Sitemap Hack, ANTIVIRUS-SCANNER.COM Invading At Least 10 Websites Including Arizona State University’s Site

anti spam






TOKYO (MacHouse) – We’ve been reporting a relatively new fake anti-virus scan case for the past two days. Hacked websites all have a common signature shown as ‘?sitemap’ with spam HTML webpages. Accessing a spam webpage at any of the hacked websites is likely to redirect one to the website of antivirus-scanner.com and eventually force him/her to download a Windows-based file containing a computer virus known as Troj/Dwnldr-HDG.

Victims of this ‘?sitemap’ exploitation include the following websites





  • wmco.org
  • camera-obscura.net
  • meccsa.org.uk
  • actu-pc.net
  • www.o2deals.co.uk
  • sceed.asu.edu
  • beacon.edu
  • institute.beacon.edu
  • cyberbb.com
  • gargoyle.flagler.edu




  • antivirus-scanner.com AtnvrsInstall.exe EuroAccess Enterprises
    Screenshot 01 – Source: euroaccess.nl
      antivirus-scanner.com AtnvrsInstall.exe EuroAccess Enterprises
    Screenshot 02 – Source: webhostchat.co.uk
      antivirus-scanner.com AtnvrsInstall.exe EuroAccess Enterprises
    Screenshot 03 – Source: mainswitch.com






    In the meantime, the fake anti-virus scan website of antivirus-scanner.com is possibly hosted by a Dutch web hosting company known as EuroAccess Enterprises Limited (euroaccess.nl). Interestingly, their main website itself doesn’t advertise web hosting plans. (See Screenshot 03.) But you can find some forum posts advertising their dedicated web server plans somewhere else. (See Screenshot 02.) Furthermore, EuroAccess Enterprises Limited also appears to run a website under the domain of mainswitch.com, offering virtual and dedicated web servers. (See Screenshot 03.)

    We notified both EuroAccess Enterprises Limited and Mainswitch Hosting Solutions more than 12 hours ago of the fake anti-virus website possibly hosted under their system. But we have not heard from them.






    Click on the button to watch a documentation video. VTC
    Click on the button to watch more documentation videos. VTC






    References:

    ANTIVIRUS-SCANNER.COM and Troj/Dwnldr-HDG
    Warning: A New Hack Scheme Discovered Involving Anti-Virus Scan Website

    This entry was posted in Internet security and tagged , , , . Bookmark the permalink.

    One Response to Sitemap Hack, ANTIVIRUS-SCANNER.COM Invading At Least 10 Websites Including Arizona State University’s Site

    1. edelyn cabalhin says:

      That’s horrible! We should really be aware of any firewalls we will be using especially if we have important files on our site. Thanks for the info, at least now I’m aware of it.

      [Partially edited by Administrator]

    Leave a Reply

    Your email address will not be published.

    You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

    Comment spam protected by SpamBam

    Notify me of followup comments via e-mail. You can also subscribe without commenting.