No suprised that cybercriminal taking advantage of sad death and earns dollars from fake anti-virus software. Be common sense to secure your networks and advice to use Firefox browser with NoScript module (tight security setting) will reduce the risks. :)
Clicking on the suspicious link will leads to website, where prompt up message ask for installing Rouge Antivirus. Luckily I am not fall to this trick since I am using Linux systems. :)
The downloaded file called "setup_build7_201.exe" was sent to VT, which have very low detection rate (1/41) or (2.44%). The VT result can be get from here.
***********************************
IP Address: 64.86.17.25
go-scanandsearch.com
new-systemguard.net
scan-virus.net
system-shield.net
safety-systemguard.com
nameserver:
ns1.safety-systemguard.com
ns2.safety-systemguard.com
***********************************
IP Address: 64.86.16.118
new-systemguard.com
windows-systemguard.com
my-protectionzone.com
nameserver:
ns1.my-protectionzone.com
ns2.my-protectionzone.com
**********************************
IP Address: 64.86.16.49
guardsearch.com
mysecuredsystem.net
newscan-protect.com
ns2.sabroski.com
ptotectmy-system.com
protect-andsecure.net
windowsprotection-zone.net
nameserver:
ns1.protect-andsecure.net
ns2.protect-andsecure.net
********************************
IP Address: 64.86.16.9
fastscan-protection.com
myonlineguard.com
myprotection-zone.net
scan-secure.com
search-win.com
searchscan-online.com
trackerdiscount.com
windows-systemguard.net
www.yourlocatorusa.com
yourlocatorusa.com
nameserver:
ns1.searchscan-online.com
ns2.searchscan-online.com
*********************************
IP Address: 64.86.16.11
findslocate.com
gosearchguard.net
ipaguide.com
itgosearch.net
landlocatorusa.com
mail.ispsagent.com
ns1.alleips.com
ns1.bestratebid.net
ns1.ispsagent.com
ns2.bestratebid.net
ns2.isps05.com
ns2.ispsagent.com
ns2.rvlocatorusa.com
online-systemscan.net
qualitaetips.com
scansystem-online.net
search-scansystem.com
www.ipaguide.com
www.landlocatorusa.com
nameserver:
ns1.online-systemscan.net
ns2.online-systemscan.net
*********************************
IP Address: 94.102.48.29
adeptofmastery.cn
antivirusscannerv9.com
best-live-lottery.cn
best-live-virus-scanner7.com
bestpersonalprotectionv7.com
beststarwars.cn
bulkdvdreader.cn
fastvirusscanv6.com
firstspywarescannerv1.com
govirusscanner.com
onlineantispywarescanv6.com
onlinebestscannerv3.com
onlinepersonalscanner.com
onlineproantivirusscan.com
personalfolderscanv2.com
personalonlinescanv3.com
private-antivirus-scannerv2.com
secure-antispyware-scanv3.com
securefolderscannerv6.com
securityfolderprotection.com
sex-and-the-city.cn
sitemechanics.cn
space2009city.cn
spyware-scannerv2.com
totalsecurityscannerv3.com
willsmithinc.cn
nameserver:
ns1.freedns.ws
ns2.freedns.ws
ns3.freedns.ws
ns4.freedns.ws
*********************************
Potential malicious domains:
cerutti19.com
displayclub.net
go-scanandsearch.com
go-searchandscan.net
goprotection.net
gotomyprotectedzone.com
mysearchinweb.com
new-systemshield.com
onlinesearch-protection.com
paymentsecurity.net
protectionfield.net
ptotectmy-system.com
scan-virus.net
search-systemshield.com
searchdefender.net
searchsafetyprotection.net
2009elf.com
antivirusfilter-zone.com
bostofsten1.net
galz177.net
lineyou.com
myprotected-system.net
myprotected-zone.com
mysecuredsystem.net
new-systemguard.net
omegaantivir.com
publicpub.net
search-out.net
searchesnet.com
searchsecureguard.com
windowsprotection-suite.com
windowsprotection-suite.net
windowsprotection-zone.net
winprotectionsuite.com
0lenfo.com
go-searchandscan.com
goscan-protect.com
greensice.net
linewebsearch.com
mynewprotection.net
online-scanandsecure.net
onlinesearch-protection.com
protect-andsecure.com
search-scansystem.com
secure-systemguard.net
stratosmusic.com
system-guard.net
systemguard-zone.com
systemguard-zone.net
systemscan-secure.net
windows-systemguard.net
1ingeen.com
4everwe.net
applic137.net
go-scanandprotect.com
gosearch-protection.com
limestee.com
new-systemguard.com
publicpub.net
realsystemguard.com
scan-secure.net
scanandprotect-zone.com
searchsafetyprotection.net
system-shield.net
windows-systemguard.net
winprotection-suite.net
--X0end
0 comments:
Post a Comment