Tuesday, January 20, 2009

Antivirus 2010



Antivirus 2010

Antivirus 2010 is a Rogue application, donot download or install it on your system
These are the few sites that distribut Antivirus 2010:

Best-antivirus-2010-download.info
Best-antivirus-2010.info
Download-antivirus2010.info

Following are the screenshots related to the Rogue application:

Antivirus 2010






Friday, August 22, 2008

AntiSpywareDeluxe and AntiSpyDeluxe

AntiSpywareDeluxe and AntiSpyDeluxe

Domain Name: Antispywaredeluxe.com
Status: ok
Registrar: ESTDOMAINS, INC.
Whois Server: whois.estdomains.com
Referral URL: http://www.estdomains.com/
Expiration Date: 2009-02-03
Creation Date: 2008-02-03
Last Update Date: 2008-04-04
Name Servers:
ns.antispywaredeluxe.com
ns1.us.editdns.net
ns2.us.editdns.net
ns3.us.editdns.net
Extended Info IP Address: 67.205.75.9
Website Status: active
Server Type: lighttpd/1.4.18
Alexa Trend/Rank: 1 Month: 2,303,620 3 Month: 1,579,144
Page Views per Visit: 1 Month: 1 3 Month: 1.1
Cache Date: 2008-08-22 09:18:10 MST
Compare Archived Data: 2008-03-24
------------------------------------------------------------


Domain Name: Antispydeluxe.com
Status: clientTransferProhibited
Registrar: ESTDOMAINS, INC.
Whois Server: whois.estdomains.com
Referral URL: http://www.estdomains.com/
Expiration Date: 2009-08-18
Creation Date: 2008-08-18
Last Update Date: 2008-08-18
Name Servers: ns1.antispysoftware08.com ns2.antispysoftware08.com
Extended Info IP Address: 200.63.42.145
Website Status: active
Server Type: Apache/1.3.41 (Unix) PHP/5.2.6 mod_ssl/2.8.31 OpenSSL/0.9.8b mod_perl/1.29 FrontPage/5.0.2.2510
Cache Date: 2008-08-22 09:22:24 MST
Compare Archived Data: 2008-08-19


AntiSpywareDeluxe




AntiSpyDeluxe

Friday, July 25, 2008

More new Fake Codec sites

Some more new Fake codec sites distributing DNS changer Trojans.

avicodec.net
best-codec.com
cleancodec.net
demo-codec.net
democodec.net
end-codec.net
endcodec.net
hq-codec.net

Note that the the Registrars of the above sites is ESTDOMAINS.

Donot download or install any file from these sites.

Friday, July 18, 2008

New Fake codec sites

New set of fake codec sites producing DNS changer Trojans.

Note that the Registrar of all these sites is ESTDOMAINS.

Stay away from them.

abc-codec.com
brakecodec.net
city-codec.com
citycodec.net
clean-codec.net
demo-codec.com
end-codec.com
firecodec.net
game-codec.com
giga-codec.com
hero-codec.com
hope-codec.com
hq-codec.com
ix-codec.com
jetcodec.net
megazcodec.com
nitrocodec.net
operacodec.com
qaz-codec.net
red-codec.net
spacecodec.net
storm-codec.com
uin-codec.net
ultracodec.net
viva-codec.com
white-codec.com
wotcodec.com
xero-codec.com
xvid-codec.org
zerocodec.net

Wednesday, July 2, 2008

AntiSpyware-2008






AntiSpyware-2008 is a Rogue application

Following websites distribute AntiSpyware-2008:

antispyware-2008-download.com
antispyware-2008-download.net
antispyware-2008-download.info
antivirus2008pro-download.com
antivirus2008pro-download.net
antivirus2008pro-download.info
antispyware2008-download.com
antispyware2008-download.net
antispyware2008-download.info
antivirus2008-pro.com
antivirus2008-pro.net
antivirus2008-pro.info
anti-spy-ware-2008.com
antispyware2008y.com
antispyware-2008.info


Screenshots:

Installation



It usually drops the following files n folders:


Fake scanner page:


Tuesday, July 1, 2008

TotalAntivirus





Totalantivirus is a new rogue application

Totalantivirusonline.com

TotalAntivirus




Domain Name: Totalantivirusonline.com
Status: ok
Registrar: DIRECTI INTERNET SOLUTIONS PVT. LTD. D/B/A PUBLICDOMAINREGISTRY.COM
Whois Server: whois.publicdomainregistry.com
Referral URL: http://www.publicdomainregistry.com
Expiration Date: 2009-03-31
Creation Date: 2008-03-31
Last Update Date: 2008-05-31
Name Servers:
ns1.mynick.name
ns2.mynick.name
ns3.mynick.name
ns4.mynick.name

IP Address: 72.233.81.107
IP Location: United States
Website Status: active
Server Type: Apache
Cache Date: 2008-07-01 07:05:50 MST

Friday, April 25, 2008

videopluginax.com , Porntubeguide.com

Fake coedc sites:

Videopluginax.com
Porntubeguide.com

IP Address: 72.36.167.202

You will be prompted to download a codec to view the porn site, which inturn installs a Trojan on your system.

