Blog for hpHosts, and whatever else I feel like writing about ....

Thursday 3 June 2010

Update 2: Malware, scams and RedStation (AS35662, 81.94.192.0/20)

Second update to this, and I'm pleased to announce, Redstation forced their customer to disable the sites completely (Redstation didn't want them on their network). A quick check has revealed those still resolving to the RedStation range, are now dead (sites resolve but fail to load), and those spewing malware, are now parked at parkwebwin-v03.prod.mesa1.secureserver.net (GoDaddy parking server).

hpObserver results:
http://temp.it-mate.co.uk/hpObserver_results_-_Redstation.html

I'm still monitoring them to see where they go next, and am also still on the lookout for new domains popping up.

A special thank you to Redstation for acting to promptly is deserved I think.

References:

WARNING: Malware, scams and RedStation (AS35662, 81.94.192.0/20)
http://hphosts.blogspot.com/2010/05/warning-malware-scams-and-redstation.html

Legitimate Software Typosquatted in SMS Micro-Payment Scam
http://ddanchev.blogspot.com/2009/07/legitimate-software-typosquatted-in-sms.html

No comments: