TOKYO (MacHouse) – In reference to our article of May 24, we knew that the fake antivirus scan website of antivirus-scanner.com moved to Ezzi.net, a New York-based web hosting company. So we waited and see if the cyber scum group behind this Antivirus 2008 scam would also bring another fake anti-virus scan website at antivirus-scanonline.com to this host. Today, they are both hosted at Ezzi.net. Actually, we don’t know the exact deal they have with this web hosting company. It’s possible that they use Ezzi.net’s DNS service to disguise nameservers. Anyhow, let’s hope that the fake anti-virus scan websites will be shut down partially or temporarily for a few days. The following is my (Tom Bluewater’s) conversation with Glen Georgiev at Ezzi.net.
Glen Georgiev: Hello, how can I help you?
Visitor: Hello.
Glen Georgiev: hello
Visitor: Could you kindly tell me if the website of antivirus-scanonline.com is at your company, please?
Visitor: *hosted at
Glen Georgiev: I am not sure but this can be traced via different online tools
Glen Georgiev: one moment
Visitor: Sure.
Glen Georgiev: Why would you like to get this information
Visitor: It’s a fake anti-virus scan website to distribute a computer virus.
Visitor: I think it’s hosted here.
Glen Georgiev: I see, what you mean, I just checked it
Glen Georgiev: It will be reported
Visitor: The virus is Troj/FakeVir-BF.
Glen Georgiev: as a possible phishing
Visitor: You don’t know if this website is hosted at your company?
Glen Georgiev: It points to us but it could be a just a jumper to a another server
Glen Georgiev: We need to investigate this
Visitor: I see. But you can cut the connect, correct?
Visitor: *connection
Glen Georgiev: do you mean to the server
Visitor: jumper to another
Glen Georgiev: we need to investigate this first
Visitor: Your service is definitely used.
Glen Georgiev: and take actions second
Visitor: Otherwise, I wouldn’t be here.
Visitor: There is one more website.
Visitor: antivirus-scanner.com
Visitor: That’s yours, too.
Glen Georgiev: what happened. How did you bump into this web sites. I have to check the IP first, the customers history
Glen Georgiev: and then take actions
Glen Georgiev: it could be I compromised server
Visitor: A cyber scum group is distributing links to websites that are used as redirection points for this fake anti-virus scan websites.
Glen Georgiev: this will be reported to the abuse team as well
Glen Georgiev: I see
Visitor: I’m from MacHouse (MHVT.NET). We run a security blog at seo.mhvt.net/blog/
Visitor: Okay. Thanks.
Glen Georgiev: No problem
Visitor: There are already thousands of victims. So I hope you will shut service for them immediately.
Glen Georgiev: You can contact the abuse team at abuse@ezzi.net
Glen Georgiev: Thank for the notifications
Visitor: You mean, I have to?
Glen Georgiev: we will take actions
Glen Georgiev: no it is not necessary
References:
Victims of ANTIVIRUS 2008 (Malware) & Troj/FakeVir-BF Growing Exponentially
Failure to Remove Ill Files Converts Beacon University Websites Into Redirection Points for ANTIVIRUS-SCANONLINE.COM
ANTIVIRUS-SCANONLINE.COM: Response to a Comment at FORUMS.SLICKDEALS.NET
The Name of A Next Anti-Virus Scan Domain Will Be…
File Determined to Contain Troj/FakeVir-BF
What Do We Know About These Fake Anti-Virus Scan Websites?
Lehigh University’s Multiple Department Websites Exploited for Redirection to ANTIVIRUS-SCANONLINE.COM
ANTIVIRUS-SCANONLINE.COM: 15 Websites Victimized in the Latest ‘?prj’ Exploitation Scheme
Warning: A New Fake Anti-Virus Scan Website Discovered
