Current List Of Zlob Distributiuon Sites And Rogue “Anti-virus” Products Domains
Sunbelt, a developer of protection software known for it’s Kerio firewall, has been publishing a list of domains which are involved in spreading of Zlob trojan and fake malware anti-virus known as Antivirus XP 2008 (and its clones). Domains from this list might infect visitors, considered malicious and should be added as untrusted into filters.
There is no full proof method to identify every website as malicious or trusted, as trusted sites often hacked or hijacked. The list from Sunbelt includes domains registered clearly for scams and malware distribution. The list is comprehensive and updated on a regular basis.
The list contains many cloned rogue security products, scam sites and Zlob Trojan distributing sites.
Here is the list, last updated for September 20:
(Never visit those sites, they might infect your system)
Zlob Trojan Distributing site: 77.91.231.201 Movsdlls. com
77.91.231.183 Mediamswares. comScam Internet Security Page: 91.203.92.11 Asafetysite. com
404ErrorpageScam: 91.203.92.12 Errordnsurl. com
Security Guide Scam Page: 91.203.92.11 Linksondesktop. com
Ad-Server-Gate Pages: 91.203.92.11 Gfbwd. com
91.203.92.11 Ogjtu.comSecurity Center Scam Page: 91.203.92.12 Waysofsecurity. com
Scam Security Toolbar site: 91.203.92.12 Toolbarunit. com
IE AntiSpywareStore site: 92.62.101.83 Ieprogramming. com
Zlob Trojan Distributing site: 77.91.231.201 Movsdevices. com
77.91.231.183 Wmptools. comScam Internet Security Page: 91.203.92.12 Homesiteurls. com
404ErrorpageScam: 91.203.92.11 Urlsofdnserrors. com
Security Guide Scam Page: 91.203.92.11 Fastshortcuts. com
Ad-Server-Gate Pages: 91.203.92.12 Xbstw. com
91.203.92.12 Eufnt. comSecurity Center Scam Page: 91.203.92.11 Protectnotice. com
Scam Security Toolbar site: 91.203.92.11 Securealertbar. com
IE AntiSpywareStore site: 92.62.101.84 Ierenewals. com
Antivirus 2009 Fake/Scanner page: 84.16.252.138 Vassariumpromo. com
AntiVirus Lab 2009 Home page: 66.232.113.62 Viruslabs2009. com
direct malware installation site: 91.203.93.37 Iwantfriday. com
77.91.231.183 Classicmediapl. com
Scam Internet Security Page: 91.203.92.11 Sweathomepage. com
404ErrorpageScam: 91.203.92.12 Amistypedurl. com
Security Guide Scam Page: 91.203.92.12 Linkfordesktop. com
Ad-Server-Gate Pages: 91.203.92.11 Yuiqd. com
91.203.92.11 Hfnvp. comProtection Center Scam Page: 91.203.92.12 Observesecure. com
Scam Security Toolbar site: 91.203.92.12 Aglobaltoolbar. com
IE AntiSpywareStore site: 216.255.179.244 Enhancedie. com
Antivirus 2009 Fake/Scanner page: 78.159.118.168 Prtectionactivescan. com
77.91.231.201 Immediallc. com
77.91.231.183 Softlayerdll. comScam Internet Security Page: 85.255.116.210 Dailyhomesite. com
404ErrorpageScam: 85.255.116.214 Nowherepage. com
Security Guide Scam Page: 85.255.118.34 Firstaidclicks. com
Ad-Server-Gate Pages: 85.255.118.37 Oryfn. com
85.255.118.38 Eufks. comProtection Center Scam Page: 85.255.118.34 Aprotectionhelp. com
Scam Security Toolbar site: 85.255.118.211 Safensecurebar. com
IE AntiSpywareStore site: 216.255.179.245 Ieextend. com
Windows Antivirus: 92.241.163.30 Windows-av. com
Micro Antivirus: 2009 91.208.0.223 Microantivirus2009. com
Antivirus Security: 78.159.114.116 Antivirussecurity-solution. com
77.91.231.201 Intervidd. com
77.91.231.183 Pwrware. com92.62.101.55 Ms-avc. com MSX AV
Scam Internet Security Page: 85.255.116.212 Homepagetoday. com
404Errorpage Scam: 85.255.118.243 Brokenurls. com
Security Guide Scam Page: 85.255.118.210 Desklinks.com
Ad-Server-Gate Pages: 85.255.118.212 Rycsp. com
85.255.118.213 Cusln. comScam Security center site: 85.255.118.36 Pcsdefender. com
Scam Security Toolbar site: 85.255.118.35 Webprobar. com
IE toolbar redirect: 216.255.179.245 Ieextend. com
A clone of the Antispyware 2008 XP/WinSpywareProtect family:
85.255.119.14 scan.antispyware-free-scanner com
Not Active as-pro-xp-download com
78.157.142.79 files.as-pro-xp-download com
92.241.163.32 spypreventers com
77.244.220.134 online-security-systems com
77.244.220.134 xpprotector com
77.244.220.134 av-xp2008 netNew rogue clone of Antivirus XP 2008, XP Protector 2009 (Winifixer).
77.244.220.134 online-security-systems com
77.244.220.134 xpprotector com
77.244.220.134 av-xp2008 net
(Never visit those sites, they might infect your system)
We will update this list as it is updated on Sunbelt Blog.
More on CyberInsecure:
September 25th, 2008 at 9:36 am
good and very informative
November 13th, 2008 at 8:56 pm
While visiting a website, internet explorer automatically closed and I installed two supposedly “anti-spyware” programmes from http://www.linksondesktop.com. Is my computer under threat? Should I run my AVG anti-virus program and is this sufficient?
Your help would be much appreciated.
November 14th, 2008 at 12:52 pm
NeedHelp: Your anti-virus program should be running at all times. It would be best if you download some additional, maybe portable, anti-viruses and scan with them.
There is a high chance your PC is infected.
November 14th, 2008 at 10:30 pm
I thought my program was running constantly, but obviously not. I downloaded another anti-virus program – Spyware Doctor from PC tools. I’ve scanned my computer fully several times with it and have used AVG also. I’ve deleted a Trojan, Spyware and Tracking Cookie Applications, Spyware Doctor says the system is clean. Hopefully everything’s under control. Still a little concerned though. Is Spyware Doctor a reliable program?
Thanks for your advice.
November 15th, 2008 at 4:24 am
All those programs are reliable and all of them might say your system is clean while it is still infected. CureIt by DrWeb and Kaspersky 2009 are very good in cases of Trojan infection.
November 29th, 2008 at 3:41 am
This “antivirus” program somehow appeared on my computer today. Went into safe mode to take it out of msconfig and also deleted the program. Did 5 restarts and computer still wasn’t working. I restored to an earlier date and now my windows is back to working but the icons were still on my desktop. Nasty program!!!