Rogue Anti-Malware Pushes Fake PCMag Review 90
Varzil found an interesting story about some "Rogue Anti-Malware" (which seems to me should just be called 'Malware') which modifies your HOSTS file to trick you into reading a fake anti-virus review which is of course for more malware. Modifying HOSTS is an old trick, but this is interesting because it's actually trying to get you to read fake content: normally this sort of trick is used to prevent you from fixing your computer, but this one is trying to get you to break it even more. I guess friends don't let friends modify their HOSTS files.
Social Engineering (Score:2, Insightful)
Re:hijacking AV sites too (Score:2, Insightful)
Re:hijacking AV sites too (Score:2, Insightful)
That's because the nature of PC security has changed. Old school: Viruses to destroy computers. New school: Co-opt systems in order to sell a product or pimp out for botnet needs.
It's kind of refreshing if you ask me. Not to say current malware is a giant headache, but at least the days of you getting your HD wiped are pretty much behind us. There's just no money in it.
Re:hijacking AV sites too (Score:4, Insightful)
Re:Why aren't these people in jail? (Score:3, Insightful)
I'm pretty sure most other countries now have laws against malicious hacking, and also jails. Or are YOU implying that the U.S. is the only country technologically advanced enough to bust people for such activities?
I think you're making a flamebait post.
Parent said that it's hard to extradite people and not all of them will pursue it because they have more pressing matters at hand such as food shortages, natural disasters, and civil war.
Checking out the IP address and domain (Score:5, Insightful)
Let's see what we can find out.
We have an IP address for the server hosting the phony pages: "[217.20.175.74]". This is in DNS as "sweeper.globmail.org",
eNom, a favored registrar of bottom-feeders, is the registrar.
There's an address in Kiev, but it's bogus.
WhiteDomainsOrg
Reiterska 13
Kiev Kiev
01001
UA
Phone:+380.5490567
That's a bar in Kiev, Dveri (Door) [google.com]. It's about two blocks from the old US Consulate.
The upstream provider is "ge0.colo0.kv.wnet.ua". So this is a colocated machine at WNet [www.wnet.ua] in Ukraine.
The US FBI has a local office in Kiev. [usembassy.gov]
This is something that could be cracked by motivated law enforcement.
Re:Checking out the IP address and domain (Score:3, Insightful)
This is something that could be cracked by motivated law enforcement.
"motivated law enforcement"?
Is that one of them thar "oxymaroons"?