Blog for hpHosts, and whatever else I feel like writing about ....

Sunday, 22 May 2011

WARNING: Fake VirusTotal site serving trojan and fake AV

My friend and co-admin at MalwareDomainList just alerted me to a site impersonating VirusTotal, for the purposes (surprise surprise) of infecting unwitting victims with both a fake AV and a trojan.

I've sent an e-mail to my friend Ross at, to have the .tk domain taken out, and will be getting in touch with the host and registrar, for the site it's pointing to, but in the meantime, you can read the details on this over at the MDL forums;

URLs/domains you'll want to add to your blacklist;


ASN: 24940 HETZNER-AS Hetzner Online AG RZ

PTR: No PTR available
ASN: 44557 DRAGONARA Dragonara Alliance Ltd

Update: 21:17 22-05-2011

I'm please to report, DomainFactory, the registrar for, have now suspended the domain.

Update: 15:01 23-05-2011

Better late than never, but have now suspended

No comments: