
Malware drive-by-download

islandtravet.cn
clubmillionswow.cn
litefront.cn
liteauction.cn
melodynew.cn
zyne4ka.com
workfuse.cn
apprecearlyrock.com
91.212.41.96
Malware drive-by-download

goldrushclub.cn
schoolh.cn
designroots.cn
housevisual.cn
rainfinish.cn
bookadorable.cn
91.212.65.55
Malware drop: WinWebSecurity

onlinesecurityhost.com
justwebsecurity.com
globalsecurityscan.com
onlinebrandsecurity.com
internetsafetyexamine.com
youronlinestability.com
78.159.115.215
Malware drop

line4scan.info
scanline4.info
scan4log.info
log4scan.info
logscan4.info
list6scan.com
209.44.126.102
Malware drop: Fake Antivirus

fanscan4.com
starscan4.com
rayscan4.com
mixscan4.com
mixscan4.com
miniscan4.com
209.44.126.102
Malware drop: Fake Antivirus

scan4lux.info
way4scan.info
wayscan4.info
scan4way.info
scanway4.info
main4scan.info
mainscan4.info
scanmain4.info
209.44.126.102
Malware drop: Fake Antivirus

scan4main.info
scan4zoom.info
scan4true.info
scan4user.info
scan4way.info
scantrue4.info

truescan4.info
userscan4.info
wayscan4.info
209.44.126.102
Malware drop: Fake Antivirus

zoomscan4.info
scanmega4.info
scan4mega.info
mega4scan.info
scan4mix.com
scanray4.com
scan4ray.com
ray4scan.com
78.159.115.215
Malware drop: Fake Antivirus

gechscan.info
scangech.info
scangechscan.info
scanscangech.info
freescangech.info
freegechscan.info
gescanch.info
gechscannow.info
78.159.115.215
Malware drop: Fake Antivirus

gescanchnow.info
nowscangech.info
scan4lite.info
scanlite4.info
lite4scan.info
litescan4.info
scan4list.info
scanlist4.info
78.159.115.215
Malware drop: Fake Antivirus

list4scan.info
listscan4.info
lead4scan.info
scan4lead.info
linescan4.info
livescan4.info
scan4line.info
scan4list.info
78.159.115.215
Malware drop

goscanarea.com
goscanelite.com
goscanfile.com
goscanfix.com
goscangoal.com
goscankey.com
goscanmeta.com
goscanmore.com
78.159.115.215
Malware drop

goscannote.com
goscantop.com
goscanwork.com
goareascan.com
goelitescan.com
gofilescan.com
gofixscan.com
gogoalscan.com
78.159.115.215
Malware drop

gokeyscan.com
gometascan.com
gomorescan.com
scanlive4.info
cogech.com
geninch.com
stagech.com
85.17.189.183
IFRAME Attack

firstplumb.info
38.113.1.102
IFRAME Attack

antivirus.vc
209.44.100.58
IFRAME Attack

travelto.uz.ua
209.44.126.241
Malware drop: Fake Antivirus

updateyoursecurity.com
78.129.166.166
Malware drop: Fake Codec

free-xxx-central.com
free-tube-video-central.net
xtube-xmovie.com
porn-tube-movies.com
194.165.4.77
Malware drop

tubeontvgl.com/scan/
tubeontvgl.com/tube/
litetubevideoz.com/scan/
litetubevideoz.com/tube/
loyalvideoz.com/tube/
loyalvideoz.com/scan/
loyal-porno.com/tube/
loyal-porno.com/scan/
194.165.4.77
Malware drop

truepornvideo.com/scan/
truepornvideo.com/tube/
truepornupload.com
videoporntrue.com
64.20.33.156
Malware drop: Fake Antivirus

step6scan.info
stepscan6.info
scanstep6.info
scan6step.info
scan6ray.info
ray6scan.info
fuse6scan.info
fusescan6.info
64.20.33.156
Malware drop: Fake Antivirus

