|
|
|
A Diverse Portfolio of Fake Security Software - Part Twenty Two |
Si vous voulez bloquer ce service sur vos fils RSS
Si vous voulez nous contacter ou nous proposer un fil RSS
Menu > Articles de la revue de presse : - l'ensemble [ tous | francophone] - par mots clé [ tous] - par site [ tous] - le tagwall [ voir] - Top bi-hebdo de la revue de presse [ Voir]
Présentation : []Part twenty two of the diverse portfolio of fake security software series will summarize the typosquatted scareware serving domains currently in circulation, pushed through the usual distribution channels, but will also emphasize on the "money trail", namely the payment processing gateways used in the scareware campaigns. In this particular case the scareware front-ends ultimately leading to ChronoPay, which Germany-based Pandora Software has been abusing since 2008 under its countless number of aliases such as Meyrocorp for instance. []The scareware domains are as follows: atomscan6 .info - 38.105.19.27 - Email: donboset@gmail.com listscan6 .com - Email: loiskiltz@gmail.com goscanedge .com - Email: subtenda@gmail.com goscanfine. com - Email: chirelqas@gmail.com in6ch .com - Email: relgetn@gmail.com goscanrich .com - Email: pathstals@gmail.com goscanrank .com - Email: alcnafuch@gmail.com ina6sk .com - Email: equatelepi@gmail.com in6sk .com - Email: thomas.truby@gmail.com goscanslim .com - Email: chinrfi@gmail.com gowidescan .com - Email: alcnafuch@gmail.com goedgescan .com - Email: subtenda@gmail.com gofinescan .com - Email: alcnafuch@gmail.com goelitescan .com - Email: funully@gmail.com gorichscan .com - Email: pathstals@gmail.com goslimscan .com - Email: chinrfi@gmail.com gosoonscan .com - Email: aloxier@gmail.com goironscan .com - Email: aloxier@gmail.com goflexscan .com - Email: alcnafuch@gmail.com gomanyscan .com - Email: alcnafuch@gmail.com goscaniron .com - Email: aloxier@gmail.com ina6co .com - Email: equatelepi@gmail.com in6co .com - Email: thomas.truby@gmail.com goscantop .com - Email: funully@gmail.com ina6iq .com - Email: equatelepi@gmail.com goscanstar .com - Email: stgeyman@gmail.com goscanflex .com - Email: chirelqas@gmail.com goscanmany .com - Email: chirelqas@gmail.com scantrue6 .info - Email: jokinzer@gmail.com scantool6 .info - Email: jokinzer@gmail.com scanzoom6 .info - Email: jokinzer@gmail.com litescan6 .info - Email: litescan6.info truescan6 .info - Email: jokinzer@gmail.com toolscan6 .info - Email: jokinzer@gmail.com []atomscan6 .info - Email: donboset@gmail.com genscan6 .info - Email: imendegal@gmail.com luxscan6 .info - Email: donboset@gmail.com wayscan6 .info - Email: jokinzer@gmail.com scanuser6 .info - Email: jokinzer@gmail.com scanway6 .info - Email: jokinzer@gmail.com scan6line .info - Email: jokinzer@gmail.com scan6note .info - Email: jokinzer@gmail.com scan6true .info - Email: jokinzer@gmail.com scan6tool .info - Email: jokinzer@gmail.com true6scan .info - Email: jokinzer@gmail.com tool6scan .info - Email: jokinzer@gmail.com top6scan .info - Email: jokinzer@gmail.com user6scan .info - Email: jokinzer@gmail.com list6scan .info - Email: jokinzer@gmail.com way6scan .info - Email: jokinzer@gmail.com scan6user .info - Email: jokinzer@gmail.com scan6list .info - Email: jokinzer@gmail.com scan6fix .info - Email: jokinzer@gmail.com scan6way .info - Email: jokinzer@gmail.com It's pretty obvious case demonstrating the dynamics of the underground ecosystem. A thousand bogus accounts purchased for $10 used in a bulk registration of scareware serving domains on a revenue sharing affiliate model ends up in a win-win-win situation for the cybercriminals involved in these processes. The practice is becoming rather popular not only due to their interest in less centralization of the domain control under a single email address -- cross checking reveals the entire portfolio managed under it -- but due to the availability of the service. []clean-pc-now .net - 94.75.233.162 - Email: robertsimonkroon@gmail.com fast-spyware-cleaner .org - Email: robertsimonkroon@gmail.com spyware-scaner .com - Email: robertsimonkroon@gmail.com scan-pc-now .com - Email: robertsimonkroon@gmail.com