NEWS FROM THE LAB - Tuesday, November 11, 2008

Antivirus Professional 2008 Posted by Sean @ 16:38 GMT

Yesterday's post, Stupid Rogue Trick, took a look at antivirus-online-scanner .com and a rogue application called Antivirus Professional 2008.

The antivirus-online-scanner site was using GeoIP Lookup to customize the supposed threat that would be displayed to visitors. If you visited from Helsinki, Finland then the threat was called something such as Win32.IRC.Bot.Helsinki.

A nasty trick for the unsuspecting…

Taking a look today, we discovered that the site is offline. Good news, such sites are often difficult to get shutdown. So, who was the ICANN Registrar?

EstDomains. You remember Case EstDomains from two weeks ago don't you?

Antivirus Online Scanner, ESTDomains

Hmm. The site was created back in June.

Well, at least it's suspended now.

Antivirus Online Scanner, ESTDomains Suspended