scan6fuse.info
scan6star.info
scanfuse6.info
star6scan.info
195.88.80.41
Malware drop

ded-softportal.com
63.146.2.92
Malware drop

any4scan.info
anyscan4.info
atom4scan.com
atomscan4.com
base4scan.info
basescan4.info
bestscan4.info
bestscan7.com
63.146.2.92
Malware drop

data4scan.info
datascan4.info
easy4scan.info
easyscan4.info
ever4scan.info
everscan4.info
fast4scan.info
fastscan4.info
63.146.2.92
Malware drop

fuse4scan.info
fusescan4.info
goareascan.com
goscanarea.com
gomindscan.com
goscanatom.com
in4st.com
in4tk.com
63.146.2.92
Malware drop

gate4scan.info
gatescan4.info
scan4gate.com
scangate4.info
63.146.2.92
Malware drop

lux4scan.com
luxscan4.com
new7scan.com
newscan4.info
plus4scan.info
plusscan4.info
scan4any.info
scan4atom.com
63.146.2.92
Malware drop

scan4base.info
scan4data.info
scan4easy.info
scan4ever.info
scan4fast.info
scan4fuse.info
scan4list.com
scan4star.com
63.146.2.92
Malware drop

scan7new.com
scanany4.info
scanbase4.info
scanbest4.info
scandata4.info
scaneasy4.info
scanever4.info
scanfast4.info
63.146.2.92
Malware drop

scanfuse4.info
scanmix4.com
scannew4.info
scanplus4.info
scansafe4.info
scanstar4.com
scantool4.info
scanuser4.info
63.146.2.92
Malware drop

home4scan.info
scan4home.info
scanhome4.info
scanzoom4.info
star4scan.com
tool4scan.info
user4scan.info
zoom4scan.info
209.44.126.22
Malware drop: WinWebSecurity

socialsecurityscan.com
thefullvirusscan.com
66.96.252.199
Malware drop: Fake Antivirus

scan4now.info
scannow4.info
now4scan.info
nowscan4.info
scan4tool.info
toolscan4.info
scan4step.info
scanstep4.info
66.96.252.199
Malware drop: Fake Antivirus

scan4safe.info
safescan4.info
scansafe4.info
safe4scan.info
66.96.252.199
Malware drop: Fake Antivirus

gonotescan.com
goscanwork.com
step4scan.info
stepscan4.info
open4scan.info
openscan4.info
scan4open.info
scanopen4.info
69.10.52.11
Malware drop

scan5best.info
scanbest5.info
best5scan.info
bestscan5.info
scan5live.info
live5scan.info
fast5scan.com
66.101.58.54
Malware drop

gotopscan.com
91.207.61.48
Malware drop

wovens.info
216.195.35.99
Drive-by-downloads

seaarch.info/in.cgi?2&group=5
209.44.126.14
Malware drop: Fake Antivirus

allvirusscannow.com
bastvirusscan.com
fullsecurityaction.com
topwinsystemscan.com
totalvirushield.com
totalsystemguard.com
truevirusscan.com
yourpcshield.com
209.44.126.15
NS for malware domain

ns1.ahuliard.com
ns2.ahuliard.com
ns1.moregreatsites.com
ns2.moregreatsites.com
94.247.2.123
Malware drop: Fake Antivirus

avscanonline.com
66.206.17.32
Malware drop

leadscan6.info
listscan6.com
list6scan.info
listscan6.info
litescan6.info
scanlead6.info
scan6list.info
scanlist6.info
66.206.17.32
Malware drop

scan6lead.info
scanlite6.info
scan6line.info
66.206.17.29
Malware drop

in6sd.com
in6iq.com
216.32.83.110
Malware drop

delshiktds.com
gozbest.net
64.92.170.128
Malware drop

myhealtharea.cn
zbesttds.com
64.92.170.129
Malware drop

myhealtharea.net
209.44.126.14
Malware drop: WinWebSecurity

bastvirusscan.com
pcguardscan.com
fastsecurityscan.com
fastviruscleaner.com
firstscansecurity.com
myfirstsecurityscan.com
systemvirusscan.com
totalvirusdestroyer.com
69.10.52.12
Malware drop

