Just how hard is it to get one website off the net?
Over the last week, we've found several new variants of the Warezov family. They are all using the same website to download additional components and updates: yuhadefunjinsa.com. We believe this domain is registered by the authors of this malware just for this purpose.
Likewise, earlier versions of Warezov used another domain for the same purpose: gadesunheranwui.com. Yeah, where do they get these names from? I wonder if they mean something in some language?
We've now been trying to get yuhadefunjinsa.com off the net since last Sunday. I suppose other antivirus companies have tried too, and I know CERTs have been working on this (Hi Toni). However, it's still there, and the bad boys are still regularly posting new content in the specific download URL on this server.