TOKYO (MacHouse) – The cyber scum organization behind Windows OS-based malware title called Antivirus 2008 has exploited several new websites. One of the victimized websites is run by Saudi Arabian government’s investment authority known as Saudi Arabian General Investment Authority (SAGIA). (Screenshot 01 shows its English index page.) According to its About Us page, SAGIA was founded by the Saudi Arabian government in April, 2000. (See Screenshot 02.)
This Saudi Arabian investment authority website has been exploited and then used as a redirection point for the fake anti-virus scan website through the domain of antivirus-scanonline.com. As you probably know already, this fake anti-virus scan website has been installed to distribute a computer virus known as Troj/FakeVir-BF.
 Screenshot 01 – Source: www.sagia.gov.sa |
 Screenshot 02 – Source: www.sagia.gov.sa |
The cyber scum group behind Antivirus 2008 has exploited SAGIA’s website and installed ill codes/files to redirect Internet users to the fake antivirus scan website hosted through the domain of antivirus-scanonline.com. For example, if you access the link shown here, you will see a spam content titled ·$· BABY ·$· Save at least 10 % for a 1/2 second or longer. (See Screenshot 03.) If you don’t close the page, you will be eventually redirected to the fake anti-virus scan website hosted at the domain of antivirus-scanonline.com. (See Screenshot 04-5.)
 Screenshot 03 – Source: www.sagia.gov.sa |
 Screenshot 04 – Source: www.sagia.gov.sa |
 Screenshot 05 – Source: www.sagia.gov.sa |
Click on the button to watch a documentation video. 
Click on the button to watch more documentation videos.
References:
Briefly: 3 New Websites Falling Victims to the Exploitation of Antivirus 2008 (ANTIVIRUS-SCANONLINE.COM)
Antivirus 2008 (ANTIVIRUS-SCANONLINE.COM) Finding New Home in the Netherlands?
New York-Based Web Hosting Company Ezzi.net Failing to Pull the Plug Off Fake Anti-Virus Scan Websites
Hopefully, Saying Good-Bye to the Fake Anti-Virus Scan Websites of ANTIVIRUS-SCANNER.COM and ANTIVIRUS-SCANONLINE.COM for Now…
Victims of ANTIVIRUS 2008 (Malware) & Troj/FakeVir-BF Growing Exponentially
Failure to Remove Ill Files Converts Beacon University Websites Into Redirection Points for ANTIVIRUS-SCANONLINE.COM
ANTIVIRUS-SCANONLINE.COM: Response to a Comment at FORUMS.SLICKDEALS.NET
The Name of A Next Anti-Virus Scan Domain Will Be…
File Determined to Contain Troj/FakeVir-BF
What Do We Know About These Fake Anti-Virus Scan Websites?
Lehigh University’s Multiple Department Websites Exploited for Redirection to ANTIVIRUS-SCANONLINE.COM
ANTIVIRUS-SCANONLINE.COM: 15 Websites Victimized in the Latest ‘?prj’ Exploitation Scheme
Warning: A New Fake Anti-Virus Scan Website Discovered