fast5scan.com
gowithscan.com
easy5scan.com
goscanlux.com
live5scan.info
new5scan.info
scan5best.info
69.10.52.12
Malware drop

scan5live.info
scan5new.info
78.159.118.229
Malware drop

gomodescan.com
66.206.17.28
Malware drop

base6scan.info
lead6scan.info
leadscan6.info
justscan6.info
just6scan.info
scanbest6.info
scantrue6.com
stepscan6.com
66.206.17.28
Malware drop

scan6data.info
scan6ever.info
scanever6.info
home6scan.info
scanjust6.info
scan6just.info
goscanlux.com
scandata6.com
66.206.17.28
Malware drop

scandata6.info
scan4data.info
scandata4.info
scanmini6.info
scan6lead.info
scanlead6.info
scan6line.info
scan6list.info
66.206.17.28
Malware drop

base6scan.info
justscan6.info
scan6user.com
scanbest6.info
scantrue6.com
stepscan6.com
step6scan.com
scan6user.com
66.206.17.28
Malware drop

scan6fan.info
scanlist6.info
scanlite6.info
gomixscan.com
goonlyscan.com
209.44.126.29
IFRAME Attack

individualpeople.biz
85.17.189.183
IFRAME Attack

firstplumb.info
88.214.202.224
IFRAME Attack

jafarcompany.biz
211.95.73.189
Malware drop

dlsg09.com
dlsgd3.com
getsgd3.com
getsysgd09.com
gomaldef092.com
gosgd3.com
211.95.73.189
Malware drop

scan.systemcleaner22.com
spywareremover21.com
systemguard2009.com
195.88.81.93
Malware drop

top-scanner-av-4pc.com
scan-anti-spy-av.com
scan-antispyware-4pc.com
msscanner-top-pc.com
msscan-files-antivir.com
msscanner-files-av.com
195.88.81.74
Malware drop

files.scanner-antispy-av-files.com
206.53.61.74
Malware drop

ms-load-top-files.com
virussweeper-scan.com/?p
extraantivir.com
87.248.163.58
IFrame

beebest.cn
stopgam.cn
87.248.163.58
Malware drop

098765.com/in.php
999666999.com/in.php
berrousmark2009.com/in.php
massmarker2009.com/in.php
74.125.45.100
Malware drop

goscanhigh.com
195.88.81.37
Malware drop

pro-scanner-av-pc.com
195.88.81.74
Malware drop

scanner-antispy-av-files.com
66.197.154.199
Malware drop: InternetAntivirusPro

anyscan6.info
atom6scan.info
scan6data.com
gofanscan.com
goscanfan.com
goscanstar.com
goscanmini.com
goscanlite.com
66.197.154.199
Malware drop: InternetAntivirusPro

scan6base.info
gominiscan.com
scanbase6.info
gofanscan.com
scanbest6.com
scan6fast.com
any6scan.com
true6scan.com
66.197.154.199
Malware drop

scan6atom.info
scanany6.info
goscanmix.com
209.44.126.14
Malware drop: Fake Antivirus

anytoplikedsite.com
trustsecurityshield.com
topsecurity4you.com
cleanyourpcspace.com
fullsecurityshield.com
greatsecurityshield.com
topsecurityapp.com
fullandtotalsecurity.com
209.44.126.14
Malware drop: Fake Antivirus

securityscan4you.com
securitytopagent.com
checkonlinesecurity.com
inetsecuritycenter.com
scanprotectiononline.com
todaybestscan.com
greatsecurityshield.com
mytoplikedsite.com
78.159.101.22
Malware drop: Fake Antivirus

