Thursday, January 31, 2008

Some Malicious Domains

These are some of the Malicious domains regd to ESTDOMAINS.

These sites either prompts you to download fake media codec or rogue security application or directs you to another malicious website.

dabiwa.com
uterop.com
mbaperson.com
megrep.com
cezeke.com
dumaki.com
dumaki.com
homuka.com
lopste.com
rast4u.com
semrua.com
tuffik.com
trum4u.com
uramim.com
tehuli.com
sex-fa.com
batoho.com
wefki6.com
gnusmu.com
fumuni.com
xuxeka.com
hrumst.com
no-4um.com
wupiwy.com
sapasi.com
etitv.com
typguide.com
todostosell.com
besttyp.com
livregresto.com
gredato.com
wassin.com
forperson.com
meugresto.com
arcillato.com

Stay away from these sites.

Monday, January 28, 2008

Qazcodec.net

Another Fake Codec site Regd to ESTDOMAINS.

This program is a DNS Changer trojan. It pretends to be a browser add-on for viewing porn which is actually a Trojan Horse program.

Stay away from this website.


qazcodec.net


Domain Name: qazcodec.net
Status: ok
Registrar: ESTDOMAINS, INC.
Whois Server: whois.estdomains.com
Referral URL: http://www.estdomains.com

Expiration Date: 2008-09-21
Creation Date: 2007-09-21
Last Update Date: 2008-01-26

Name Servers:
ns1.qazcodec.net
ns2.qazcodec.net

IP Address: 64.28.184.174
IP Location: United States
Website Status: active
Server Type: Apache/2.0.59 (FreeBSD) PHP/5.2.1 with Suhosin-Patch
Cache Date: 2008-01-28 03:56:01 MST

Friday, January 25, 2008

Hqcodectime.net






Hqcodectime.net is Another Fake Codec Site regtd to ESTDOMAINS.
Following:

codecmpg.com 64.28.184.162
codecmeg.net 64.28.184.163
Codecultra.net 64.28.184.164
codecops.net 64.28.184.165
Codecpro.net 64.28.184.166
codecviva.com 64.28.184.167
Codeczang.net 64.28.184.168
codecplay.com 64.28.184.169
Codecbsplay.com 64.28.184.170
Vipcodecvip.com 64.28.184.171
Hqcodecvip.com 64.28.184.172

Do NOT download any installers from this website.Note that this program is a DNS Changer.

It pretends to be a browser add-on for viewing porn which is actually a Trojan Horse program.

Hqcodectime.net


Domain Name: hqcodectime.net
Status: ok
Registrar: ESTDOMAINS, INC.
Referral URL: http://www.estdomains.com

Expiration Date: 2008-09-21
Creation Date: 2007-09-21
Last Update Date: 2008-01-23

Name Servers:
ns1.hqcodectime.net
ns2.hqcodectime.net

IP Address: 64.28.184.173
IP Location: United States
Website Status: active
Server Type: Apache/2.0.59 (FreeBSD) PHP/5.2.1 with Suhosin-Patch
Cache Date: 2008-01-25 03:17:32 MST

STAY AWAY FROM THIS SITE!!!!!!!!

Tuesday, January 15, 2008

WinErrorFixer 2007







WinErrorFixer 2007 is described as potentially unwanted application by some of them, as shown in the VirusTotal Result.



VirusTotal Result: 7/32 (21.88%)

AVG -------> SHeur.KTO
eSafe -------> suspicious Trojan/Worm
FileAdvisor -------> Low threat detected
McAfee 5206 -------> potentially unwanted program Winfixer
Panda 9.0.0.4 -------> Application/WinErrorFixer
Prevx1 V2 -------> Suspicious File With Persistence
Webwasher-Gateway 6.0.1 -------> Worm.Win32.ModifiedUPX.gen!84 (suspicious)
----------------------------------------------------------------------------------------
File size: 54552 bytes
MD5: e89ee5276da753dc98571f39119f4265
SHA1: 92f9111440e85e68bc880bd03f8cb0dcf89531c5
PEiD: UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
packers: UPX
Bit9 info: http://fileadvisor.bit9.com/services/extinfo.aspx?md5=e89ee5276da753dc98571f39119f4265
packers: UPX
packers: PE_Patch.UPX, UPX
Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=123001F018A318BFD5D60079156D15002616DA17


Screenshots:






Additional information :

Domain Name: winerrorfixer.com
Status: clientDeleteProhibited, clientRenewProhibited, clientTransferProhibited, clientUpdateProhibited

Registrar: GODADDY.COM, INC.
Whois Server: whois.godaddy.com
Referral URL: http://registrar.godaddy.com
Expiration Date: 2008-12-07
Creation Date: 2005-12-07
Last Update Date: 2007-10-29

Name Servers:
ns29.domaincontrol.com
ns30.domaincontrol.com

IP Address: 64.46.38.133
IP Location: Canada
Website Status: active
Server Type: Apache/2.0.58 (Unix) mod_ssl/2.0.58 OpenSSL/0.9.7f PHP/4.4.7
Alexa Trend/Rank: 1 Month: 44,539 3 Month: 49,706
Page Views per Visit: 1 Month: 1.7 3 Month: 1.8
Cache Date: 2008-01-15 03:22:48 MST
Compare Archived Data: 2007-09-15

Monday, January 7, 2008

CodecViva.com

Another Fake Codec Site regtd to ESTDOMAINS.

