Beware of WWW.1URL.IN: Systematic Redirection to Malicious Websites (3)

Posted on June 18, 2008 by Administrator

anti spam






TOKYO (MacHouse) – An organized cyber scum group has circulated another comment to advertise spam links created at 1 URL (http://www.1url.in). (See Screenshot 01.) A new set of spam links created at 1 URL includes numbers starting from 27383 through 27433 with a total of 50 links. If you access any of the shorten links, you can be redirected to a fake PornTube website, a fake free adult movie website or a fake anti-virus scan website.





1url.in free url redirection
Screenshot 01 – Source: MacHouse		   1url.in free url redirection
Screenshot 02 – Source: 2008-adult-2008.com		   1url.in free url redirection
Screenshot 03 – Source: 2008-adult-2008.com






One of the redirection destination is a fake free adult movie website at the domain of 2008-adult-2008.com. (See Screenshot 02.) If you access this domain, you will be forced to download a file titled “MediaTubeCodec_ver1.213.0.exe” in a matter of a few seconds. (See Screenshot 03.) It presumably contains a computer virus.

Another redirection destination is a notorious fake PornTube website hosted at the domain of tubescollection.com. (See Screenshot 04.) Upon arrival, you will be forced to download a file titled ’1023.dmg,’ which contains a Trojan horse derivative. Synmantec, the developer of Norton AntiVirus, calls this computer virus OSX.RSPlug.A. This fake PornTube website is visually disturbing because what’s partially shown in Screenshot 04 is an apparently underaged girl being fully naked.





1url.in free url redirection
Screenshot 04 – Source: www.tubescollection.com
Graphics digitally re-rendered		   1url.in free url redirection
Screenshot 05 – Source: virus-scanonline.com		  






Another confirmed destination is a fake anti-virus scan website hosted at the domain of virus-scanonline.com. (See Screenshot 05.) The domain is different from antivirus-scanonline.com. But it’s hosted at a German web hosting company called Hetzner Online AG, which also hosts the fake anti-virus scan website at the domain of antivirus-scanonline.com.






References:

Beware of WWW.1URL.IN: Systematic Redirection to Malicious Websites (2)
Beware of WWW.1URL.IN: Systematic Redirection to Malicious Websites (1)
10 More Scam Websites with Chinese Domains, Leading Internet Users to Fake PornTube with Trojan Horse
10 More Websites with Chinese Domains Designed to Infect Mac Users with a Trojan Horse Virus
Fake PornTube Websites with 10 Chinese Domains Distributing Mac-Targeting Computer Virus
Fake PornTube Website With Computer Virus Targeting Mac Users
Warning: Fake PornTube Websites Found

This entry was posted in Internet security and tagged , , . Bookmark the permalink.

Leave a Reply

Your email address will not be published.

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Comment spam protected by SpamBam

Notify me of followup comments via e-mail. You can also subscribe without commenting.