tool4scan.info
174.142.113.206
Malware drop

best-click-av1.info
download.best-click-av1.info
195.88.81.12
Malware drop

super-top-scan-pro.com
dl.super-top-scan-pro.com
78.26.179.239
Malware drop

anispy-storage-ms.com
dl.anispy-storage-ms.com
84.16.227.223
Malware drop

theonlinesecurityscan.com
zerocleaner.com
195.88.80.207
Malware drop

int.proreportms1.com
195.88.81.93
Malware drop

msscanner-top-av.com
78.26.179.137
Malware drop

files.load-ms-av-soft.com
78.26.179.239
Malware drop

dl.anispy-storage-ms.com
94.247.2.215
Malware drop: AntivirusPlus

av-plus-support.com
bestexaminedisease.cn
freecoverstore.cn
friskdiseaselive.cn
yourfriskdisease.cn
bestdefenselive.cn
bigprotectionlive.cn
bigcoverlive.cn
94.247.2.215
Malware drop: AntivirusPlus

bestcountedantivirus.com
countedantiviruspro.com
myplusantiviruspro.com
addedantivirusonline.com
ascertaindiseasepro.cn
easyserviceprotection.cn
bestcover4u.cn
94.247.2.215
Malware drop: AntivirusPlus

addedantivirusstore.com
addedantiviruslive.com
realantivirusplus.com
yourguardstore.cn
myplusantiviruslive.com
94.247.3.4
NS for attack websites

ns1.webwedesecurity.com
94.247.3.5
NS for attack websites

ns2.webwedesecurity.com
91.212.65.10
Malware drop (Forum XSS)

free-web-scaners.info
trucount3000.com

Italian IP
User:jecknic
Mail: sdertreqw@mail.ru
194.165.4.77
Malware drop

uploadmoviez.com
winpcdown9.com
winpcdown10.com
winpcdown99.exe
92.38.0.41
Malware drop

winpcdown09.com
72.167.121.94
Attack website

tds.ibestadult.info
64.69.32.220
Malware drop

av-pro-check.com
scan-check-pro.com
ms-antiviral-scan-av.com
91.212.41.111
Attack website

lemmydislikes.com
greenhistory.cn
aabg.yrapyatnica.com
91.212.41.119
Attack website

tixwagoq.cn
91.212.65.7
Attack website

paylayos.cn
67.15.192.26
New ATTACK 06-apr: IFRAME

host02.digitaleffex.net
67.15.192.127
New ATTACK 06-apr: IFRAME

ecom.rarebreedfootwear.com
67.15.192.127
New ATTACK 06-apr: IFRAME

islandtravets.cn/in.cgi?6
67.15.192.127
NS for attack websites

ns1.freednshostway.com
ns2.freednshostway.com
ns3.freednshostway.com
ns4.freednshostway.com
ns5.freednshostway.com
67.15.192.127
NS for attack websites

ns1.basicstechnology.com
ns2.basicstechnology.com
ns3.basicstechnology.com
222.186.9.187
Malware drop rogue av

darksideddl.com
secureserver1.cc
secureserver2.cc
secureserver3.cc
secureserver4.cc
secureserver5.cc

67.215.245.9
Malware drop rogue av

totalmalwareprotection.com
totalvirusprotection.com
83.133.123.166
Malware drop rogue av

setup.xpvirusprotection.com/
setup.xpvirusprotection2009.com
66.197.154.198
Malware drop: WinWebSecurity

lite6scan.com
scanany6.com
datascan6.com
goscandata.com
truescan6.com
anyscan6.com
scan6tool.com
stepscan6.com
94.247.2.74
Zlkon Malware drop

hot-girl-sex-tube.com
ms-antiviruschecker.com
ms-antiviruschecker.com
sex-super-tube-site.com
sysantivirstorage.com
94.247.2.85
Zlkon Malware drop

