Blog for hpHosts, and whatever else I feel like writing about ....

Saturday, 1 August 2009

WARNING: Malware Domain List has a new impersonator

Holger over at MDL has warned of a new impersonator, whose sole purpose is to infect the living daylights out of those that unwittingly mistype the MDL domain. The impersonator is;

Host: malwaredomainlists.com
IP: 78.47.91.153

Which takes you to a fake warning at;

malwaredomainlists.com/block.php


This leads to the payment page at;

challenges-cup.com/buy.php?id=
IP: 78.47.91.153

Which redirects to:

https://secure.onlineinternetpayments.com/billpav/?world&id=
IP: 78.46.216.233

The certificate for this one is provided by Thawte (seems these certification authorities aren't learning .......).



Also referenced:

Host: worldsoftwarestore.com
IP: 89.47.237.55 (previously at: 78.46.216.233)

References:

Attention !! Malwaredomainlist(s).com distributes Rogue AV
http://www.malwaredomainlist.com/forums/index.php?topic=3188.0

hpHosts - malwaredomainslist.com
http://hosts-file.net/?s=malwaredomainlists.com

2 comments:

lighthousetech said...

I tried to see is my AV bitdefender catches this type and from what i see the antiphishing does it s job good .yuppy
In any case thanks for the info i like to test my AV to see if it s up to date with the news threats.

Jonny be good like ;) tally ho

MysteryFCM said...

Always a pleasure ;o)