hpHosts Blog: Fake registry cleaner using same tactics as fake antimalware

Wednesday, 30 September 2009

Fake registry cleaner using same tactics as fake antimalware

I was sent this one a few moments ago, and was expecting it to be a fake AV (ala Total Protection etc), but no, to my surprise, it was infact, for Registry Repair 2008 (a bogus registry cleaner).

The site in question is securonline.net (IP: 72.44.94.153 - ns2.2amnetwork.com, AS32748)

Which then displays:

Following through, we're taken to:

cart.secureorderstore.com/secureorder/securorder.php
IP: 66.98.218.29 (mail3.smscentar.com, AS21844)

However, contrary to the address bar, the site loads the following via iFrame;

usd.swreg.org/cgi-bin/s.cgi?s=43835&p=43835-regrep&v=0&d=0&q=1&c=USD&bb=1

The certificate issued to secureorderstore.com is courtesy of GoDaddy:

1 comment:

Anonymous said...: Concerning securonline.net the IP has switched from 72.44.94.153 to 127.0.0.1 (localhost) in DNS.

Also for reference there is a similar topic discussed on the WOT Forum; 10 October 2009 at 15:08

Wednesday, 30 September 2009

Fake registry cleaner using same tactics as fake antimalware

1 comment:

Archives

Useful Links

Other projects I'm involved with

Blogs I love to read!

Wednesday, 30 September 2009

Fake registry cleaner using same tactics as fake antimalware

1 comment:

Subscribe To

Archives

Useful Links

Other projects I'm involved with

Blogs I love to read!