Beware of ANTIVIRXP08.COM: A New Fake Anti-Virus Scan Website Detected
TOKYO (MacHouse) - Yesterday, we introduced the hacked website of an European organization called EnR. (Screenshot 01 shows the index page of EnR’s website.) An organized cyber criminal group hacked this website and installed a number of spam webpages to redirect Internet users to malicious websites. As we reported before, one of the final destinations is the fake scan website hosted through the domain of win-x-defender.com. (See Screenshot 02.) We knew that wasn’t not the only destination. It’s just that redirection stopped working soon after we detected the fake scan website. So we couldn’t confirm other possible destinations.
 Screenshot 01 - Source: EnR |
 Screenshot 02 - Source: win-x-defender.com |
 Screenshot 03 - Source: MacHouse |
For the past 34 hours or so, cyber criminals are circulating a number of comments to advertise spam webpages installed at EnR’s website. (See Screenshot 03.) And we have confirmed another destination to which one will be redirected after accessing a spam webpage. This new destination is hosted through the domain of antivirxp08.com. (See Screenshot 03.)
If you access any of the spam webpages installed at EnR’s website, you can be redirected to a fake scan website at win-x-defender.com, antivirxp08.com or another. If you access any of them twice, three times or more, you can be redirected to a junk directory website hosted at FIND.FM (find-fm.com).
There is nothing special about the fake anti-virus scan website hosted at the domain of antivirxp08.com. After a fake scan animation, unless you close the webpage, you will be forced to download a file titled scan.exe. (See Screenshot 04.)
 Screenshot 04 - Source: antivirxp08.com |
 Screenshot 05 - Source: WhoIs.Net |
 Screenshot 06 - Source: Ukr Tele Group |
The domain of antivirxp08.com is relatively new. According to its WhoIs registration, it was registered in July 10th. (See Screenshot 05.) So it’s only a week old. And where is this website hosted? The IP address of the web server hosting this fake anti-virus scan website is shown as 85.255.118.171. This IP address belongs to a disgraced, notorious Ukrainian web hosting company called Ukr Tele Group. (See Screenshot 06.)
Click on the button to watch a documentation video. 
Click on the button to watch more documentation videos.
References:
********** ********** ********** ********** ********** ********** ********** **********
MacHouse is not funded by tax payers' money. We have limited resources. We also need time to sleep and eat just as others. So we will not act as the International police to contact all victims of website abuse. All you have to do is to subscribe to spam messages and spam posts. If we can, why don't you?
Leave a Reply
You are prohibited from posting comments merely to advertise your website. Please read Rules and About This Blog at the top menu bar for more information.
Because of spam-comment criminals, we are forced to manually moderate every comment that you may post. Your comment will appear only after we review and then approve it. It will take us several hours at most to review it.
Please note that all one-sentence comments will be automatically rejected as an anti-spam measure.