Large cluster of fake AV
This is a pretty large number of domains on the same IP address delivering scareware programs.
The IP is 209.44.126.241
besecurityguardian.com
bestyourtrust.com
bitsecuritycenter.com
brasll.com
fullpcvirusscan.com
fullsecurityaction.com
gisecurityshield.com
godsecurityarchive.com
hortshieldpc.com
hupersecuritydot.com
intellectsecfind.com
intellectsecurityshield.com
libecoolsites.com
libertysecuritytool.com
mail.allowedwebsurfing.com
mail.godsecurityarchive.com
mail.hupersecuritydot.com
mail.intellectsecurityshield.com
mail.libecoolsites.com
mail.moregreatsites.com
mail.souptotalsecurity.com
mail.uniqtrustedweb.com
mail.upsecurityscanned.com
moregreatsites.com
mx241.brasll.com
ns1.godsecurityarchive.com
ns1.hupersecuritydot.com
ns1.libecoolsites.com
ns1.moregreatsites.com
ns1.souptotalsecurity.com
ns1.truesecuredpcs.com
ns1.uniqtrustedweb.com
resecurityaction.com
scanpcsecurity.com
scantrustsecurity.com
securetopshield.com
securexdetect.com
securityfastscan.com
securityshieldcenter.com
securityuniqscan.com
sidewebvirusscan.com
souptotalsecurity.com
thefirstupper.com
todaysecuritytop.com
totalsitesarchive.com
totalvirusshield.com
uniqtrustedweb.com
upsecurityscanned.com
virusdestroyerboost.com
www.allowedwebsurfing.com
www.bestwebscantools.com
www.fullsecurityaction.com
www.fullvirusprotection.com
www.hupersecuritydot.com
www.intellectsecurityshield.com
www.moregreatsites.com
www.truevirusshield.com
xvirusdescan.com
I downloaded one of the files and detection on VirusTotal is fairly low (8/41)
Just out of curiosity, I checked it against our Zheng heuristic system and we proactively detect it already 
Jerome Segura
Malware ID: bb2de997ea9d38c1895b6e115e16407b.zip
Comments:
|
|
