ALERT: Malvertizement featuring Skype

No company is safe from impersonation....

Campaign URLS:

waytotheprofit.com/?cmpid=contangogo
station-appraisals.com/c/index.php?id=<<removed>>

image

image

image

 

The waytotheprofit URL leads us to an adverdaemon.com URL, and from there to the fraudware site - I ended up at a German site, being sicherheitstool.com.

Robtex reports that "sicherheitstool.com is a domain controlled by two nameservers at sicherheitstool.com themselves. They are on the same IP network. Incoming mail for sicherheitstool.com is handled by one mailserver which are also at sicherheitstool.com. sicherheitstool.com has one IP record . virusvakt.com, winanonymous.com, avsystemcare.com and at least seven other hosts point to the same IP."

sicherheitstool.com is hosted by Webair Internet Development Inc (http://www.webair.com/).  Feel free to complain to them ;o)

Hostnames sharing IP with A-Records
anchisupaisutsu.com | .anchiwamu2008.com | .antiespiadorado.com | .antispionagepro.com | .antispywaresuite.com | .antivirusforalle.com | .antiviruspcsuite.com | .antiworm2008.com | .avsystemshield.com | .bugdokter.com | .debellaworm2008.com | .defensaantimalware.com | .discosemerros.com | .diskfejlfri.com | .diskrensare.com | .driveproteccion.com | .errorsoshi.com | .fjernervirus.com | .ingavirus.com | .ingenmulighetforvirus.com | .keineviren.com | .kyouikyuuen.com | .maximumantivirus.com | .meinbesterschutz.com | .menacerescue.com | .mistikotitatuipologisti.com | .nettordinateur.com | .onlinepcguard.com | .orantiespion.com | .pcprivacytool.com | .pcrengoringsmaskine.com | .pcsikker.com | .pcveiligheidstool.com | .pcvirusless.com | .plattefehlerfrei.com | .pp-total.com | .privacidadeprotegida.com | .protecaoconfiavel.com | .proteccionconfiable.com | .puliscitutto.com | .rescatedeamenazas.com | .riscattodaminacce.com | .safepctool.com | .shinraihogo.com | .sikkerpcredskap.com | .sistemaimune.com | .skyddsverktyg.com | .smittfri.com | .solutionreg.com | .suiteantispyware.com | .supashuri.com | .suspenzorpc.com | .trojansfiltre.com | .trustedprotection.com | .turvapc.com | .utiledereparation.com | .utilisateursur.com | .virtualpcguard.com | .virusdeteccion.com | .virusfrittsystem.com | .virusstopper.net | .virusuwadame.com | .virusvakt.com | .winanonymous.com | .winsecureav.com | .winspycontrol.com | adioserrores.com | alltiettantivirus.com | anchisupaisutsu.com | anchiwamu2008.com | antiespiadorado.com | antiespionspack.com | antigusanos2008.com | antispionage.com | antispionagepro.com | antispypremium.com | antispywarecontrol.com | antispywareseigyo.com | antispywaresuite.com | antiver2008.com | antivirusaskeladd.com | antivirusgenial.com | antivirusordi.com | antiviruspcpakke.com | antiviruspcsuite.com | antiviruspertutti.com | antivirusscherm.com | antivirussolusjon.com | antiworm2008.com | antiwurm2008.com | aucunsvirus.com | avsystemcare.com | avsystemshield.com | bedreigingsmonitoor.com | bedsteantivirus.com | bereiniger.com | beschermingstool.com | besutohogo.com | bogyotsuru.com | bortmedvirus.com | bugdokter.com | bugsdestroyer.com | debellaworm2008.com | defectshuri.com | diannaoqingjieji.com | discerrorfree.com | discosemerros.com | discosenzaerrori.com | discosinerrores.com | diskfejlfri.com | diskrensare.com | disqudurprotection.com | dokterfix.com | doraibuhogo.com | drivedefender.com | driveproteccion.com | echterschutz.com | effaceurvirus.com | einaprivadesapc.com | elmejorantivirus.com | errclean.com | errorfri.com | errorout.com | errorskydd.com | errorsoshi.com | fehlerbeseitiger.com | fejlrenser.com | fejlreparering.com | felfixare.com | festplattenreiniger.com | fiksfeil.com | filtrodetrojan.com | filtrotroiani.com | fixmenaces.com | fullsystemprotection.com | goldenantispy.com | gorudenanchisupai.com | harddiskvakt.com | harddrevvagt.com | herramientadereparacion.com | hukommelsesbeskytter.com | keinegefahr.com | keinestoerungen.com | konsekieraser.com | kontentsueraser.com | kyoishusei.com | kyouikyuuen.com | liberapc.com | lifelongpc.com | lungavitapc.com | maskinpcpro.com | maximumantivirus.com | megaviruskit.com | megliopc.com | meinbesterschutz.com | melhorpc.com | memoiredefenseur.com | menacerescue.com | menacesecure.com | mendingtool.com | miavcompleto.com | mijnantivirus.com | minnesverktyg.com | mistikotitatuipologisti.com | moncontenuassistant.com | munazifalhasob.com | nettordinateur.com | nientevirus.com | nochanceforvirus.com | nocompromaat.com | noespias.com | norwayvirus.com | nowayvirus.com | nulinfektioner.com | oczyszczaczkomputerza.com | onlinepcguard.com | pasokoneiju.com | pc-prot.com | pcbeskyttelse.com | pcohneviren.com | pcopschoner.com | pcopschoningsstel.com | pcprivacytool.com | pcrengoringsmaskine.com | pcsegura.com | pcsikker.com | pcsikkerhed.com | pcsod.com | pcsuanbukkon.com | pcvirusless.com | pembersihkomputer.com | plattefehlerfrei.com | pp-total.com | privacidadeprotegida.com | privacidadplus.com | proteccionconfiable.com | protectingtool.com | protectioncomplete.com | protejaseudrive.com | protejasudrive.com | protezionesoft.com | puliscitutto.com | puliturasystem.com | regbotemedel.com | regrensere.com | rejishufuku.com | rensningverktyg.com | reparameacas.com | reparamenazas.com | repareja.com | reparetudo.com | rescatedeamenazas.com | riscattodaminacce.com | sanitardiska.com | schijfhersteller.com | schutztool.com | semerros.com | senzaerrori.com | shinraihogo.com | shufukutsuru.com | sikkerpcvaerktoj.com | sininfecciones.com | sistemaimune.com | skyddsverktyg.com | sletingenvirus.com | solutionreg.com | stoltbeskyttelse.com | suiteantispyware.com | supashuri.com | suspenzorpc.com | sysdepannage.com | syskontroller.com | systemesansvirus.com | systemordnare.com | tabortvirus.com | toroianfiruta.com | trojanerfilter.com | trojansfilter.com | trojansfiltre.com | tryggdator.com | turvapc.com | utiledeprotection.com | vacinatotal.com | varrevirus.com | vigilamenazas.com | virenfrierpc.com | virenloescher.com | virenstopper.com | virtual-leatherman.com | virtualpcguard.com | virusdeteccion.com | virusdifesa.com | viruseffaceur.com | virusfjernere.com | virusforsvar.com | virusfrittsystem.com | virusgarde.com | virusschlacht.com | virusseigyo.jp | virusstopper.net | virusudryddet.com | virusuwadame.com | virusvakt.com | virusvanguard.com | wegvonviren.com | winadsiz.com | winanonyme.com | winanonymitet.com | winanonymous.com | winanzen.com | winbescherming.com | windefensa.com | winhogo.com | winpcalmeglio.com | winpcdocteur.com | winpcdoctor.com | winpcdoktor.com | winpckontroll.com | winpcrensare.com | winpcrensere.com | winriservatezza.com | winsecureav.com | winsikkerantivirus.com | winsikretav.com | winspycontrol.com | winsurffilter.com | wintemizleyicisi.com | wintrygghet.com | wirusumuryokuka.com | www.antiwurm2008.com | www.avsystemcare.com | www.besutohogo.com | www.ingavirus.com | zebraantivirus.com

