September has brought a slew of new FakeAv/Rogueware/Scareware distribution points. As Dancho Danchev chronicles the blackhat seo work of his biggest Ukrainian fan club (that is sarcasm, folks) leading to delivery of a particular FakeAv, the ThreatFire community is protected from FakeAv polymorphic downloaders from gangs and campaigns of all stripes. Behavioral protection handles the sort of AV-evading polymorphism implemented in this malicious stuff well. Just a few highly active ip/domain examples that we’ve seen this past week are listed here. It looks like the groups are trying to get smart, using new domain names like “intellectual-vir-scan01 .com”:

88.198.81. 153/download/antivirus-9446_2001-2.exe
advancedvirscanner3 .com
antivirus-scannerv17 .com
best-security-scanv8 .com
bestantivirusscanv8 .com
professionalspywarescanv8 .com
professionalvirusscanv3 .com
reliable-scanner06 .com
superb-virus-scan03 .com

83.133.126. 201/download/antivirus-DEA18_2033-7.exe
advancedvirscanner3 .com
antivirus-scannerv17 .com
antivirusquickscan2 .com
bestantispywarescanv4 .com
bestantivirusscanv8 .com
intellectual-vir-scan01 .com
intellectual-vir-scan03 .com
intellectual-vir-scan05 .com
professionalspywarescanv8 .com
professionalvirusscanv3 .com
protectedsecurityaudit .cn
reliable-scanner06 .com
reliable-scanner09 .com
superb-virus-scan03 .com

78.46.251 .43/download/antivirus-9DC048_2009-2053.exe
antimalwarescanner8 .com
antispyware-scanner2 .com
antispyware-scanner5 .com
antivirus-scanner6 .com
antivirusonlinescan6 .com
best-antivirus3 .com
best-antivirus8 .com
best-antivirus9 .com
live-virus-scanner5 .com
live-virus-scanner9 .com

91.212.107 .5/download/antivirus-8D5D21_2015-5.exe
advancedpcscanner3 .com
bestpersonalprotectionv7 .com
computer-antivirus-scanv9 .com
fastvirusscanv6 .com
govirusscanner .com
intellectual-vir-scan08 .com
intellectual-vir-scan09 .com
onlineantispywarescanv6 .com
onlinebestscannerv3 .com
onlinepersonalscanner .com
onlineproantivirusscan .com
onlineproantivirusscanner .com
personalfolderscanv2 .com
private-antivirus-scannerv2 .com
reliable-scanner01 .com
reliable-scanner05 .com
secure-antispyware-scanv3 .com
securityfolderprotection .com
spyware-scannerv2 .com
spywarescannerv4 .com

88.198.107 .25/download/antivirus-7C545A_2011-7.exe
antimalwarescanner8 .com
antispyware-scanner2 .com
antispyware-scanner5 .com
antivirus-scanner6 .com
antivirusonlinescan6 .com
best-antivirus3 .com
best-antivirus8 .com
best-antivirus9 .com
live-virus-scanner5 .com
live-virus-scanner9 .com
online-best-scanv3 .com
premium-antispy-scanv3 .com
premium-antispy-scanv7 .com
safeonlinescannerv4 .com
safeonlinescanv4 .com
secure-spyware-scannerv3 .com

78.46.201 .89/download/antivirus_19.exe
antivir-scan-my-pc .com
antivir-scan-online .com
antivirscanmycomputer .com
awardantivirusscan .com
best-virus-scanner4 .com
best-virus-scanner6 .com
bestvanillaresorts .cn
bewareofvirusattacks3 .com
clean-all-spyware03 .com
clean-all-spyware07 .com
hqvirusscanner5 .com
hqvirusscanner7 .com
hqvirusscanner8 .com
megaspywarescan2 .com
thebestviruscheck .com
totalspywarescan3 .com
totalspywarescan5 .com
tryantivirusscan .com
valueantivirusshop1 .com
warningmalwarealert .com
warningmalwarealert2 .com
warningvirusalert .com
worldbestonlinescanner .com
yourholidaytoday .cn

209.44.126 .52/download/antivirus-71B_2033-8.exe
advancedvirscanner3 .com
antimalwareonlinescanv4 .com
antivirus-scannerv17 .com
antivirusquickscan2 .com
best-security-scanv8 .com
bestantispywarescanv4 .com
bestantivirusscanv8 .com
professionalspywarescanv8 .com
professionalvirusscanv3 .com
virusonlinescanv3 .com

94.102.51 .26/download/antivirus-C8D1_2009-1506.exe
advancedpcscanner3 .com
bestpersonalprotectionv7 .com
computer-antivirus-scanv9 .com
fastvirusscanv6 .com
govirusscanner .com
intellectual-vir-scan08 .com
intellectual-vir-scan09 .com
onlinebestscannerv3 .com
onlinepersonalscanner .com
onlineproantivirusscan .com
onlineproantivirusscanner .com
reliable-scanner01 .com
reliable-scanner05 .com
secure-antispyware-scanv3 .com
securityfolderprotection .com
spyware-scannerv2 .com
spywarescannerv4 .com

193.169.12 .70/download/antivirus_70.exe
91.212.127 .200/download/antivirus-AD4D76_2006-69.exe
78.46.251 .43/download/antivirus-913_2004.exe
78.46.201 .89/download/antivirus_156.exe
209.44.126 .52/download/antivirus-9853D_2033-7.exe
78.46.251 .43/download/antivirus-75FF09D_2007.exe
88.198.107 .25/download/antivirus-A4238A0_2009-1.exe
209.44.126 .52/download/antivirus-815_2033-7.exe
94.102.51 .26/download/antivirus-5C76A_2006-69.exe
91.212.107 .5/download/antivirus-CE41_2007.exe
88.198.120 .177/download/antivirus-4A8D4_2030-4.exe
78.46.251 .43/download/antivirus-815_2015-5.exe
88.198.81 .153/download/antivirus-9DC048_2002-8.exe
83.133.126 .201/download/antivirus-9AB1B_2024-7.exe
94.102.51 .26/download/antivirus-E3DAD_2006-69.exe
78.46.201 .89/download/antivirus_88S1.exe

This entry was posted on Tuesday, September 8th, 2009 at 4:24 pm and is filed under FakeAlert, Rogueware, Scams and Monetization. You can follow any responses to this entry through the RSS 2.0 feed. You can skip to the end and leave a response. Pinging is currently not allowed.