Porntubeguide.com redirects you to Videopluginax.com for the downloads.

Stay away from this site.

This is how the desktop will look after the infection:



You would also be redirected to SystemErrorFixer.com n display the following:


Clicking on the image in the center installs SystemErrorFixer, which is a Rogue application.

Thursday, March 6, 2008

Real AntiVirus






Real AntiVirus is a Rogue application and the Registrar of real-av.com is ESTDOMAINS

Stay away from this website.

Real AntiVirus

real-av.com


Domain Name: real-av.com
Status: clientTransferProhibited
Registrar: ESTDOMAINS, INC.
Whois Server: whois.estdomains.com
Referral URL: http://www.estdomains.com
Expiration Date: 2009-02-25
Creation Date: 2008-02-25
Last Update Date: 2008-02-25
Name Servers:
qw.cool-cool-websearch.com
wq.cool-cool-websearch.com

IP Address: 66.246.229.81
IP Location: United States
Website Status: active
Server Type: Apache/1.3.41 (Unix) mod_ssl/2.8.31 OpenSSL/0.9.8b PHP/4.4.8 mod_perl/1.29 FrontPage/5.0.2.2510
Cache Date: 2008-03-06 05:06:20 MST

Monday, March 3, 2008

AntiSpyStorm2008






AntiSpyStorm2008 is a rogue application and the Registrar of AntiSpyStorm2008.com is ESTDOMAINS.

The rogue application @ Antispystorm2008.com Is same as the rogue application @ Antispystorm.com

But the verion is Different(for now). Check the screenshot below:

Antispystorm2008.com - 1.01.0044
Antispystorm.com - 1.01.0031

AntiSpyStorm2008

AntiSpyStorm @ AntiSpyStorm2008.com


AntiSpyStorm @ AntiSpyStorm.com


AntiSpyStorm2008.com

Domain Name: antispystorm2008.com
Status: clientTransferProhibited
Registrar: ESTDOMAINS, INC.
Whois Server: whois.estdomains.com
Referral URL: http://www.estdomains.com

Expiration Date: 2009-02-07
Creation Date: 2008-02-07
Last Update Date: 2008-02-07

Name Servers:
ns1.3fn.net
ns2.3fn.net

IP Address: 216.195.54.111
IP Location: United States
Website Status: active
Server Type: Apache/2.2.4 (Unix) PHP/4.4.4 mod_ssl/2.2.4 OpenSSL/0.9.7e-p1
Cache Date: 2008-03-03 10:10:35 MST

SpyMaxX






SpyMaxX is a Rogue application and the Registrar of spymaxx.com is ESTDOMAINS.

Stay away from this website.


SpyMaxX


SpyMaxX.com


Domain Name: spymaxx.com
Status: clientTransferProhibited
Registrar: ESTDOMAINS, INC.
Whois Server: whois.estdomains.com
Referral URL: http://www.estdomains.com
Expiration Date: 2009-02-04
Creation Date: 2008-02-04
Last Update Date: 2008-02-04
Name Servers:
ns1.3fn.net
ns2.3fn.net

IP Address: 216.195.54.110
IP Location: United States
Website Status: active
Server Type: Apache/2.2.4 (Unix) PHP/4.4.4 mod_ssl/2.2.4 OpenSSL/0.9.7e-p1
Cache Date: 2008-03-03 09:30:22 MST

TheLastDefender










TheLastDefender is a Rogue application and the Registrar of TheLastDefender.com is ESTDOMAINS.

Stay away from this website.


