Blog for hpHosts, and whatever else I feel like writing about ....

Sunday, 20 October 2013

Alert: Lunacom Interactive Ltd and fake Java sites

Seems we've got another Israel based crapware company, this one is involved in the use of fake Chrome and Java sites, to push their files (all digitally signed FYI).

Offending IPs; - AS32181 ASN-GIGENET - GigeNET - AS46652 SERVERSTACK-ASN - ServerStack, Inc - - 16509 AMAZON-02 -, Inc. - AS46652 SERVERSTACK-ASN - ServerStack, Inc. - AS16509 AMAZON-02 -, Inc.

Sites identified thus far;

The MD5 for the file I got served is;


However, I am aware that the MD5s appear to be different for each access, so you're going to want to detect the files on their sig instead.


2 more IPs and 2 more hostnames added.

/Edit 2

Few more hostnames added.

1 comment:

devouringone3 said...

I downloaded and launched the Java7.exe file; thinking my Java was outdated again. It looked legit until I remembered how different the setup was and after declining the agreements of like 6 different toolbars and spyware. The setup ended congratulating me for having installed something called “jfilemanager7”, which so far I couldn't find any trace of on my Windows 7 PC.

Am I the first to get caught by Lunacom Interactive Ltd ?