Second update to this, and I'm pleased to announce, Redstation forced their customer to disable the sites completely (Redstation didn't want them on their network). A quick check has revealed those still resolving to the RedStation range, are now dead (sites resolve but fail to load), and those spewing malware, are now parked at parkwebwin-v03.prod.mesa1.secureserver.net (GoDaddy parking server).
hpObserver results:
http://temp.it-mate.co.uk/hpObserver_results_-_Redstation.html
I'm still monitoring them to see where they go next, and am also still on the lookout for new domains popping up.
A special thank you to Redstation for acting to promptly is deserved I think.
References:
WARNING: Malware, scams and RedStation (AS35662, 81.94.192.0/20)
http://hphosts.blogspot.com/2010/05/warning-malware-scams-and-redstation.html
Legitimate Software Typosquatted in SMS Micro-Payment Scam
http://ddanchev.blogspot.com/2009/07/legitimate-software-typosquatted-in-sms.html
Thursday, 3 June 2010
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment