Fake PornTube Websites with 10 Chinese Domains Distributing Mac-Targeting Computer Virus
TOKYO (MacHouse) - We reported just a little while ago that a group of websites have been set up to distribute a computer virus targeting Mac users. We’ve found another group of PornTube websites for the same purpose.
The following 10 Chinese domains are used to host fake PornTube websites. All of them come with a few dozen subdomain websites.
At any of the fake PornTube websites hosted through the Chinese domains above, data are drawn from another website. (See the bottom of Screenshot 02.) Its domain is tubeuniverse.com. Furthermore, if you click on any of the video windows, you will be redirected to the website of tubecollection.com. (See Screenshot 03.) That’s where one is forced to download a disk image file containing a Mac-targeting computer virus, which Symantec calls OSX.RSPlug.A.
 Screenshot 01 - Source: akdltk.cn |
 Screenshot 02 - Source: akdltk.cn |
 Screenshot 03 - Source: tubecollection.com |
tubeuniverse.com is registered through ESTDomains while tubecollection.com is registered through GoDaddy.com. Moreover, WingedHosting or High Sky Hosting (Location: Saint Petersburg, Russia) hosts the website at tubeuniverse.com. We have not been able to locate the web host of tubecollection.com. It is likely that the domain is routed to another host at Sedo.com (www.sedo.com).
 Screenshot 04 - Source: tubeuniverse.com |
 Screenshot 05 - Source: hiskyhost.net |
 Screenshot 06 - Source: sedo.com |
References:
Fake PornTube Website With Computer Virus Targeting Mac Users
Computer Viruses Confirmed at Malicious Website Hosted by Ukrainian Web Hosting Company
India’s 6th Most Popular Website Exploited with iFrame Injection, Possible Exposure to a Computer Virus
Warning: Fake PornTube Websites Found
********** ********** ********** ********** ********** ********** ********** **********
MacHouse is not funded by tax payers' money. We have limited resources. We also need time to sleep and eat just as others. So we will not act as the International police to contact all victims of website abuse. All you have to do is to subscribe to spam messages and spam posts. If we can, why don't you?
Leave a Reply
You are prohibited from posting comments merely to advertise your website. Please read Rules and About This Blog at the top menu bar for more information.
Because of spam-comment criminals, we are forced to manually moderate every comment that you may post. Your comment will appear only after we review and then approve it. It will take us several hours at most to review it.
Please note that all one-sentence comments will be automatically rejected as an anti-spam measure.