Holger over at MDL has warned of a new impersonator, whose sole purpose is to infect the living daylights out of those that unwittingly mistype the MDL domain. The impersonator is;
Host: malwaredomainlists.com
IP: 78.47.91.153
Which takes you to a fake warning at;
malwaredomainlists.com/block.php
This leads to the payment page at;
challenges-cup.com/buy.php?id=
IP: 78.47.91.153
Which redirects to:
https://secure.onlineinternetpayments.com/billpav/?world&id=
IP: 78.46.216.233
The certificate for this one is provided by Thawte (seems these certification authorities aren't learning .......).
Also referenced:
Host: worldsoftwarestore.com
IP: 89.47.237.55 (previously at: 78.46.216.233)
References:
Attention !! Malwaredomainlist(s).com distributes Rogue AV
http://www.malwaredomainlist.com/forums/index.php?topic=3188.0
hpHosts - malwaredomainslist.com
http://hosts-file.net/?s=malwaredomainlists.com
Saturday 1 August 2009
Subscribe to:
Post Comments (Atom)
2 comments:
I tried to see is my AV bitdefender catches this type and from what i see the antiphishing does it s job good .yuppy
In any case thanks for the info i like to test my AV to see if it s up to date with the news threats.
Jonny be good like ;) tally ho
Always a pleasure ;o)
Post a Comment