free-tube-porn .biz - Email: robertsimonkroon@gmail.com spyware-killer .biz - Email: robertsimonkroon@gmail.com softportal-extrafiles .com - 64.20.38.172 exe-profile .com - Email: kimwerner92@yahoo.com extrafiles-softportal .com - Email: opipkl@googlemail.com softportal-files .com - Email: kimwerner92@yahoo.com softportal-extrafiles .com load-exe-soft .com - Email: kimwerner92@yahoo.com exe-box .com - Email: normtroup@yahoo.com hot-exe-area .net - Email: josepetie@gmail.com []spywarecomputerscanv2 .com - 69.10.59.35 - Email: huang@bark.edu.hk 1live-antimalware-pro-scan .com - Email: hongkong@campusparis.org 1live-antimalware-scanner .com - Email: hongkong@campusparis.org folderantispywarescanner .com - Email: xinhuawuhan@yahoo.com antivirushelpscanner .com - Email: info@brandturkey.com fastfolderscanner .com - Email: info@brandturkey.com mycomputerscanner .com - Email: vanmullem@yahoo.com restricteddomainhelp .com - 83.133.124.81 - Email: franklinnig@yahoo.com msncoreupdate .com - Email: jen@parallelslive.cn world-payment-system .com - Email: info@yashitaindian.com liveinternetupdates .com - Email: kuzya77@freebbmail.com onlineantivirusmarket .com Email: podbisb@hotmail.com []threats-scanner .com - 69.4.230.204 - Email: vanmullem@yahoo.com securitypcscanner2 .com - Email: office@actionaidinusa.org anti-virussecurity3 .com - Email: office@actionaidinusa.org private-online-scan .com - Email: info@kianah.org liveantivirusproscan .com - Email: second@freebbmail.com no1virusscan .com - Email: info@kianah.org my-private-protection .com - Email: info@kianah.org scanmyfolders .com - Email: info@kianah.org scanmycomputerforvirus .com - Email: vanmullem@yahoo.com onlinescan-ultraantivirus2009 .com - 206.53.61.76 relevantwebsearches .com virussweeper-scanvirus .com guardincorp .info mainsecsys .info - Email: andrew.fbecket@gmail.com guardsecurity .info - Email: poljaykop@gmail.com virusalarm-scanvirus .net []best-protect .info - 174.142.113.205 - Email: chainadmin@gmail.com best-protect-av1 .info - Email: chainadmin@gmail.com best-antivirus-pc .info - Email: chainadmin@gmail.com best-av1-protect .info - Email: chainadmin@gmail.com av1-protect .info - Email: chainadmin@gmail.com av1-best-protect .info - Email: chainadmin@gmail.com best-protect .info - Email: chainadmin@gmail.com best-av .info - Email: chainadmin@gmail.com pay-virusshield .cn - 64.213.140.70 - Email: unitedisystems@gmail.com shieldinc .info systemprotectinc .info ironshield .info myofficeguard .info protectionurl .info my-protection .info antivirus09 .net fast-antivirus.net []virusshieldpro .com - 64.86.16.127 - Email: unitedisystems@gmail.com prestotuneup .com - Email: hycderxvur@whoisservices.cn virussweeper-scanvirus .com virusmelt .com - Email: nuhuarrczq@whoisservices.cn systemsec .info shieldinc .info myofficeguard .info protect-online .info protectionlol .info protectionurl .info virussweeper-scan .net advanced-virus-remover2009 .com - 92.241.176.188 - Email: masle@masle.kz trucount3005 .com - Email: chen.poon1732646@yahoo.com antivirus-scan-2009 .com - Email: cheng2009@yahoo.com antivirusxppro-2009 .com - Email: u@sochi.ru advanced-virusremover2009 .com - Email: giogr@ua.fm bestscanpc .com trucountme .com - Email: valentin@gergiea.kz vs-codec-pro .com - Email: bhtjnjhggn@googlemail.com vscodec-pro .com - Email: cyber38462@hotmail.com antivirus-2009-ppro .com - Email: cheng2009@yahoo.com onlinescanxppro .com - Email: chen.poon1732646@yahoo.com downloadavr .com - Email: gorbun@ua.fm bestscanpc .net []activation-antivirus-software .com - 208.43.124.83 - Email: matlee@fsuk.edu fxantispy .com - Email: TycoonMichael@googlemail.com my-protection .info - 64.213.140.70 - Email: hop.davis@gmail.com protectonline .info - 64.86.17.47 - Email: hop.davis@gmail.com safetywwwtools .com - 209.44.126.36 - Email: martin.s.johnson@spambob.com defenderupdates2 .com - 89.248.168.46 - Email: china@seban.se securitytoolsdirect .com - 209.44.126.22 - Email: RuthMMarcotte@text2re.com best-antivirus-security .com - 84.16.237.52 - Email: valentinyermolaev@gmail.com malwaresdestructor .com - 206.53.61.74 suprotect .com - 