TheLastDefender


TheLastDefender.com

Domain Name: thelastdefender.com
Status: ok
Registrar: ESTDOMAINS, INC.
Whois Server: whois.estdomains.com
Referral URL: http://www.estdomains.com

Expiration Date: 2008-12-28
Creation Date: 2007-12-28
Last Update Date: 2008-02-26
Name Servers:
ns1.thelastdefender.com
ns2.thelastdefender.com


IP Address: 78.31.211.57
Website Status: active
Server Type: Apache/2.2.6 (FreeBSD)
Alexa Trend/Rank: 1 Month: 2,207,208
Page Views per Visit: 1 Month: 3.2
Cache Date: 2008-03-03 04:00:26 MST

Friday, February 29, 2008

Mpgapplication.com


Mpgapplication.com Distributes Zlob Trojan

Make sure that you don’t install any application from this website.


Domain Name: mpgapplication.com
Status: clientTransferProhibited
Registrar: ESTDOMAINS, INC.
Whois Server: whois.estdomains.com
Referral URL: http://www.estdomains.com

Expiration Date: 2009-02-27
Creation Date: 2008-02-27
Last Update Date: 2008-02-27

Name Servers:
ns1.mpgapplication.com
ns2.mpgapplication.com

Extended Info IP Address: 85.255.118.180
IP Location: Ukraine
Website Status: active
Server Type: Apache/2.2.2 (Fedora)
Cache Date: 2008-02-28 04:43:39 MST

Wmvsolution.com

Wmvsolution.com Distributes Zlob Trojan

Make sure that you don’t install any application from this website.

Domain Name: wmvsolution.com
Status: clientTransferProhibited
Registrar: ESTDOMAINS, INC.
Whois Server: whois.estdomains.com
Referral URL: http://www.estdomains.com

Expiration Date: 2009-02-27
Creation Date: 2008-02-27
Last Update Date: 2008-02-27

Name Servers:
ns1.wmvsolution.com
ns2.wmvsolution.com

Extended Info IP Address: 85.255.120.109
IP Location: Ukraine
Website Status: active
Server Type: Apache/2.2.2 (Fedora)
Cache Date: 2008-02-28 07:48:27 MST

TheSpyBot






TheSpyBot is a Rogue application and TheSpyBot.com is regdt to ESTDOMAINS

Make sure that you don’t install any application from this website.

TheSpyBot

thespybot.com

Domain Name: thespybot.com
Status: clientTransferProhibited
Registrar: ESTDOMAINS, INC.
Whois Server: whois.estdomains.com
Referral URL: http://www.estdomains.com

Expiration Date: 2009-02-12
Creation Date: 2008-02-12
Last Update Date: 2008-02-13

Name Servers:
ns1.thespybot.com
ns2.thespybot.com

Extended Info IP Address: 78.108.183.32
Website Status: active
Server Type: nginx/0.5.33
Cache Date: 2008-02-28 10:47:53 MST

SpyWatchE






SpyWatchE is a Rogue application and spywatche.com is regdt to ESTDOMAINS

Make sure that you don’t install any application from this website.


SpyWatchE

SpyWatchE.com

Domain Name: spywatche.com
Status: clientTransferProhibited
Registrar: ESTDOMAINS, INC.
Whois Server: whois.estdomains.com
Referral URL: http://www.estdomains.com
Expiration Date: 2009-02-12
Creation Date: 2008-02-12
Last Update Date: 2008-02-13
Name Servers:
ns1.spywatche.com
ns2.spywatche.com

IP Address: 78.108.183.33
Website Status: active
Server Type: nginx/0.5.33
Cache Date: 2008-02-28 10:44:59 MST

Thursday, February 7, 2008

spacecodec.com

Another Fake codec site regd to ESTDOMAINS.

This program is a DNS Changer trojan. It pretends to be a browser add-on for viewing porn which is actually a Trojan Horse program.

Stay away from this website.

spacecodec.com


Domain Name: spacecodec.com
Status: ok
Registrar: ESTDOMAINS, INC.
Whois Server: whois.estdomains.com
Referral URL: http://www.estdomains.com

Expiration Date: 2008-09-21
Creation Date: 2007-09-21
Last Update Date: 2008-02-05

Name Servers:
ns1.spacecodec.com
ns2.spacecodec.com
IP Address: 64.28.184.177
IP Location: United States
Website Status: active
Server Type: Apache/2.0.59 (FreeBSD) PHP/5.2.1 with Suhosin-Patch
Cache Date: 2008-02-07 04:32:09 MST

Monday, February 4, 2008

Lightcodec.com

What a PITY, This website is active once again producing the DNS changer trojan after more than a year.

It seams that the snake has taken a big o turn to bite its own tail, but the game is not yet over!!!!!

