CyberInsecure.com

Daily cyber threats and internet security news: network security, online safety and latest security alerts
September 24th, 2008

Current List Of Zlob Distributiuon Sites And Rogue “Anti-virus” Products Domains

Sunbelt, a developer of protection software known for it’s Kerio firewall, has been publishing a list of domains which are involved in spreading of Zlob trojan and fake malware anti-virus known as Antivirus XP 2008 (and its clones). Domains from this list might infect visitors, considered malicious and should be added as untrusted into filters.

There is no full proof method to identify every website as malicious or trusted, as trusted sites often hacked or hijacked. The list from Sunbelt includes domains registered clearly for scams and malware distribution. The list is comprehensive and updated on a regular basis.

The list contains many cloned rogue security products, scam sites and Zlob Trojan distributing sites.

Here is the list, last updated for September 20:

(Never visit those sites, they might infect your system)

Zlob Trojan Distributing site: 77.91.231.201 Movsdlls. com
77.91.231.183 Mediamswares. com

Scam Internet Security Page: 91.203.92.11 Asafetysite. com

404ErrorpageScam: 91.203.92.12 Errordnsurl. com

Security Guide Scam Page: 91.203.92.11 Linksondesktop. com

Ad-Server-Gate Pages: 91.203.92.11 Gfbwd. com
91.203.92.11 Ogjtu.com

Security Center Scam Page: 91.203.92.12 Waysofsecurity. com

Scam Security Toolbar site: 91.203.92.12 Toolbarunit. com

IE AntiSpywareStore site: 92.62.101.83 Ieprogramming. com

Zlob Trojan Distributing site: 77.91.231.201 Movsdevices. com
77.91.231.183 Wmptools. com

