Saturday, April 4, 2009

Rogueware AntivirusPlus - thegreatsecurity.com

Rogueware AntivirusPlus - thegreatsecurity.com, todaybestscan.com

Another list of malicious domain promoting rogue software associated with "AntivirusPlus"

READ THIS page if you need more information

easyincomeprotection.cn (Also have 6 different template)
bigdefense2u.cn
easydefenseonline.cn
easyincomeprotection.cn
easypersonalprotection.cn
examineillnesslive.cn
freedefenseforyou.cn
mycheckdiseasepro.cn
mycheckdiseasestore.cn
mydefense4u.cn
mydefense4you.cn
myguardforyou.cn
newguard4u.cn
newguard4you.cn
refugepro.cn
yourguard4you.cn
yourguardforyou.cn
yourguardonline.cn
yourguardpro.cn

Anubis - VirusTotal

Created 30-mar-2009

Registered with "广东时代互联科技有限公司" translated into english the result beeing:

"Time Internet Technology Co., Ltd. Guangdong" also cited as registrar for hosting SCAM websites here

DDK-Group-Inc.
EFS-Capital-Group-Inc
tdk-group-inc
e-innovative-inc

DNS:

ns1.pubilcnameserver7.com [94.247.2.215]
ns2.pubilcnameserver7.com [94.247.2.216]

Using the same DNS we have:

easyaddedantivirus.com [94.247.2.215]
yourcountedantivirus.com [94.247.2.215]

Created 30-mar-2009

Registrar used: BIZCN.COM, INC.



Application screenshot (Alias: FakePlus)



topsoftscanner.com [209.44.126.14]

Created 25-mar-2009

No whois info - PrivacyProtect.org
Registrar used: DIRECTI INTERNET SOLUTIONS PVT. LTD

thegreatsecurity.com [209.44.126.14]

hxxp://golkis.dnip.net/online-j49/yornt.html
Javascrit Analysis by Wepawet

Seen on Alexa
"The Google cache has been updated and the link has been removed."


Created 03-apr-2009

No whois info - PrivacyProtect.org
Registrar used: DIRECTI INTERNET SOLUTIONS PVT. LTD

checkonlinesecurity.com [209.44.126.14]

Created 05-apr-2009

No whois info - PrivacyProtect.org
Registrar used: DIRECTI INTERNET SOLUTIONS PVT. LTD

todaybestscan.com [209.44.126.14]

Created 05-apr-2009

No whois info - PrivacyProtect.org
Registrar used: DIRECTI INTERNET SOLUTIONS PVT. LTD

Using these two DNS:

ns1.fuckmoneycash.com [209.44.126.15]
ns2.fuckmoneycash.com [209.44.126.16]

Title: My computer Online Scan







Template used:
 

Template AntivirusPlus from onlinescanweb.com
Template AntivirusPlus from onlinescanweb.com
onlinewebscan.com AntivirusPlus Template 1 onlinewebscan.com AntivirusPlus Template 1 bis
onlinewebscan.com RapidAntivirus Template 1
onlinewebscan.com RapidAntivirus Template 1 bis
onlinewebscan.com RapidAntivirus Template 2
onlinewebscan.com RapidAntivirus Template 3
onlinewebscan.com RapidAntivirus Template 3 bis
onlinewebscan.com AntivirusPlus Template
onlinewebscan.com AntivirusPlus Template 2

Posted by at
Labels: , , , , , , ,