Rogue anti virus program: Antivirus for Windows – New 2009 Version

March 11, 2009 2 Comments

MX Lab intercepted a message that caught our attention. Some time ago, a rogue anti virus/anti spyware program known as Antivirus 2009, XP Antivirus Protection, MSAntivirus 2008 and Vista Antivirus 2008 was promoted on the internet and in various spam emails.

It seems that this now is distributed under a new name “Antivirus for Windows – New 2009 Version”.

The email was sent from PC Protection <internet.clientservice@gmail.com> and contains the subject “Update your Antivirus for Windows.

The email looks like a mailing and contains an Unsubscribe, Forward and Update Profile links. However, when looking at all the links in the message, some links are invalid like the Report Abuse link that contains an URL to http://ss25..sourcecompmail.com/ – note the double point after ss25. The domains http://ss25.sourcecompmail.com/ or http://sourcecompmail.com/ are giving us an HTTP 404 error and contains no web site. It is very common to work from under a subdomain and pages under that domain without any root HTML pages.

The domain itself appears to be registered at Tucows with the following details:

[whois.tucows.com]
Registrant:
 Quattro Web Solutions
 13 Hares avenue
 Woodstock
 Cape Town,  7925
 ZA

 Domain name: SOURCECOMPMAIL.COM

 Administrative Contact:
    Honig, Paul  paul@quattro.co.za
    15 Wandel street
    Gardens
    Cape Town
    Cape Town,  7925
    ZA
    +27.4480099    Fax: +27.214619277

 Technical Contact:
    Desk, Help  domreg@ns.com
    322 South Marietta Street
    ww
    w
    Gastonia, WI 28052
    US
    +1.7048527000    Fax: +1.7048849011

 Registrar of Record: TUCOWS, INC.
 Record last updated on 28-Oct-2008.
 Record expires on 28-Oct-2009.
 Record created on 28-Oct-2008.

 Registrar Domain Name Help Center:

http://domainhelp.tucows.com

 Domain servers in listed order:
    NS3.NITRIC.CO.ZA
    NS2.NITRIC.CO.ZA   

 Domain status: clientTransferProhibited
                clientUpdateProhibited

When following the download links, a landing page is shown:

When filling in your email address and the activation code you are presented with a payment screen.

Recommendation: do not proceed with the payment process and do not download the program.

Filed under Email security, Viruses Tagged with , , ,

2 Responses to Rogue anti virus program: Antivirus for Windows – New 2009 Version

  2. Johnny Fisticuffs says:
    April 6, 2009 at 7:47 pm

    Will someone “take care of” Mr. Honig?

    Reply

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Cancel

Connecting to %s

Follow

Get every new post delivered to your Inbox.

Join 108 other followers