ms-downloadsav.com
pro-antispy-scan.com
94.247.2.132
Zlkon Malware drop

sysantivir-checker.com
94.247.2.212
Zlkon Malware drop

servicedm.cn
94.247.2.48
Zlkon Malware drop

privatesecuritycenter.com

94.247.2.53
Zlkon Malware drop

sysantivir-checker.com
94.247.2.x
Exploits/LuckySploit

94.247.2.48
94.247.2.50
94.247.2.157
94.247.2.195
94.247.2.x
Zlkon Malware TDSS

94.247.2.95
94.247.2.107
94.247.2.157
LuckySploit

gogo2me.net
78.26.179.131
Malware drop

antiviruschecker-ms.net
best-tube-home.com
cool-sext-tube-site.com
msantivirus-checker.com
nanochecker-av.com
78.26.179.132
Malware drop

scan.avnanocheck.com
78.26.179.240
Malware drop

best-as-tube.com
hot-sex-scanner.com
sex-scanner-pro.com
64.69.32.220
Malware drop

antispywarecheck2009.com
antispywarecheck-2009.com
antispywarechecker-2009.com
av-pro-check.com
best-sex-scanner.com
hot-tube-ass.com
64.69.42.139
Malware drop

antispywarechecker2009.com
hot-tube-super-sex.com
ms-checker-best-av.com
64.69.32.228
Malware drop

sysantivirchecker.com
94.247.2.215
Malware drop: AntivirusPlus

bigdefense2u.cn
myascertainpoison.cn
easyaddedantivirus.com
easyincomeprotection.cn
easydefenseonline.cn
examineillnesslive.cn
yourguardpro.cn
yourcountedantivirus.com
94.247.2.215
Malware drop: AntivirusPlus

addedantiviruspro.com
bestfriskviruslive.cn
94.247.2.215
Malware drop: Antivirus2010

easyaddedantivirus.com
easypersonalprotection.cn
freedefenseforyou.cn
mycheckdiseasepro.cn
mycheckdiseasestore.cn
mydefense4u.cn
mydefense4you.cn
myguardforyou.cn
213.163.65.10
Malware drop: AntivirusPlus

iloveyourbrain.com
94.247.2.215
NS for Malware domain

ns1.pubilcnameserver7.com
94.247.2.216
NS for Malware domain

ns2.pubilcnameserver7.com
209.44.126.15
NS for Malware domain

ns1.fuckmoneycash.com
209.44.126.16
NS for Malware domain

ns2.fuckmoneycash.com
94.247.3.40
Malware drop: Antivirus2009

antivirusonlineproscanner.com
fastantimalwarescan.com
94.247.3.40
Malware drop

whereismat.cn
falloutneferwin.cn
tabletpccomputing.cn
whreismyplugnplay.cn
fastantimalwarescan.com
94.247.2.84
Malware drop

files.msas2009dl.com
94.247.2.215
Malware drop: Antivirus2010

newguard4u.cn
newguard4you.cn
refugepro.cn
yourguard4you.cn
myourguardforyou.cn
yourguardonline.cn
yourguardpro.cn
209.44.126.14
Malware drop: WinWebSecurity

mytopvirusscan.com
thegreatsecurity.com
topsoftscanner.com
upyoursecurity.com
213.163.65.10
Malware drop: Fake Codec

tubeloyaln.com
66.197.154.198
Malware drop: WinWebSecurity

litescan6.com
scan6main.com
scan6safe.com
userscan6.com
scan6zoom.com
megascan6.com
nowscan6.com
scan6plus.info
66.197.154.198
Malware drop: WinWebSecurity

goscanside.com
scan6zoom.com
megascan6.com
nowscan6.com
scan6plus.info
78.159.101.27
Malware drop: WinWebSecurity

gohighscan.com
goscanplan.com
78.159.101.27
Malware drop: AntivirusPlus

best4scan.info
new4scan.info
pro4scan.info
scan4live.info
scan4pro.info
goscanlist.com
goscanplan.com
78.159.101.37
Malware drop: WinWebSecurity

