TOKYO (MacHouse) – We’ve been reporting a relatively new fake anti-virus scan case for the past two days. Hacked websites all have a common signature shown as ‘?sitemap’ with spam HTML webpages. Accessing a spam webpage at any of the hacked websites is likely to redirect one to the website of antivirus-scanner.com and eventually force him/her to download a Windows-based file containing a computer virus known as Troj/Dwnldr-HDG.
Victims of this ‘?sitemap’ exploitation include the following websites
 Screenshot 01 – Source: euroaccess.nl |
 Screenshot 02 – Source: webhostchat.co.uk |
 Screenshot 03 – Source: mainswitch.com |
In the meantime, the fake anti-virus scan website of antivirus-scanner.com is possibly hosted by a Dutch web hosting company known as EuroAccess Enterprises Limited (euroaccess.nl). Interestingly, their main website itself doesn’t advertise web hosting plans. (See Screenshot 03.) But you can find some forum posts advertising their dedicated web server plans somewhere else. (See Screenshot 02.) Furthermore, EuroAccess Enterprises Limited also appears to run a website under the domain of mainswitch.com, offering virtual and dedicated web servers. (See Screenshot 03.)
We notified both EuroAccess Enterprises Limited and Mainswitch Hosting Solutions more than 12 hours ago of the fake anti-virus website possibly hosted under their system. But we have not heard from them.
Click on the button to watch a documentation video. 
Click on the button to watch more documentation videos.
References:
ANTIVIRUS-SCANNER.COM and Troj/Dwnldr-HDG
Warning: A New Hack Scheme Discovered Involving Anti-Virus Scan Website
That’s horrible! We should really be aware of any firewalls we will be using especially if we have important files on our site. Thanks for the info, at least now I’m aware of it.
[Partially edited by Administrator]