Yahoo hosting Fraudware on their servers

While tracking down several new fake Antispyware sites … I happened to notice the below are all hosted by Yahoo.

# [Yahoo via various][68.180.128.0 – 68.180.255.255]
68.180.151.16  antivirus-2008.org
68.180.151.17  antivirus-2008-noadware.com #[Win32/Adware.PowerAntivirus]
68.180.151.16  bestantivirus2009.com #[Win32/Adware.PowerAntivirus]
68.180.151.18  officialantiviruslab.com #[Win32/Kryptik.E]
68.180.151.18  onlineantivirus2009.com #[Win32/Kryptik.E]

VirusTotal result for the download from “antivirus-2008.org” [here]
MY AV (NOD32 v3) detects the downloads from the other sites as either “Win32/Adware.PowerAntivirus” or “Win32/Kryptik.E

As you can see the above is a typical fraudulent fake Antispyware that attempts to infect your machine … nothing new there … but hosted at Yahoo? Makes you wonder who’s asleep at the wheel over there? …

These all fall within the IP block assigned to Yahoo (68.180.128.0 – 68.180.255.255)
The above sites all have the same “page title” (International Virus Research Lab) and contents, etc …



Comments are closed.