Re: Rogue site?
- From: "FromTheRafters" <erratic@xxxxxxxxxxxxxxxxx>
- Date: Fri, 22 Oct 2010 06:31:59 -0400
"David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
From: "FromTheRafters" <erratic@xxxxxxxxxxxxxxxxx>
| "David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
From: "HarryHydro" <harryhydro@xxxxxxxxxxx>
| I had a popup with the scanning and finding virus's thing. Then a
| popup to download a file, packupdate107_2029.exe from
| www1.riseonengine1.in . I figured it was fake but I ended that
| anyway, without clicking anything. I think I got lucky on this
| However, this website doesn't appear to be in DNS, also has no
| google. The name of this file is all over..
Yes Harry, it was a Rogue anti malware scam site. Often these sites
exist for only a day
or so and are provided through a general redirection site that are
spammed or otherwise
"presented" to you.
An example of a spammed redirection site; better-web-365.com
| The last four or five I saw were all initially from the cz.cc domain
| (free domain names).
Redirection sites or the rogue host sites ?
I don't know really, I stopped investigating. I assume it is the
Another redirection site; netresults-online.com
Some other similar ones.
Osfuscated script snippet from that last one:
....I think two layers of obfuscation, but I'm not sure - there is an
html file and an extensionless file with html content in addition to the