TOKYO (MacHouse) – Currently, there are at least 17 websites being exploited and used as redirection points for the fake anti-virus scan website at antivirus-scanonline.com. This fake anti-virus scan website is still hosted by a web hosting company in the Netherlands called LEASEWEB (www.leaseweb.com) as the IP location is shown as (85.17.93.42). It is also possible that New York-based web hosting company Ezzi.net (ezzi.net) still helps the cyber crime organization behind the fake anti-virus scan scam either to disguise the location of the true web server by forwarding the domain or simply host the website.
 Screenshot 01 – Source: sagia.gov.sa |
 Screenshot 02 – Source: pbats.com |
 Screenshot 03 – Source: www.ile.org.uk |
Again, there are currently at least 17 websites that are used as redirection points for the fake anti-virus scan website at antivirus-scanonline.com. The domains of those exploited websites are shown below.
A Saudi Arabian government agency called Saudi Arabian General Investment Authority (SAGIA) removed ill codes/files after receiving our kind notification. However, their website has been exploited again. (See Screenshot 01.)
Several organizations including Professional Baseball Athletic Trainers Society (pbats.com), Institution of Lighting Engineers (www.ile.org.uk) and Beacon University received but appear to have ignored our kind notifications. Therefore, their websites are still used as redirection points for the fake anti-virus scan website. (See Screenshot 02-3.)
Lehigh University, whose domain name (lehigh.edu) is not shown in the list above, seems to have recently removed ill codes/files. However, the CHMOD of some folders are still set to 755. And we fear that their website will be exploited again. By the way, we have never received a simple form of appreciation from Lehigh University after we spent our valuable time writing and giving them a kind notification that their website was exploited. Right, some organizations are too arrogant to say thanks.
References:
Briefly: A U.K. College Website Exploited for Antivirus 2008 (ANTIVIRUS-SCANONLINE.COM)
Saudi Arabian Government Website Falling a Victim to Antivirus 2008 (ANTIVIRUS-SCANONLINE.COM) Exploitation
Briefly: 3 New Websites Falling Victims to the Exploitation of Antivirus 2008 (ANTIVIRUS-SCANONLINE.COM)
Antivirus 2008 (ANTIVIRUS-SCANONLINE.COM) Finding New Home in the Netherlands?
New York-Based Web Hosting Company Ezzi.net Failing to Pull the Plug Off Fake Anti-Virus Scan Websites
Hopefully, Saying Good-Bye to the Fake Anti-Virus Scan Websites of ANTIVIRUS-SCANNER.COM and ANTIVIRUS-SCANONLINE.COM for Now…
Victims of ANTIVIRUS 2008 (Malware) & Troj/FakeVir-BF Growing Exponentially
Failure to Remove Ill Files Converts Beacon University Websites Into Redirection Points for ANTIVIRUS-SCANONLINE.COM
ANTIVIRUS-SCANONLINE.COM: Response to a Comment at FORUMS.SLICKDEALS.NET
The Name of A Next Anti-Virus Scan Domain Will Be…
File Determined to Contain Troj/FakeVir-BF
What Do We Know About These Fake Anti-Virus Scan Websites?
Lehigh University’s Multiple Department Websites Exploited for Redirection to ANTIVIRUS-SCANONLINE.COM
ANTIVIRUS-SCANONLINE.COM: 15 Websites Victimized in the Latest ‘?prj’ Exploitation Scheme
Warning: A New Fake Anti-Virus Scan Website Discovered
