Spyware Sucks
“There is no magic fairy dust protecting Macs" – Dai Zovi, author of “The Mac Hacker’s Handbook"

Another fake Phoenix University malvertizement

April 24th 2009 in Uncategorized

image

 

This one is using the same domains as the previous version (although it should be noted that, although visually identical, this one had a different Hash to the one I looked at yesterday).

Victims end up at one of two fraudware sites, scanspywareonline.com or justwebsecurity.com.

I have written about justwebsecurity.com already, so let’s take a look at scanspywareonline.com

scanspywareonline.com
ICANN Registrar: DIRECTI INTERNET SOLUTIONS PVT. LTD. D/B/A PUBLICDOMAINREGISTRY.COM
Created 4 March 2009
NS1H1.DNS-MANAGE.COM
NS2H1.DNS-MANAGE.COM
NS3H1.DNS-MANAGE.COM
DN4H1.DNS-MANAGE.COM

IP: 205.252.24.226 – Virginia, Herndon ,Beyond The Network America Inc

Registrant details hidden behind privacyprotect.org

 

 

 

IP address shared with 21 other sites (take a deep breath – all except for one list DIRECTI as the ICANN Registrar – seriously, you’d think that DIRECTI would have learned what to watch out for by now.

advancesoftpc.com
ICANN Registrar: ENOM INC
Registrant: Internet Marketing Ltd
Volodymyr Kushnir
Patrisa Lumumby str. 7, flat 30, Kiev
Registration service: namecheap.com

antispywarepro.net
ICANN Registrar: DIRECT INTERNET SOLUTIONS
Created 16 September 2008
Registrant details hidden behind privacyprotect.org
Registration service: DNS-MANAGE.COM

kweekz.com
ICANN Registrar: DIRECTI INTERNET SOLUTIONS
Created 27 November 2006
Registrant: "admin", unused@fabrica.net.ua, Lomonosova 59, Kiev
Registration service: DNS-MANAGE.COM

netspywarescan.com
ICANN Registrar: DIRECTI INTERNET SOLUTIONS
Created 19 December 2008
Registrant hidden behind privacyprotect.org
Registration service: DNS-MANAGE.COM

online-spyware-scan.net
ICANN Registrar: DIRECTI INTERNET SOLUTIONS
Created 4 March 2009
Registrant hidden behind privacyprotect.org
Registration service: DNS-MANAGE.COM

onlinespyscan.com
ICANN Registrar: DIRECTI INTERNET SOLUTIONS
Created 7 April 2009
Registrant hidden behind privacyprotect.org
Registration service: DNS-MANAGE.COM

onlinespyscan.net
ICANN Registrar: DIRECTI INTERNET SOLUTIONS
Created 7 April 2009
Registrant hidden behind privacyprotect.org
Registration service: DNS-MANAGE.COM

onlinespyscanner.com
ICANN Registrar: DIRECTI INTERNET SOLUTIONS
Created 7 April 2009
Registrant hidden behind privacyprotect.org
Registration service: DNS-MANAGE.COM

onlinespyscanner.net
ICANN Registrar: DIRECTI INTERNET SOLUTIONS
Created 7 April 2009
Registrant hidden behind privacyprotect.org
Registration service: DNS-MANAGE.COM

onlinespywarescanner.net
ICANN Registrar: DIRECTI INTERNET SOLUTIONS
Created 4 March 2009
Registrant hidden behind privacyprotect.org
Registration service: DNS-MANAGE.COM

onlinespywaresscanner.com
ICANN Registrar: DIRECTI INTERNET SOLUTIONS
Created 7 April 2009
Registrant hidden behind privacyprotect.org
Registration service: DNS-MANAGE.COM

onlinespywaresscanner.net
ICANN Registrar: DIRECTI INTERNET SOLUTIONS
Created 7 April 2009
Registrant hidden behind privacyprotect.org
Registration service: DNS-MANAGE.COM.

pcspeed-up.com
ICANN Registrar: DIRECTI INTERNET SOLUTIONS
Created 8 May 2008
Registrant hidden behind privacyprotect.org
Registration service: DNS-MANAGE.COM

scanforspywares.com
ICANN Registrar: DIRECTI INTERNET SOLUTIONS
Created 7 April 2009
Registrant hidden behind privacyprotect.org
Registration service: DNS-MANAGE.COM

scanforspywares.net
ICANN Registrar: DIRECTI INTERNET SOLUTIONS
Created 7 April 2009
Registrant hidden behind privacyprotect.org
Registration service: DNS-MANAGE.COM

scanspywareonline.net
ICANN Registrar: DIRECTI INTERNET SOLUTIONS
Created 4 March 2009
Registrant hidden behind privacyprotect.org
Registration service: DNS-MANAGE.COM

smartpcsoft.com
ICANN Registrar: DIRECTI INTERNET SOLUTIONS
Created 9 April 2009
Registrant hidden behind privacyprotect.org
Registration service: DNS-MANAGE.COM

spywareonlinescan.net
ICANN Registrar: DIRECTI INTERNET SOLUTIONS
Created 7 April 2009
Registrant hidden behind privacyprotect.org
Registration service: DNS-MANAGE.COM

spywareonlinescanner.net
ICANN Registrar: DIRECTI INTERNET SOLUTIONS
Created 7 April 2009
Registrant hidden behind privacyprotect.org
Registration service: DNS-MANAGE.COM

spywarescanonline.net
ICANN Registrar: DIRECTI INTERNET SOLUTIONS
Created 4 March 2009
Registrant hidden behind privacyprotect.org
Registration service: DNS-MANAGE.COM

winflashmedia.com
ICANN Registrar: DIRECTI INTERNET SOLUTIONS
Created 16 January 2008
Registrant: Bogdan Pankiv (software@fabrica.net.ua – note, see kweekz.com above), Gorkogo 122, apt.19, Kiev
Registration service: DNS-MANAGE.COM

Registration service used:

DNS-MANAGE.COM
ICANN Registrar: DIRECTI INTERNET SOLUTIONS
Created 1 March 2009
Registrant hidden behind privacyprotect.org


2 comments to...
“Another fake Phoenix University malvertizement”

Mark

privacyprotect.org is the owner of all those sites! From Moergestel The Netherlands…

do not trust privacyprotect.org !



sandi

Privacyprotect.org does not “own” those sites. Privacyprotect.org is being used to hide the ownership of the domains.


PLEASE TREAT ALL CONTENT FROM PERFECT-BANNER.COM WITH EXTREME CAUTION   Adopstools scan results: http://www.adopstools.net/index.asp?section=quicklink&id=36xxrvvFRC85pkp7 Malvertizement host: perfect-banner.com Hits the domains statcluster.com and enjoyspringtime.com From there to crustat.com, pnfzetnax.net (or justwebsecurity.com), then to 78.47.132.220. —– perfectbanner.com […]

Previous Entry

The malvertizements have been reported to blogads.com. z.blogads.com/www/delivery/afr.php?n+a91736e9&zoneid=86&cb=INSERT_RANDOM_NUMBER_HERE z.blogads.com/www/delivery/afr.php?n+aa00ce7a&zoneid=87&cb=INSERT_RANDOM_NUMBER_HERE   The adverts hit statcluster.com, enjoyspringtime.com and crustat.com (all known bad domains).

Next Entry

Archives