TOKYO (MacHouse) – We reported several hours ago that an international cyber scum group had launched a new exploitation and redirection scheme possibly to infect Internet users with a computer virus. Victims from the previous exploitation scheme had a signature of ‘stmp?’ The latest exploitation scheme involves a new signature, which is ‘?prj.’ The following is a list of websites being victimized in the latest exploitation scheme.
If one accesses any of the URL established by the exploiter like the ones shown in Screenshot 01-2, he or she will have a few seconds to escape from redirection. The new fake anti-virus scan website is hosted under the domain of antivirus-scanonline.com. (See Screenshot 03.) Then the redirection victim will be forced to download a file titled ‘AtnvrsInstall.exe.’ (See Screenshot 04.) This Windows-based file presumably contains one or more computer viruses.
 Screenshot 01 – Source: tcadp.org |
 Screenshot 02 – Source: fresca.co.uk |
 Screenshot 03 – Source: antivirus-scanonline.com |
For now, we don’t know exactly where the new fake anti-virus scan website is hosted. As shown in Screenshot 05, the domain of antivirus-scanonline.com points to 4 nameservers. And tracing one of these nameservers has taken us to the website of a mysterious web hosting company in California called InterCage.
 Screenshot 04 – Source: antivirus-scanonline.com |
 Screenshot 05 – Source: MacHouse |
 Screenshot 06 – Source: intercage |
When we visited the website of InterCage several hours ago, it said ‘WEBSITE LAUNCHING SOON.’ (See Screenshot 06.) Actually, this isn’t the first time we ran into this website. About 12 days ago, we arrived at this website and saw the exactly same message after tracing one of the nameservers designated by the domain of antivirus-scanner.com
Click on the button to watch a documentation video. 
Click on the button to watch more documentation videos.
References:
Warning: A New Fake Anti-Virus Scan Website Discovered
The Official Website of British Band Camera Obscura Exploited for Fake Anti-Virus Scan
Sitemap Hack, ANTIVIRUS-SCANNER.COM Invading At Least 10 Websites Including Arizona State University’s Site
ANTIVIRUS-SCANNER.COM and Troj/Dwnldr-HDG
Warning: A New Hack Scheme Discovered Involving Anti-Virus Scan Website
Is there a way to send the persons malware people a nasty message at least? I would feel better if I could at the least tell the what idiots and scum-bucket drinkers they are.
Yes and no, Jim. If you check their domain registration, there must have a contact e-mail address. If you want to send them messages, you can use that e-mail address. However, criminals usually use fake e-mail addresses. Secondly, they don’t necessarily understand English. Most importantly, the best way of sending a real good message is to destroy their operation, which isn’t really difficult to do.
We don’t do it often any more because destroying scam websites doesn’t bring us anything. Last time, we had the fake anti-virus website at antivirus-scanonline.com closed, but nobody praised us or bothered to express their gratitude. That’s something that the police should do, being supported by tax payers’ money.
I agree totally, i heard about the closed website, these “crims” should be killed