Blog for hpHosts, and whatever else I feel like writing about ....

Thursday, 28 April 2011

Tucows + Fake AV + new (but old) /24

It was bound the happen, after having their IPs killed a few days ago, and I'm actually surprised it took them this long, but alas as of the 28th, there's yet more malicious fake AV domains via Tucows (wonder if Tucows are actually going to put a stop to this?).

freecardscannerprotection.com
freecheapscannerprotection.com
freecodescannerprotection.com
freecolorscannerprotection.com
freecompactscannerprotection.com
freedesktopscannerprotection.com
freediagnosticscannerprotection.com
freedigitalscannerprotection.com
freedocumentscannerprotection.com
freeimagescannerprotection.com
freememoryscannerprotection.com
freemobilescannerprotection.com
freenegativescannerprotection.com
freephotoscannerprotection.com
freeportablescannerprotection.com
freeportscannerprotection.com
freeprinterscannerprotection.com
freescannerprotection.com
freescannerprotectiondogs.com
freescannerprotectionexperts.com
protectionfreescanner.com


Some of these are living on 91.213.29.0/24, owned by AS51786 HAKVA LLC 2H Akva Group. Not surprisingly, this AS has a history of serving up maliciousness in the form of everything from fake AVs to trojans to exploits, and a bit of everything else inbetween.

Others are living at 174.37.190.85, which is owned by SoftLayer (yet another AS with a history of housing malicious content).

I've added the domains to hpHosts and MDL, and Malwarebytes' AntiMalware users will be pleased to know, the IPs being used, are already blocked by the IP Protection facility :o)

No comments: