TOKYO (MacHouse) – The fake anti-virus scan website at antivirus-scanonline.com was just a junk website with little traffic 2 days ago. According to Google, there were only 18 hits when we searched for ‘antivirus-scanonline.com’ in May 26. (See Screenshot 01.) Today, the same keyword search at Google generates 8,480 hits, suggesting that more and more Internet users are getting on the Internet to collect information on how to remove notorious malware Antivirus 2008. (See Screenshot 02.) The number of victims of this malware and the computer virus known as Troj/FakeVir-BF may have increased exponentially in two days.
 Screenshot 01 – Source: Google |
 Screenshot 02 – Source: Google |
Good news is that the number of websites used as redirection points for the website of antivirus-scanonline.com where Internet users are forced to download a file containing Troj/FakeVir-BF has decreased overnight. That’s partly thanks to our effort in sending kind notifications to the webmasters of some of the victimized websites. On the other hand, there still exist websites used as redirection points for the fake anti-virus scan website at antivirus-scanonline.com. As of 03:02 PM, May 28 (US PDT), the following websites were still affected
In the meantime, the cyber terrorist group responsible for advertising the websites that are used as redirection points for the fake anti-virus scan website at antivirus-scanonline.com ran a large ad campaign 2 days in a row by sending the same 10-page long spam comment today and yesterday to blogs and forums worldwide. Screenshot 03 shows such spam comment. The domain of mobsw.com hosts a fake anti-virus scan GIF animation. (See Screenshot 04.) The website hosted at geltraffic.com redirects Internet users to the fake anti-virus scan website at antivirus-scanonline.com. (See Screenshot 05.)
 Screenshot 03 – Source: MacHouse |
 Screenshot 04 – Source: mobsw.com |
 Screenshot 05 – Source: antivirus-scanonline.com |
If you are a Windows user and periodically see a fake anti-virus scan window without actually going to the fake anti-virus scan website at antivirus-scanonline.com, chances are that your terminal is infected with Troj/FakeVir-BF. Read our report titled “File Determined to Contain Troj/FakeVir-BF” to learn how to remove ill files. (The link is shown below.)
References:
Failure to Remove Ill Files Converts Beacon University Websites Into Redirection Points for ANTIVIRUS-SCANONLINE.COM
ANTIVIRUS-SCANONLINE.COM: Response to a Comment at FORUMS.SLICKDEALS.NET
The Name of A Next Anti-Virus Scan Domain Will Be…
File Determined to Contain Troj/FakeVir-BF
What Do We Know About These Fake Anti-Virus Scan Websites?
Lehigh University’s Multiple Department Websites Exploited for Redirection to ANTIVIRUS-SCANONLINE.COM
ANTIVIRUS-SCANONLINE.COM: 15 Websites Victimized in the Latest ‘?prj’ Exploitation Scheme
Warning: A New Fake Anti-Virus Scan Website Discovered
