Sitemap Hack, ANTIVIRUS-SCANNER.COM Invading At Least 10 Websites Including Arizona State University’s Site
TOKYO (MacHouse) - We’ve been reporting a relatively new fake anti-virus scan case for the past two days. Hacked websites all have a common signature shown as ‘?sitemap’ with spam HTML webpages. Accessing a spam webpage at any of the hacked websites is likely to redirect one to the website of antivirus-scanner.com and eventually force him/her to download a Windows-based file containing a computer virus known as Troj/Dwnldr-HDG.
Victims of this ‘?sitemap’ exploitation include the following websites
 Screenshot 01 - Source: euroaccess.nl |
 Screenshot 02 - Source: webhostchat.co.uk |
 Screenshot 03 - Source: mainswitch.com |
In the meantime, the fake anti-virus scan website of antivirus-scanner.com is possibly hosted by a Dutch web hosting company known as EuroAccess Enterprises Limited (euroaccess.nl). Interestingly, their main website itself doesn’t advertise web hosting plans. (See Screenshot 03.) But you can find some forum posts advertising their dedicated web server plans somewhere else. (See Screenshot 02.) Furthermore, EuroAccess Enterprises Limited also appears to run a website under the domain of mainswitch.com, offering virtual and dedicated web servers. (See Screenshot 03.)
We notified both EuroAccess Enterprises Limited and Mainswitch Hosting Solutions more than 12 hours ago of the fake anti-virus website possibly hosted under their system. But we have not heard from them.
Click on the button to watch a documentation video. 
Click on the button to watch more documentation videos.
References:
ANTIVIRUS-SCANNER.COM and Troj/Dwnldr-HDG
Warning: A New Hack Scheme Discovered Involving Anti-Virus Scan Website
********** ********** ********** ********** ********** ********** ********** **********
MacHouse is not funded by tax payers' money. We have limited resources. We also need time to sleep and eat just as others. So we will not act as the International police to contact all victims of website abuse. All you have to do is to subscribe to spam messages and spam posts. If we can, why don't you?
Leave a Reply
You are prohibited from posting comments merely to advertise your website. Please read Rules and About This Blog at the top menu bar for more information.
Because of spam-comment criminals, we are forced to manually moderate every comment that you may post. Your comment will appear only after we review and then approve it. It will take us several hours at most to review it.
Please note that all one-sentence comments will be automatically rejected as an anti-spam measure.