fusescan4.com
openscan4.com
scanslot4.com
78.159.101.14
Malware drop: WinWebSecurity

fuse4scan.com
scanfuse4.com
scanlist4.com
scanopen4.com
wayscan4.com
78.159.101.27
Malware drop: WinWebSecurity

scan4plus.info
gofullscan.com
list4scan.com
scan4true.com
scan4open.com
in4iz.com
in4co.com
in4ik.com
78.159.101.27
Malware drop: WinWebSecurity

any4scan.com
scan4way.com
78.159.101.43
Malware drop: WinWebSecurity

slotscan4.com
78.159.101.44
Malware drop: WinWebSecurity

scanstep4.com
78.159.101.55
Malware drop: WinWebSecurity

scan4data.com
78.159.101.66
Malware drop: WinWebSecurity

scan4fuse.com
scan4lite.com
gotimescan.com
slot4scan.com
69.10.52.12
Malware drop: WinWebSecurity

plus5scan.com
in5ck.com
plusscan5.com
5scanav.com
scan5plus.com
scan5av.com
goscantip.com
69.10.52.12
Malware drop: InternetAntivirusPro

bestscan5.com
in5is.com
in5sk.com
in5ik.com
66.197.154.197
Malware drop: WinWebSecurity

unionshells.net
66.197.154.198
Malware drop: WinWebSecurity

gohardscan.com
goportscan.com
goscanhard.com
goscanmind.com
goscanport.com
goscanquick.com
in4ik.com
scan6mega.com
66.197.154.198
Malware drop: WinWebSecurity

golitescan.com
logscan6.com
home6scan.com
mainscan6.com
goscanplan.com
goscantime.com
66.197.154.199
Malware drop: InternetAntivirusPro

gotipscan.com
scanlite6.com
scan6step.com
scan6log.info
log6scan.info
mainscan6.info
gen6in.com
gen6iz.com
66.197.154.199
Malware drop: InternetAntivirusPro

scan6lite.com
scanlive6.info
linescan6.info
scanstep6.com
in6st.com
in6iz.com
in6ck.com
in6sk.com
66.197.154.xxx
Malware drop: InternetAntivirusPro

66.197.154.197
66.197.154.198
66.197.154.199
66.197.154.200
66.197.154.201
72.232.186.18
Malware site: WinWebSecurity

systemsecurityline.com
212.95.63.237
Redirectors

netservice1.net
netservice2.net
78.26.179.34
Malware drop: Privacy components

tube-funs-world.com
78.26.179.28
Malware drop: Fake Codec

adult-tube-downloads.net
209.44.126.14
Malware drop: WinWebSecurity

bestfiresfull.com
fuckmoneycash.com
getpcguard.com
getscanonline.com
mostpopularscan.com
onlinescandetect.com
onlinescanservice.com
popularpcscan.com
209.44.126.14
Malware drop: WinWebSecurity

runpcscannow.com
scanalertspage.com
scanvistanow.net
yourstabilitysystem.com
vistastabilitynow.com
vistastabilitynow.net
209.44.126.16
Malware drop: WinWebSecurity

systemsecurityonline.com
systemsecuritytool.com
209.44.126.22
Malware drop: WinWebSecurity

onlinestabilityguide.com
onlinestabilityworld.com
protectionskim.com
onlinesafetyscansite.com
safetyscansite.com
securityscansite.com
stabilityaudit.com
wwwsafeexamine.com
205.252.24.226
Malware drop: AntiSpware Pro 2009

antispywarepro.net
netspywarescan.com
online-spyware-scan.net
scanspywareonline.net
94.247.2.215
Malware drop: Antivirus2010

antivirus-plus-new.com
antivirusplussite.com
bestinternetexamine.com
bestnetcheckonline.com
bestwebexamine.com
downloadantivirusplus.com
easynetcheckonline.com
easywebchecklive.com
94.247.2.215
Malware drop: Antivirus2010

addedantiviruslive.com
easywebexamine.com
easywebscanlive.com
internethomecheck.com
linkcanlive.com
linkcanpro.com
myantivirusplus.com
94.247.2.215
Malware drop: Antivirus2010

rapldhsare.com
safeyouthnet.com
security-check-center.com
securesoftinternet.com
theantivirusplus.com
websecurecheck.com
websmartcheck.com