Domains sharing mailservers
acchiappavirus.com | adiosvirus.com | allertaminacce.com | antiamenazas.com | antievidence.com | antivirusfiable.com | antivirusforalle.com | antivirusmagique.com | anzentsuru.com | apagahistorico.com | apolloantivirus.com | archivoprotector.com | archivosenestado.com | atemaiserro.com | atrapavirus.com | aucunchoixpourvirus.com | aucunefaute.com | aucuninfection.com | aucunmenace.com | avseguro.com | bandoaivirus.com | bandoalleinfezioni.com | bastioneantivirus.com | beskyttelseonline.com | beskyttendevaerktoj.com | blanchdisc.com | borresuspasos.com | bossedeserreurs.com | brossedesfautes.com | bugseraser.com | caiforavirus.com | chasseurdeserreures.com | cleanpctool.com | confidentsurf.com | confidentuser.com | contenteraser.com | curerrores.com | dataconfidentiality.com | defensecelebre.com | defensededriver.com | defensedinformation.com | defensedudisque.com | defensenetsurfage.com | defensivesystem.com | dejitarufukugen.com | dejitarukyoikira.com | dejitaruwakuchin.com | detapurotekuta.com | detaripea.com | detectaerrores.com | diskassistent.com | disksizesaver.com | disksparare.com | disukushuri.com | driversecurise.com | einwandfreierpc.com | eliminadordeamenazas.com | elmejorantivirus.com | emperahogo.com | enmiendaerrores.com | eracheisa.com | erasutoppu.com | erreurchasseur.com | errorfighter.com | essentialeraser.com | extremuclean.com | fairukyua.com | feilvakt.com | fejlreparering.com | felfixare.com | ferramentasegura.com | festplattentool.com | fiksdinpc.com | filtredetraces.com | fixthemnow.com | fjernervirus.com | foutenwacht.com | geheugenredder.com | guardiandelaprivacidad.com | gubbishremover.com | hackerstaisaku.com | herramientasegura.com | historialout.com | ingavirus.com | ingenmulighetforvirus.com | inmunepc.com | kakujitsutsuru.com | keinespurenlassen.com | keineviren.com | knowhowprotection.com | konsekiauto.com | kontentsufiruta.com | kurinkonseki.com | kyoiireza.com | largavidapc.com | limpietodo.com | lomejorenantivirus.com | longlifepc.com | lungavitapc.com | manutencaopc.com | menacefighter.com | menacemonitor.com | menacescrubber.com | monitordeamenazas.com | mycontentassistant.com | nettoyeurdeserreures.com | nettoyeurdevirus.com | ohnespurensurfen.com | omelhorantivirus.com | onlineverktyg.com | onrainpurotekuta.com | oruripea.com | pasderreurs.com | pasdesfautes.com | pasendommagement.com | pasplusdespertes.com | pasplusdevirus.com | pcantiviruspro.com | pcassertor.com | pcboosterpro.com | pcbunan.com | pceternel.com | pcforfender.com | pchealthkeeper.com | pchjaelper.com | pckairyo.com | pclibredevirus.com | pcpropre.com | pcredskab.com | pcsansbug.com | pcsecuresystem.com | pcsecurise.com | pctoolpro.com | pcultralimpia.com | pcveiligheidstool.com | perfektantivirus.com | preservingtool.com | privacidadyseguridad.com | privacywarrior.com | protecaoconfiavel.com | proteccioncompleta.com | proteccionimperial.com | protecteurdinfo.com | protectionassuree.com | protectionconue.com | protectiondedriver.com | protectiondenetsurfage.com | proteggidati.com | puraibashihosho.com | puraibashitoshinrai.com | rendimientototal.com | rensanu.com | reparaerrores.com | reparemenaces.com | repareya.com | rimuoviciarpame.com | riparaminacce.com | riparasubito.com | safeharddrive.com | safepctool.com | safudaijoubu.com | salvaspaziosudisco.com | sansendommagement.com | sansinfections.com | sayonarabaggu.com | schijfruimteredder.com | schutzderdaten.com | schutzfuerpc.com | secretosasalvo.com | secretoseguro.com | sefunahimitsu.com | sekretessforsvarare.com | senzadoppioni.com | shingaidome.com | shinraihogo.com | shinraipafomansu.com | shisutemudifensu.com | sichererschutz.com | sikkerbrukere.com | sikkerpcredskap.com | sikkersystem.com | sinataques.com | sinrrastros.com | sinsenales.com | sistemaprotegido.com | sistemupyua.com | sisutemuantei.com | sisutemuorugurin.com | skyddsprogram.com | smittfri.com | speichertool.com | stopbedreiging.com | stopminacce.com | storageprotector.com | succesantivirus.com | surfforsure.com | syssauvegarde.com | systemesansfaute.com | systemhoover.com | systemschild.com | tackanejvirus.com | tilforlatelig.com | trasheraser.com | trojansdestroyer.com | trustedantivirus.com | trustedprotection.com | trygpcbruger.com | turnkeyantivirus.com | uk.prevedhosting.net | unidadessanas.com | usuarioprotegido.com | utiledereparation.com | utilisateursur.com | vaktmotvirus.com | virenvernichter.com | virusbekaemper.com | viruskrakker.com | virussperr.com | virusurimuva.com | virusvanger.com | virusvijand.com | volumformatredskap.com | wirusufinisshu.com | wirusukyua.com | wirusushattodaun.com | yourprivacyguard.com | zentaiwakuchin.com