Stay away from this website.

lightcodec.com

Domain Name: lightcodec.com
Status: ok
Registrar: ESTDOMAINS, INC.
Whois Server: whois.estdomains.com
Referral URL: http://www.estdomains.com

Expiration Date: 2008-09-21
Creation Date: 2007-09-21
Last Update Date: 2008-02-02

Name Servers:
ns1.lightcodec.com
ns2.lightcodec.com

IP Address: 64.28.184.176
IP Location: United States
Website Status: active
Server Type: Apache/2.0.59 (FreeBSD) PHP/5.2.1 with Suhosin-Patch
Cache Date: 2008-02-04 04:38:47 MST

Friday, February 1, 2008

Firecodec.com

Another Fake Codec site Regd to ESTDOMAINS.

This program is a DNS Changer trojan. It pretends to be a browser add-on for viewing porn which is actually a Trojan Horse program.

Stay away from this website.

Firecodec.com


Domain Name: firecodec.com
Status: ok
Registrar: ESTDOMAINS, INC.
Whois Server: whois.estdomains.com
Referral URL: http://www.estdomains.com

Expiration Date: 2008-09-21
Creation Date: 2007-09-21
Last Update Date: 2008-01-29

Name Servers:
ns1.firecodec.com
ns2.firecodec.com

IP Address: 64.28.184.175
IP Location: United States
Website Status: active
Server Type: Apache/2.0.59 (FreeBSD) PHP/5.2.1 with Suhosin-Patch
Cache Date: 2008-02-01 03:10:18 MST

Thursday, January 31, 2008

Some Malicious Domains

These are some of the Malicious domains regd to ESTDOMAINS.

These sites either prompts you to download fake media codec or rogue security application or directs you to another malicious website.

dabiwa.com
uterop.com
mbaperson.com
megrep.com
cezeke.com
dumaki.com
dumaki.com
homuka.com
lopste.com
rast4u.com
semrua.com
tuffik.com
trum4u.com
uramim.com
tehuli.com
sex-fa.com
batoho.com
wefki6.com
gnusmu.com
fumuni.com
xuxeka.com
hrumst.com
no-4um.com
wupiwy.com
sapasi.com
etitv.com
typguide.com
todostosell.com
besttyp.com
livregresto.com
gredato.com
wassin.com
forperson.com
meugresto.com
arcillato.com

Stay away from these sites.

Monday, January 28, 2008

Qazcodec.net

Another Fake Codec site Regd to ESTDOMAINS.

This program is a DNS Changer trojan. It pretends to be a browser add-on for viewing porn which is actually a Trojan Horse program.

Stay away from this website.


qazcodec.net


Domain Name: qazcodec.net
Status: ok
Registrar: ESTDOMAINS, INC.
Whois Server: whois.estdomains.com
Referral URL: http://www.estdomains.com

Expiration Date: 2008-09-21
Creation Date: 2007-09-21
Last Update Date: 2008-01-26

Name Servers:
ns1.qazcodec.net
ns2.qazcodec.net

IP Address: 64.28.184.174
IP Location: United States
Website Status: active
Server Type: Apache/2.0.59 (FreeBSD) PHP/5.2.1 with Suhosin-Patch
Cache Date: 2008-01-28 03:56:01 MST

Friday, January 25, 2008

Hqcodectime.net






Hqcodectime.net is Another Fake Codec Site regtd to ESTDOMAINS.
Following:

codecmpg.com 64.28.184.162
codecmeg.net 64.28.184.163
Codecultra.net 64.28.184.164
codecops.net 64.28.184.165
Codecpro.net 64.28.184.166
codecviva.com 64.28.184.167
Codeczang.net 64.28.184.168
codecplay.com 64.28.184.169
Codecbsplay.com 64.28.184.170
Vipcodecvip.com 64.28.184.171
Hqcodecvip.com 64.28.184.172

Do NOT download any installers from this website.Note that this program is a DNS Changer.

It pretends to be a browser add-on for viewing porn which is actually a Trojan Horse program.

Hqcodectime.net


Domain Name: hqcodectime.net
Status: ok
Registrar: ESTDOMAINS, INC.
Referral URL: http://www.estdomains.com

Expiration Date: 2008-09-21
Creation Date: 2007-09-21
Last Update Date: 2008-01-23

Name Servers:
ns1.hqcodectime.net
ns2.hqcodectime.net

IP Address: 64.28.184.173
IP Location: United States
Website Status: active
Server Type: Apache/2.0.59 (FreeBSD) PHP/5.2.1 with Suhosin-Patch
Cache Date: 2008-01-25 03:17:32 MST

STAY AWAY FROM THIS SITE!!!!!!!!