NEWS FROM THE LAB - Monday, August 3, 2009

Rogue AV Using Malware Domains List Posted by Alia @ 06:15 GMT

Malware Domains List (MDL) is a popular website among security professionals and others interested in IT security. Now a rogue antivirus promoter seems to have latched onto its popularity by setting up a website on a URL very close to MDL's domain.

Visitors expecting to see this:

Malware Domains List

May instead end up seeing the following:

Malware Domain Lists

Note the difference in the URL between the legitimate website and the fake.

Despite a few grammatical errors, the warning does a decent job of looking like a legitimate notice from Firefox. Compare it to the (legit) one below:

Firefox warning

Note the "Get security software" button on the malicious website's "warning" message. If clicked, the user is directed to a website promoting a rogue antivirus solution.

You can read more about it at http://www.malwaredomainlist.com/forums/index.php?topic=3188.