ALERT FLASH. Almost a week ago, I reported about a fake anti-virus called "antivirusquickscanv1.com". Today, another one emerged and identified as Save My PC Now or "savemypcnowv1.com". The trick and even the page displayed is very similar and there is high possibility that it spawn from antivirusquickscanv1.com (which has now been marked as an attack site).
I hit this fake anti-virus site from a query that lead to quranencyclopedia.com/rwzqy/lfftr/datagrid.htm. It is very likely that the page inside QuranEncyclopedia was hijacked and reowned so that the owner of savemypcnowv1.com can launched their attack to trick you to download their malicious anti-virus software.
In summary, sequence of events for this unfortunate discovery:
1. Google Query
2. Google Results
3. QuranEncyclopedia.com/rwzqy/lfftr/datagrid.htm
4. REDIRECT TO savemypcnowv1.com !!!! fake
Check on the INTERNIC information reveal the following:
Domain Name: SAVEMYPCNOWV1.COM
Registrar: TODAYNIC.COM, INC.
Whois Server: whois.todaynic.com
Referral URL: http://www.NOW.CN
Name Server: NS1.EVERYDNS.NET
Name Server: NS2.EVERYDNS.NET
Name Server: NS3.EVERYDNS.NET
Name Server: NS4.EVERYDNS.NET
Status: clientTransferProhibited
Updated Date: 11-may-2009
Creation Date: 06-may-2009
Expiration Date: 06-may-2010
Again this site was registered in China but could be operated from elsewhere.
How to trace IP of savemypcnowv1.com
Difficult. Finding the IP by host name appeared to give different IP every time you check it. I have tried http://www.selfseo.com/find_ip_address_of_a_website.php. First time it show that the IP came from U.S.A. Second time it show that the IP came from Great Britain.
Read more: http://www.blogtactic.com/search/label/Attack%20Site#ixzz0y1qiqVDp
Under Creative Commons License: Attribution
No comments:
Post a Comment