Scam Internet Security Page: 91.203.92.12 Homesiteurls. com

404ErrorpageScam: 91.203.92.11 Urlsofdnserrors. com

Security Guide Scam Page: 91.203.92.11 Fastshortcuts. com

Ad-Server-Gate Pages: 91.203.92.12 Xbstw. com
91.203.92.12 Eufnt. com

Security Center Scam Page: 91.203.92.11 Protectnotice. com

Scam Security Toolbar site: 91.203.92.11 Securealertbar. com

IE AntiSpywareStore site: 92.62.101.84 Ierenewals. com

Antivirus 2009 Fake/Scanner page: 84.16.252.138 Vassariumpromo. com

AntiVirus Lab 2009 Home page: 66.232.113.62 Viruslabs2009. com

direct malware installation site: 91.203.93.37 Iwantfriday. com

77.91.231.183 Classicmediapl. com

Scam Internet Security Page: 91.203.92.11 Sweathomepage. com

404ErrorpageScam: 91.203.92.12 Amistypedurl. com

Security Guide Scam Page: 91.203.92.12 Linkfordesktop. com

Ad-Server-Gate Pages: 91.203.92.11 Yuiqd. com
91.203.92.11 Hfnvp. com

Protection Center Scam Page: 91.203.92.12 Observesecure. com

Scam Security Toolbar site: 91.203.92.12 Aglobaltoolbar. com

IE AntiSpywareStore site: 216.255.179.244 Enhancedie. com

Antivirus 2009 Fake/Scanner page: 78.159.118.168 Prtectionactivescan. com

77.91.231.201 Immediallc. com
77.91.231.183 Softlayerdll. com

Scam Internet Security Page: 85.255.116.210 Dailyhomesite. com

404ErrorpageScam: 85.255.116.214 Nowherepage. com

Security Guide Scam Page: 85.255.118.34 Firstaidclicks. com

Ad-Server-Gate Pages: 85.255.118.37 Oryfn. com
85.255.118.38 Eufks. com

Protection Center Scam Page: 85.255.118.34 Aprotectionhelp. com

Scam Security Toolbar site: 85.255.118.211 Safensecurebar. com

IE AntiSpywareStore site: 216.255.179.245 Ieextend. com

Windows Antivirus: 92.241.163.30 Windows-av. com

Micro Antivirus: 2009 91.208.0.223 Microantivirus2009. com

Antivirus Security: 78.159.114.116 Antivirussecurity-solution. com

77.91.231.201 Intervidd. com
77.91.231.183 Pwrware. com

92.62.101.55 Ms-avc. com MSX AV

Scam Internet Security Page: 85.255.116.212 Homepagetoday. com

404Errorpage Scam: 85.255.118.243 Brokenurls. com

Security Guide Scam Page: 85.255.118.210 Desklinks.com

Ad-Server-Gate Pages: 85.255.118.212 Rycsp. com
85.255.118.213 Cusln. com

Scam Security center site: 85.255.118.36 Pcsdefender. com

Scam Security Toolbar site: 85.255.118.35 Webprobar. com

IE toolbar redirect: 216.255.179.245 Ieextend. com

A clone of the Antispyware 2008 XP/WinSpywareProtect family:

85.255.119.14 scan.antispyware-free-scanner com
Not Active as-pro-xp-download com
78.157.142.79 files.as-pro-xp-download com
92.241.163.32 spypreventers com
77.244.220.134 online-security-systems com
77.244.220.134 xpprotector com
77.244.220.134 av-xp2008 net

New rogue clone of Antivirus XP 2008, XP Protector 2009 (Winifixer).

77.244.220.134 online-security-systems com
77.244.220.134 xpprotector com
77.244.220.134 av-xp2008 net

(Never visit those sites, they might infect your system)

We will update this list as it is updated on Sunbelt Blog.

Share this item with others:

More on CyberInsecure:
  • Office.Microsoft.Com Search Results Can Lead To Rogue Anti-Virus
  • New Zlob Trojan Version Alters Wireless Router Settings And Hijacks DNS
  • Malware Posing As Youtube Codec
  • Fraudulent avast! Anti-Virus Products Advertised Via Google AdWords
  • Massive IFRAME Search Results Attack

  • If you found this information useful, consider linking to it from your own website.
    Just copy and paste the code below into your website (Ctrl+C to copy)
    It will look like this: Current List Of Zlob Distributiuon Sites And Rogue “Anti-virus” Products Domains

    6 Responses to “Current List Of Zlob Distributiuon Sites And Rogue “Anti-virus” Products Domains”

    1. good and very informative


    2. While visiting a website, internet explorer automatically closed and I installed two supposedly “anti-spyware” programmes from http://www.linksondesktop.com. Is my computer under threat? Should I run my AVG anti-virus program and is this sufficient?

      Your help would be much appreciated.


    3. CyberInsecure Says:
      November 14th, 2008 at 12:52 pm

      NeedHelp: Your anti-virus program should be running at all times. It would be best if you download some additional, maybe portable, anti-viruses and scan with them.
      There is a high chance your PC is infected.


    4. I thought my program was running constantly, but obviously not. I downloaded another anti-virus program – Spyware Doctor from PC tools. I’ve scanned my computer fully several times with it and have used AVG also. I’ve deleted a Trojan, Spyware and Tracking Cookie Applications, Spyware Doctor says the system is clean. Hopefully everything’s under control. Still a little concerned though. Is Spyware Doctor a reliable program?

      Thanks for your advice.


    5. CyberInsecure Says:
      November 15th, 2008 at 4:24 am

      All those programs are reliable and all of them might say your system is clean while it is still infected. CureIt by DrWeb and Kaspersky 2009 are very good in cases of Trojan infection.


    6. This “antivirus” program somehow appeared on my computer today. Went into safe mode to take it out of msconfig and also deleted the program. Did 5 restarts and computer still wasn’t working. I restored to an earlier date and now my windows is back to working but the icons were still on my desktop. Nasty program!!!


    Leave a Reply

    Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.

    *
    To prove you’re a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.