 |
|
|
Thread Tools | Display Modes |
|
#1
06-27-2009, 12:08 AM
|
|||
|
Large cluster of fake AV
This is a pretty large number of domains on the same IP address delivering scareware programs.
 The IP is 209.44.126.241 besecurityguardian.com bestyourtrust.com bitsecuritycenter.com brasll.com fullpcvirusscan.com fullsecurityaction.com gisecurityshield.com godsecurityarchive.com hortshieldpc.com hupersecuritydot.com intellectsecfind.com intellectsecurityshield.com libecoolsites.com libertysecuritytool.com mail.allowedwebsurfing.com mail.godsecurityarchive.com mail.hupersecuritydot.com mail.intellectsecurityshield.com mail.libecoolsites.com mail.moregreatsites.com mail.souptotalsecurity.com mail.uniqtrustedweb.com mail.upsecurityscanned.com moregreatsites.com mx241.brasll.com ns1.godsecurityarchive.com ns1.hupersecuritydot.com ns1.libecoolsites.com ns1.moregreatsites.com ns1.souptotalsecurity.com ns1.truesecuredpcs.com ns1.uniqtrustedweb.com resecurityaction.com scanpcsecurity.com scantrustsecurity.com securetopshield.com securexdetect.com securityfastscan.com securityshieldcenter.com securityuniqscan.com sidewebvirusscan.com souptotalsecurity.com thefirstupper.com todaysecuritytop.com totalsitesarchive.com totalvirusshield.com uniqtrustedweb.com upsecurityscanned.com virusdestroyerboost.com www.allowedwebsurfing.com www.bestwebscantools.com www.fullsecurityaction.com www.fullvirusprotection.com www.hupersecuritydot.com www.intellectsecurityshield.com www.moregreatsites.com www.truevirusshield.com xvirusdescan.com Also shown in this graph:  I downloaded one of the files and detection on VirusTotal is fairly low (8/41)  Just out of curiosity, I checked it against our Zheng heuristic system and we proactively detect it already :-)  Jerome Segura Malware ID: bb2de997ea9d38c1895b6e115e16407b.zip 
|
||
|
«
Previous Thread
|
Next Thread
»
| Thread Tools | |
| Display Modes | |
Linear Mode
|
|
