As usual, BlackHat SEO campaign target Nobel Prize Winner 2009 as one of famous searched news today. Clicking on those malicious will bog users system with fake alerts and warnings, offering to clean the system by installing Rogue Anti-Virus "pcsecure-shield.com and scan-localzone.net "
Lots legitimate websites were compromised to host those malicious pages. For my personal view, I strongly suspect those websites were compromised and serve as "botnet".... and seem Bad Guys going Win for Cyber Space.
Do anyone have project with rogue fighting project that I can participate with ?
Without surprising, Rouge Anti-Virus application just gain low detection rate from Virustotal.
Below are the suspicious domains obtains from the network packet flow..
IP Address: 87.248.163.54
lng84m.xorg.pl
*.traffloader.info
mail.traffloader.info
ns.my2ns.com
bice.md
can-sport.net
cigarettes-sale-online.com
clickits.md
coruptie.net
createfor.net
ippstudio.net
kastika.net
kbarbarians.com
lafaet.com
mebsgroup.net
moldova-bodysport.com
moldsat.com
my-home-cam.com
my2ns.com
myscubadiving.net
olimp-seals.com
optimus10.com
oxena.net
pamparam.md
ratethefaces.com
rezni.net
shipping-cigarettes.net
sliffki.net
ussize.net
utmforum.net
veliman-auto.com
vispas.com
world-computers.net
yoga-moldova.com
yourscubadiving.net
traffloader.info
ajl0c0.xorg.pl
IP Address: 64.86.25.202
mariaclara6.cn
aqidohy.cn
aqutove.cn
aqyifi.cn
arabeih.cn
as34as.com
check-av.net
clfhealingriver.org
freeforfan.net
graves111.com
iryixag.cn
kostinporest.com
mail.myairsecurity.info
mariaclara6.cn
mariaclara8.cn
pygejqi.cn
rurhami.cn
www.fastsecurety.cn
www.protectland.cn
IP Address: 64.86.16.102
pcsecure-shield.com
guardmyzone.com
lajikes.cn
maria7sara.cn
mariasara9.cn
my-saerchsecure.com
online-systemscanner.com
protectiontrust.net
IP Address: 64.86.16.122
ns1.antivirus09.net
ns1.bysearch.net
ns1.dotshield.info
ns1.fastantivirpro.com
ns1.foryousite.net
ns1.myglobalsecurity.info
ns1.mysafesearch.info
ns1.pcwork-fastcheck.net
ns1.protectedsky.info
ns1.prowebsecurity.com
ns1.search-gala.com
ns1.searchav.net
ns1.searchinweb.net
ns1.securitysun.info
ns1.sheltercloud.info
ns1.theshieldsite.info
ns1.viruscatcher.net
bysearch.net
dotshield.info
fastantivirpro.com
foryousite.net
myglobalsecurity.info
mysafesearch.info
pcwork-fastcheck.net
prowebsecurity.com
search-gala.com
searchav.net
searchinweb.net
theshieldsite.info
viruscatcher.net
IP Address: 64.86.16.123
scan-localzone.net
IP Address: 64.86.16.124
totalscansearch.net
wwwsecurityscan04.com
0 comments:
Post a Comment