89.149.212.218 - uuuuu@ua.fm threatpcscanner .com - 63.223.110.177 ; 78.47.132.216 ; 78.47.172.66 - Email: vanmullem@yahoo.com antimalwareliveproscannerv3 .com - Email: vanmullem@yahoo.com antivirus-online-pro-scan .com - Email: vanmullem@yahoo.com avpro-labs .com - 213.182.197.229 avprotectionstat .com - 74.50.99.236 explorerfilescan .com - 63.223.110.178; 78.47.132.221; 78.47.172.68 Email: xinhuawuhan@yahoo.com antivirushelpscanner .com A 83.133.125.116; 69.10.59.35; 83.133.125.116 - Email: info@brandturkey.com fastfolderscanner .com - Email: info@brandturkey.com mycomputerscanner .com - Email: info@brandturkey.com mal-warexls .net - 72.9.108.26 - Email: joehugardo@ya.ru internetware-safe .com - Email: candikeller@ya.ru []scanonlinesite .info - 66.148.74.126 scanonlineblog .info scanonlineshop .info scanonlinenow .info youravprotection .com - 74.50.98.162 - Email: armandgregory3@gmail.com registerantivirus .com Email: ed.areyra@gmail.com avprotectionstat .com avagent-pro .com - 83.133.126.46 - Email: dwrdcardenas95@gmail.com downloads-123 .com - Email: dwrdcardenas95@gmail.com soft-process .com - Email: dwrdcardenas95@gmail.com download-123 .cn - Email: dwrdcardenas95@gmail.com actupdate .net - Email: dwrdcardenas95@gmail.com []Now the emphasis on the payment gateways, currently active and processing the scareware transactions: softwaresecuredbilling .com - 209.8.45.122 - TemchenkoViktor@googlemail.com softsales-discount .com - Email: daunrwwciq@whoisservices.cn best-internet-payments .com - 209.8.45.148 - Email: specsupport@gmail.com adioro .com - 213.174.152.32 - Email: xyhsbjlrl@whoisprivacyprotect.com secure-plus-payments .com - 209.8.25.204 - Email: sparck000@mail.com secure.pnm-software .com - 209.8.45.124 - Email: pnm-software.com@liveinternetmarketingltd.com soft-process .com - 83.133.126.46 - Email: XtPbtP@privacypost.com privatesecuredpayments .com - 78.46.216.238 - Email: TemchenkoViktor@googlemail.com []These payment processing gateways are sometimes front-end to the original and often legitimate payment processors. In this particular case, the the legitimate processor is Netherlands-based ChronoPay, which is known to have been used in the past by affiliates in the scareware affiliate model in the past, with several complaints for repeated credit card billing, which in reality is included in the scareware's Terms of Service. Upon a successful purchase - the customer is told that "This charge will appear on your card statement as CHRPay.com/ducforceide". Interestingly, Pandora Software has also been using the following ChronoPay accounts for over an year - Chrpay.com/meyrocorp; CHrpay.com/pnra using disconnected numbers, CallerID's of scareware operations, desperate attempts to contact the alias for the front-end payment processor, ultimately resulting in several hundred ChronoPay related complaints. Next to scareware, ChronoPay (Pavel Vrublevsky acting as CEO) is also known to have been used in a mobile application scam dissected here, as well as being a victim of a DDoS attack in 2008, which is pretty logical since if ChronoPay is the payment processor of choice for the hundreds of thousands of scareware generated revenues on daily basis, the commissions ChronoPay takes from cybercriminals would be more than welcome in the competing payment processor's network. Related posts: Dissecting a Swine Flu Black SEO Campaign Massive Blackhat SEO Campaign Serving Scareware From Ukrainian Blackhat SEO Gang With Love From Ukrainian Blackhat SEO Gang With Love - Part Two From Ukraine with Scareware Serving Tweets, Bogus LinkedIn/Scribd Accounts, and Blackhat SEO Farms Fake Web Hosting Provider - Front-end to Scareware Blackhat SEO Campaign at Blogspot A Diverse Portfolio of Fake Security Software - Part Twenty One A Diverse Portfolio of Fake Security Software - Part Twenty A Diverse Portfolio of Fake Security Software - Part Nineteen A Diverse Portfolio of Fake Security Software - Part Eighteen A Diverse Portfolio of Fake Security Software - Part Seventeen A Diverse Portfolio of Fake Security Software - Part Sixteen A Diverse Portfolio of Fake Security Software - Part Fifteen A Diverse Portfolio of Fake Security Software - Part Fourteen A Diverse Portfolio of Fake Security Software - Part Thirteen A Diverse Portfolio of Fake Security Software - Part Twelve A Diverse Portfolio of Fake Security Software - Part Eleven A Diverse Portfolio of Fake Security Software - Part Ten A Diverse Portfolio of Fake Security Software - Part Nine A Diverse Portfolio of Fake Security Software - Part Eight A Diverse Portfolio of Fake Security Software - Part Seven A Diverse Portfolio of Fake Security Software - Part Six A Diverse Portfolio of Fake Security Software - Part Five A Diverse Portfolio of Fake Security Software - Part Four A Diverse Portfolio of Fake Security Software - Part Three A Diverse Portfolio of Fake Security Software - Part Two Diverse Portfolio of Fake Security Software This post has been reproduced from Dancho Danchev's blog. [][] [] [] [] [] [] [][]
Les mots clés de la revue de presse pour cet article : security
Les videos sur SecuObs pour les mots clés : security
Les mots clés pour les articles publiés sur SecuObs : security
Les éléments de la revue Twitter pour les mots clé : security
Les derniers articles du site "Dancho Danchev's Blog Mind Streams of Information Security Knowledge" :
- Koobface Redirectors and Scareware Campaigns Now Hosted in Moldova
- Scareware, Sinowal, Client-Side Exploits Serving Spam Campaign in the Wild
- Money Mule Recruiters on Yahoo 's Web Hosting
- AS50215 Troyak-as Taken Offline, Zeus C Cs Drop from 249 to 181
- Don't Play Poker on an Infected Table - Part Three
- Don't Play Poker on an Infected Table - Part Two
- IRS PhotoArchive Themed Zeus Client-Side Exploits Serving Campaign in the Wild
- Dissecting an Ongoing Money Mule Recruitment Campaign
- Tax Report Themed Zeus Client-Side Exploits Serving Campaign in the Wild
- Keeping Money Mule Recruiters on a Short Leash - Part Two
Menu > Articles de la revue de presse : - l'ensemble [ tous | francophone] - par mots clé [ tous] - par site [ tous] - le tagwall [ voir] - Top bi-hebdo de la revue de presse [ Voir]
Si vous voulez bloquer ce service sur vos fils RSS :
- avec iptables "iptables -A INPUT -s 88.191.75.173 --dport 80 -j DROP"
- avec ipfw et wipfw "ipfw add deny from 88.191.75.173 to any 80"
- Nous contacter par mail
| Mini-Tagwall des articles publiés sur SecuObs : | | | | sécurité, exploit, windows, microsoft, réseau, attaque, outil, vulnérabilité, audit, système, virus, internet, données, présentation, metasploit, linux, bluetooth, protocol, vista, scanner, réseaux, shell, engineering, rootkit, paquet, conférence, trames, wishmaster, téléphone, source, sysun, noyau, mobile, https, mémoire, rapport, botnet, téléphones, libre, reverse, navigateur, patch, snort, scapy, intel |
| Mini-Tagwall de l'annuaire video : | | | | vmware, security, virus, biometric, windows, lockpicking, password, botnet, metasploit, tutorial, attack, crypt, linux, network, iphone, server, exploit, wimax, conficker, virtu, virtual, engineering, cisco, reverse, shmoocon, wireshark, ettercap, hacker, firewall, internet, knoppix, rootkit, arduino, wireless, source, conference, backtrack, openbsd, brucon, systm, overflow, openssh, access, buffer, remote |
| Mini-Tagwall des articles de la revue de presse : | | | | security, microsoft, windows, hacker, attack, network, vulnerability, google, exploit, malware, internet, remote, iphone, server, inject, patch, apple, twitter, mobile, virus, ebook, facebook, vulnérabilité, crypt, source, linux, password, intel, research, virtual, phish, access, tutorial, trojan, social, privacy, firefox, adobe, overflow, office, cisco, conficker, botnet, pirate, sécurité |
| Mini-Tagwall des Tweets de la revue Twitter : | | | | security, linux, botnet, attack, metasploit, cisco, defcon, phish, exploit, google, inject, server, firewall, network, twitter, vmware, windows, microsoft, compliance, vulnerability, python, engineering, source, kernel, crypt, social, overflow, nessus, crack, hacker, virus, iphone, patch, virtual, javascript, malware, conficker, pentest, research, email, password, adobe, apache, proxy, backtrack |
|
|
|
|
|