Domains sharing nameservers
acchiappavirus.com | adiosvirus.com | antiamenazas.com | antievidence.com | antivirusfiable.com | antivirusforalle.com | antivirusmagique.com | anzentsuru.com | apagahistorico.com | apolloantivirus.com | archivosenestado.com | atemaiserro.com | atrapavirus.com | aucunchoixpourvirus.com | aucunefaute.com | aucuninfection.com | aucunmenace.com | avseguro.com | bandoalleinfezioni.com | bastioneantivirus.com | beskyttelseonline.com | beskyttendevaerktoj.com | blanchdisc.com | borresuspasos.com | bossedeserreurs.com | brossedesfautes.com | bugseraser.com | chasseurdeserreures.com | cleanpctool.com | cleanuptool.com | confidentsurf.com | confidentuser.com | contenidoseguros.com | contenteraser.com | curerrores.com | dataconfidentiality.com | defensecelebre.com | defensededriver.com | defensedinformation.com | defensedudisque.com | defensivesystem.com | dejitarufukugen.com | dejitarukyoikira.com | dejitaruwakuchin.com | detapurotekuta.com | detaripea.com | detectaerrores.com | diskassistent.com | disksizesaver.com | disksparare.com | disukushuri.com | doubledefender.com | driversecurise.com | einwandfreierpc.com | eliminadordeamenazas.com | emperahogo.com | enmiendaerrores.com | erasutoppu.com | errorfighter.com | essentialeraser.com | extremuclean.com | fairukyua.com | feilvakt.com | fejlfripc.com | fejlreparering.com | felfixare.com | ferramentasegura.com | festplattentool.com | filtredetraces.com | fixthemnow.com | fjernervirus.com | foutenwacht.com | geheugenredder.com | guardiandelaprivacidad.com | gubbishremover.com | hackerstaisaku.com | herramientasegura.com | historialout.com | ingavirus.com | ingenmulighetforvirus.com | inmunepc.com | keinespurenlassen.com | keineviren.com | knowhowprotection.com | konsekiauto.com | kontentsufiruta.com | kurinkonseki.com | kyoiireza.com | largavidapc.com | limpietodo.com | lomejorenantivirus.com | longlifepc.com | lungavitapc.com | manutencaopc.com | menacefighter.com | menacemonitor.com | menacescrubber.com | monitordeamenazas.com | mycontentassistant.com | netsurfageassure.com | nettoyeurdeserreures.com | nettoyeurdevirus.com | ohnespurensurfen.com | omelhorantivirus.com | onlineverktyg.com | onrainpurotekuta.com | oruripea.com | pasderreurs.com | pasdesfautes.com | pasdesmenaces.com | pasendommagement.com | pasplusdespertes.com | pasplusdevirus.com | pcantiviruspro.com | pcassertor.com | pcboosterpro.com | pcbunan.com | pceternel.com | pcforfender.com | pchealthkeeper.com | pchjaelper.com | pcinforedder.com | pclibredevirus.com | pcredskab.com | pcsansbug.com | pcsecurise.com | pctoolpro.com | pcultralimpia.com | pcveiligheidstool.com | poseidonantivirus.com | preservingtool.com | privacidadgarantizada.com | privacidadyseguridad.com | privacywarrior.com | protecaoconfiavel.com | proteccionasegurada.com | proteccioncompleta.com | proteccionimperial.com | protecteurdinfo.com | protectiondedriver.com | protectiondenetsurfage.com | proteggidati.com | puraibashihosho.com | puraibashitoshinrai.com | rendimientototal.com | rensanu.com | reparaerrores.com | repareja.com | reparemenaces.com | repareya.com | rimuoviciarpame.com | riparaminacce.com | riparasubito.com | safeharddrive.com | safepctool.com | safudaijoubu.com | salvaspaziosudisco.com | sansendommagement.com | sansinfections.com | sayonarabaggu.com | schijfruimteredder.com | schutzderdaten.com | schutzfuerpc.com | secretosasalvo.com | secretoseguro.com | sefunahimitsu.com | sekretessforsvarare.com | senzadoppioni.com | shingaidome.com | shinraihogo.com | shinraipafomansu.com | shisutemudifensu.com | sikkerbrukere.com | sikkerpcredskap.com | sikkersystem.com | sinataques.com | sinrrastros.com | sinsenales.com | sistemaprotegido.com | sistemupyua.com | sisutemuantei.com | sisutemuorugurin.com | skyddsprogram.com | smittfri.com | speichertool.com | stopbedreiging.com | stopminacce.com | succesantivirus.com | surfforsure.com | syssauvegarde.com | systemesansfaute.com | systemhoover.com | systemschild.com | tackanejvirus.com | tilforlatelig.com | trustedantivirus.com | trustedprotection.com | trygpcbruger.com | turnkeyantivirus.com | uk.prevedhosting.net | unidadessanas.com | usuarioprotegido.com | utiledereparation.com | utilisateursur.com | vaktmotvirus.com | virenvernichter.com | virusbekaemper.com | virussperr.com | virusurimuva.com | virusvanger.com | virusvijand.com | volumformatredskap.com | winchesterprotector.com | wirusufinisshu.com | wirusukyua.com | wirusushattodaun.com | zentaiwakuchin.com

Comments

# re: ALERT: Malvertizement featuring Skype

Tuesday, July 08, 2008 10:54 PM by Novack

You suck. Take your Vista aids and jam them up your ass. Windows is ***. IE is ***. Its all ***.

# re: ALERT: Malvertizement featuring Skype

Wednesday, July 09, 2008 12:17 AM by sandi

My readers may like to know that our unfriendly correspondent "Novack" posted from IP address 71.29.80.79, a dynamic IP that leads us back to Windstream Communications Inc.  71.29.80.79 is, at time of writing, located in Lincoln, Nebraska (www.utrace.de).  The address for reporting abuse to Windstream Communications Inc is abuse@windstream.net, or the telephone number 1-888-292-3827.