Sunday, 22 May 2011
My friend and co-admin at MalwareDomainList just alerted me to a site impersonating VirusTotal, for the purposes (surprise surprise) of infecting unwitting victims with both a fake AV and a trojan.
I've sent an e-mail to my friend Ross at Dot.tk, to have the .tk domain taken out, and will be getting in touch with the host and registrar, for the site it's pointing to, but in the meantime, you can read the details on this over at the MDL forums;
URLs/domains you'll want to add to your blacklist;
ASN: 24940 188.8.131.52/16 HETZNER-AS Hetzner Online AG RZ
IP: 184.108.40.206, 220.127.116.11
PTR: No PTR available
ASN: 44557 18.104.22.168/24 DRAGONARA Dragonara Alliance Ltd
Update: 21:17 22-05-2011
I'm please to report, DomainFactory, the registrar for pf-control.de, have now suspended the domain.
Update: 15:01 23-05-2011
Better late than never, but dot.tk have now suspended new-virustotal.tk.
Posted by MysteryFCM at 10:07