Is the Fake Anti-Virus Scan Website at ANTIVIRUS-SCANONLINE.COM Still at Risk?

anti spam






TOKYO (MacHouse) – A week ago, we had incredible information that the fake anti-virus scan website at antivirus-scanonline.com was hosted by a Dutch web hosting company called LEASEWEB. It’s been a while since we attempted to contact the web hosting company. We finally heard from a person named Mr. Jeffrey Kriegsman representing LEASEWEB several hours ago. That’s great. Nonetheless, Mr. Kriegsman consistently says that the fake anti-virus scan website in question is not inaccessible because the domain itself is inactive. (See Screenshot 02-3.) Oh… Is that really the case?





antivirus-scanonline.com antivirus 2008
Screenshot 01 – Source: MacHouse
  antivirus-scanonline.com antivirus 2008
Screenshot 02 – Source: MacHouse
  antivirus-scanonline.com antivirus 2008
Screenshot 03 – Source: antivirus-scanonline.com






Perhaps, what Mr. Kriegsman should have done is simply to access antivirus-scanonline.com with the http protocol at first. When I accessed the domain in question an hour ago, the fake anti-virus scan website was still active. (See Screenshot 03.) We also checked its domain registration. And, according to Completewhois.Com, the domain of antivirus-scanonline was active at about 06:00 PM (GMT/London) or 07: 00 PM (GMT/Amsterdam) on June 9, 2008. (See Screenshot 04.) Furthermore, using VisualRoute 2008, we have confirmed that the IP location of the website hosted at the domain of antivirus-scanonline.com is 85.17.93.42. (See Screenshot 05.) RIPE says that this IP address belongs to LeaseWeb. (See Screenshot 06.)





antivirus-scanonline.com antivirus 2008
Screenshot 04 – Source: Completewhois.Com
  antivirus-scanonline.com antivirus 2008
Screenshot 05 – Source: MacHouse
  antivirus-scanonline.com antivirus 2008
Screenshot 06 – Source: MacHouse






Our conclusions are





  1. The domain of antivirus-scanonline.com is still active.
  2. LeaseWeb provides either a hosting service or DNS-routing service to the organization behind the domain of antivirus-scanonline.com.






No WhoIs search engine is reliable. It’s always a good idea to use two different tools to see if the domain in question is active.

The following video was recorded at about 05:28 PM (GMT/London) or 06:28 PM (GMT/Amsterdam) on June 9, 2008.

Click on the button to watch a documentation video. VTC
Click on the button to watch more documentation videos. VTC






References:

Antivirus 2008 (ANTIVIRUS-SCANONLINE) Wrap-Up June-01
Briefly: A U.K. College Website Exploited for Antivirus 2008 (ANTIVIRUS-SCANONLINE.COM)
Saudi Arabian Government Website Falling a Victim to Antivirus 2008 (ANTIVIRUS-SCANONLINE.COM) Exploitation
Briefly: 3 New Websites Falling Victims to the Exploitation of Antivirus 2008 (ANTIVIRUS-SCANONLINE.COM)
Antivirus 2008 (ANTIVIRUS-SCANONLINE.COM) Finding New Home in the Netherlands?
New York-Based Web Hosting Company Ezzi.net Failing to Pull the Plug Off Fake Anti-Virus Scan Websites
Hopefully, Saying Good-Bye to the Fake Anti-Virus Scan Websites of ANTIVIRUS-SCANNER.COM and ANTIVIRUS-SCANONLINE.COM for Now…
Victims of ANTIVIRUS 2008 (Malware) & Troj/FakeVir-BF Growing Exponentially
Failure to Remove Ill Files Converts Beacon University Websites Into Redirection Points for ANTIVIRUS-SCANONLINE.COM
ANTIVIRUS-SCANONLINE.COM: Response to a Comment at FORUMS.SLICKDEALS.NET
The Name of A Next Anti-Virus Scan Domain Will Be…
File Determined to Contain Troj/FakeVir-BF
What Do We Know About These Fake Anti-Virus Scan Websites?
Lehigh University’s Multiple Department Websites Exploited for Redirection to ANTIVIRUS-SCANONLINE.COM
ANTIVIRUS-SCANONLINE.COM: 15 Websites Victimized in the Latest ‘?prj’ Exploitation Scheme
Warning: A New Fake Anti-Virus Scan Website Discovered

This entry was posted in Internet security and tagged , . Bookmark the permalink.

Leave a Reply

Your email address will not be published.

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Comment spam protected by SpamBam

Notify me of followup comments via e-mail. You can also subscribe without commenting.