94.247.2.215
Malware drop: Antivirus2010

myinternetexamine.com
onlinescanweb.com

94.247.2.215
Malware drop: Antivirus2010

yourinternetexamine.com
yournetascertain.com
yournetcheckonline.com
yournetcheckonline.com
yourwebexamine.com
yourwebscanlive.com
94.247.2.215
Malware drop: AntivirusPlus

linkcanonline.com
yournetascertain.com
94.247.3.3
Malware drop: WinWebSecurity

theonlinesecurity.com
greatonlinesecurityscan.com
webwidesecurity.com
beststabilityscans.com
greatvirusscan.com
internetsafetyskim.com
networkstabilitytrace.com
94.247.3.3
Malware drop: WinWebSecurity

protectionexamine.com
stabilityinetscan.com
webprotectionscan.com
wwwsecurityread.com
94.247.3.74
Malware drop: WinWebSecurity

securityexamine.com
wwwsafetyread.com
securityexamine.com
webnetsafety.com
webprotectionreads.com
websafetynetscan.com
webstabilityscan.com
wwwsafetyscan.com
94.247.2.42
Fraudulent payment system

sales.getpaymentform.com:443
64.191.12.38
Malware drop: MS Antispyware 2009

addantivirus.com
antispyme.com
antispylinks.com
antispylist.com
antiviruscheckout.com
pro-antispyware2009.com
64.191.12.38
Malware drop

syscleanerpro.com
systemcleanerpro.com
system-cleanerpro.com
totalantispyware.com
totalantispyware2009.com
totalantispyware.net
78.129.166.225
Malware drop: WinWebSecurity

wwwprotectionread.com
thestabilityinternet.com
wwwskimonline.com
194.165.4.41
Malware drop+ns: WinWebSecurity

best6scan.com
bestscan6.com
ns1.avscan1.com
newscan4.com
newscan6.com
scan4easy.com
scanbest4.com
194.165.4.140
Malware drop: GeneralAntivirus

goscanlead.com
goscanbase.com
easy6scan.com
general-antivirus.com
generalantivirus.com
goopenscan.com
goscantrue.com
209.85.171.83
Malware drop: WinWebSecurity

lite4scan.com
209.249.222.48
Malware drop: Malware Defender 2009

antiviralscanner14.com
easywinscanner17.com
malwarescanner20.com
protectprivacy18.com
systemscanner19.com
sg9scanner.com
sg10scanner.com
sg11scanner.com
209.160.20.117
Malware drop

antivirus-pro-live-scan.com
84.243.252.160
Redirector

evenmorestats.com
94.102.51.14
Malware drop

securecleanersolution.com
85.17.254.158
Malware drop

promotion-offer.com
94.102.51.14
Malware drop

removespywarethreats.com
84.16.227.222
Malware drop

bestcleaner.us
ultracleaner.biz
91.212.65.29
Malware drive-by-download

free-web-scaners.net
free-web-scaners.biz
free-web-scaners.com

Virus/Malware Analyzer

Scan a malicious file:

ThreatExpert
VirusTotal

Report a malicious domain:

Malware Domain List
hpHosts
Google

Analyzing a suspicious file/URL:

Wepawet Iseclab (JS/Flash/PDF)
Jsunpack (JS/Flash/PDF)
Anubis Iseclab (Executable)

Malware Web Threats

Thursday, March 12, 2009

SecuredPaymentSystem.com - antivirus360-protection.com - Antivirus360 - Rogue_Antivirus

Malware Web Threats Headline

Malware Web Threats

Malware Web Threat Research

Malware Web Based Threats Headline Animator

Blog Archive