My friend and co-admin at MalwareDomainList just alerted me to a site impersonating VirusTotal, for the purposes (surprise surprise) of infecting unwitting victims with both a fake AV and a trojan.
I've sent an e-mail to my friend Ross at Dot.tk, to have the .tk domain taken out, and will be getting in touch with the host and registrar, for the site it's pointing to, but in the meantime, you can read the details on this over at the MDL forums;
http://www.malwaredomainlist.com/forums/index.php?topic=4572.msg21343#msg21343
URLs/domains you'll want to add to your blacklist;
new-virustotal.tk
readman.pf-control.de/java/
readman.pf-control.de/java/signedapplet.jar
readman.pf-control.de/java/bot.exe
Details:
Hostname: readman.pf-control.de
IP: 188.40.236.16
PTR: pf-control.de
ASN: 24940 188.40.0.0/16 HETZNER-AS Hetzner Online AG RZ
Hostname: new-virustotal.tk
IP: 93.170.52.30, 93.170.52.20
PTR: No PTR available
ASN: 44557 93.170.52.0/24 DRAGONARA Dragonara Alliance Ltd
Update: 21:17 22-05-2011
I'm please to report, DomainFactory, the registrar for pf-control.de, have now suspended the domain.
Update: 15:01 23-05-2011
Better late than never, but dot.tk have now suspended new-virustotal.tk.
Posts
No comments:
Post a Comment