Beware of SCANNER.WIN-X-DEFENDER.COM: European Organization (EnR) Website Hacked for Cache or Cookie Virus Attack
TOKYO (MacHouse) - Have you ever heard of an European organization called EnR? It’s website can be found at enr-network.org. (See Screenshot 01.) If you have never heard of it, you are not alone. Neither have I. Anyway, if you go to its ‘About’ page, it says
EnR is a voluntary network currently numbering twenty three European energy agencies, with responsibility for the planning, management or review of national research, development, demonstration or dissemination programmes in the fields of energy efficiency and renewable energy and climate change abatement.
According to Alexa’s Traffic Details, it’s not a very popular website for now. Problems facing their website (www.enr-network.org) aren’t the site popularity alone. Obviously, their website has been hacked to redirect Internet users to scam websites. One of the destinations is a 3-month-old fake anti-virus scan website.
 Screenshot 01 - Source: EnR |
 Screenshot 02 - Source: MacHouse |
 Screenshot 03 - Source: scanner.win-x-defender.com |
An organized cyber criminal group circulated spam comments more than 8 hours ago to advertise several webpages hosted at http://www.enr-network.org. (See Screenshot 02.) If you visit any of the spam webpages, you can be redirected to a fake anti-virus scan website hosted through the domain of win-x-defender.com. (See Screenshot 04.) Before a fake virus scan animation starts, your terminal is likely to contract a Trojan Horse derivative through a web browser. Either webpage cache or cookies contain a Trojan horse derivative, which Symantec calls Downloader. (See Screenshot 05.) According to the Internet security company,
Downloader connects to the Internet and downloads other Trojan horses or components. (See Screenshot 06.)
 Screenshot 04 - Source: scanner.win-x-defender.com |
 Screenshot 05 - Source: MacHouse |
 Screenshot 06 - Source: Symantec.com |
The domain of win-x-defender.com was registered in April 10. So this scam website is about 3 months old. The IP address of the web server is 91.208.0.251. It should be hosted in Russia.
References:
********** ********** ********** ********** ********** ********** ********** **********
MacHouse is not funded by tax payers' money. We have limited resources. We also need time to sleep and eat just as others. So we will not act as the International police to contact all victims of website abuse. All you have to do is to subscribe to spam messages and spam posts. If we can, why don't you?
Leave a Reply
You are prohibited from posting comments merely to advertise your website. Please read Rules and About This Blog at the top menu bar for more information.
Because of spam-comment criminals, we are forced to manually moderate every comment that you may post. Your comment will appear only after we review and then approve it. It will take us several hours at most to review it.
Please note that all one-sentence comments will be automatically rejected as an anti-spam measure.