Do NOT download any installers from this website.

Note that this program is a DNS Changer.It pretends to be a browser add-on for viewing porn which is actually a Trojan Horse program.

CodecViva.com


Domain Name: codecviva.com
Status: ok
Registrar: ESTDOMAINS, INC.
Whois Server: whois.estdomains.com
Referral URL: http://www.estdomains.com
Expiration Date: 2008-09-21
Creation Date: 2007-09-21
Last Update Date: 2008-01-05

Name Servers:
ns1.codecviva.com
ns2.codecviva.com

IP Address: 64.28.184.167
Website Status: active
Server Type: Apache/2.0.59 (FreeBSD) PHP/5.2.1 with Suhosin-Patch
Cache Date: 2008-01-07 05:41:20 MST

Saturday, January 5, 2008

InfeStop


InfeStop is a Rogue application from ESTDOMAINS.

It displays fake report to the users, wanting them to purchase the full version to remove the malicious content.

VirusTotla result is very poor, make sure that you do not download the application.

InfeStop.com

InfeStop

Warning

VirusTotal results: 2/32 (6.25%)
NOD32v2----------> error - password-protected file
Microsoft----------> Program:Win32/Easyspywarecleaner

Domain Name:
infestop.com
Status: clientTransferProhibited
Registrar: ESTDOMAINS, INC.
Whois Server: whois.estdomains.com
Referral URL: http://www.estdomains.com

Expiration Date: 2008-11-19
Creation Date: 2007-11-19
Last Update Date: 2007-11-19

Name Servers:
ns1.infestop.com
ns2.infestop.com

IP Address:
216.240.138.201
Website Status: active
Server Type: Apache
Cache Date: 2008-01-05 08:42:15 MST

Spy-Rid



 Spy-Rid is a Rogue application from ESTDOMAINS.

It displays fake report to the users, wanting them to purchase the full version to remove the malicious content.

VirusTotla result is very poor, make sure that you do not download the application

Spy-Rid.com

Spy-Rid

Warning

VirusTotal results: 2/32 (6.25%)

NOD32v2----------> error - password-protected file
Sunbelt----------> Spy-Rid

Domain Name: spy-rid.com
Status: clientTransferProhibited
Registrar: ESTDOMAINS, INC.
Whois Server: whois.estdomains.com
Referral URL: http://www.estdomains.com

Expiration Date: 2008-11-19
Creation Date: 2007-11-19
Last Update Date: 2007-11-19

Name Servers:
ns1.spy-rid.com
ns2.spy-rid.com

IP Address: 216.240.138.201
Website Status: active
Server Type: Apache
Cache Date: 2008-01-05 08:30:48 MST

EasySpywareCleaner



EasySpywareCleaner is a Rogue application from ESTDOMAINS.

It displays fake report to the users, wanting them to purchase the full version to remove the malicious content.

VirusTotla result is very poor, make sure that you do not download the application.


EasySpywareCleaner.com


EasySpywareCleaner

Warning


VirusTotal results: 2/32 (6.25%)


Microsoft ----------> Program:Win32/Easyspywarecleaner
NOD32v2 ----------> error - password-protected file

Domain Name: easyspywarecleaner.com
Status: clientTransferProhibited
Registrar: ESTDOMAINS, INC.
Whois Server: whois.estdomains.com
Referral URL: http://www.estdomains.com

Expiration Date: 2008-11-19
Creation Date: 2007-11-19
Last Update Date: 2007-11-19

Name Servers:
ns1.easyspywarecleaner.com
ns2.easyspywarecleaner.com

IP Address: 216.240.138.201
Website Status: active
Server Type: Apache
Alexa Trend/Rank: 1 Month: 831,443
Page Views per Visit: 1 Month: 1.4
Cache Date: 2008-01-05 07:34:30 MST

Friday, January 4, 2008

codecpro.net

codecpro.net is the latest Fake Codec Site from ESTDOMAINS followin

Codecops.net
Codecultra.net
Codecmeg.net
Codecmpg.com
Codecdvi.com

Do NOT download any installers from this website. Note that this program is a DNS Changer.It pretends to be a browser add-on for viewing porn which is actually a Trojan Horse program.


codecpro.net


Domain Name: codecpro.net
Status: ok
Registrar: ESTDOMAINS, INC.
Whois Server: whois.estdomains.com
Referral URL: http://www.estdomains.com

Expiration Date: 2008-09-21
Creation Date: 2007-09-21
Last Update Date: 2008-01-02

Name Servers:
ns1.codecpro.net
ns2.codecpro.net

IP Address: 64.28.184.166
Website Status: active
Server Type: Apache/2.0.59 (FreeBSD) PHP/5.2.1 with Suhosin-Patch
Cache Date: 2008-01-04 03:30:22 MST
Compare Archived Data: 2007-12-13