Fake av download site...

Hi malware fighters,

Users better not go and click here: htxp://bible-verses-for-mothers-day.dikol.ok.pe/
It is an HTTP Fake Antivirus Webpage Request
Malicious software includes 261 exploits, 141 scripting exploits, 67 trojans. Successful infection resulted in an average of 6 new processes on the target machine…
http://www.mywot.com/en/scorecard/ok.pe
http://www.google.com/safebrowsing/diagnostic?site=http%3A//ollo.perl.sh/1.php suspicious
Status Code: 404. Page not found.
Malicious software is hosted on 1 domain(s), including allaperlXsh/.
accordingly found: htXp://91.188.59.187/main.php?land=20&affid=18500
Over the past, ollo.perl
sh appeared to function as an intermediary for the infection of 9 site(s) including kato.okpe/, majua.oke/, kmms.ok*pe/,

polonus

http://www.mywot.com/en/scorecard/bible-verses-for-mothers.dikol.ok.pe
Web of Trust™ also flags this ;D

The source domain is ok[dot]pe - also marked as malicious :slight_smile:

Users: AVOID THIS SITE!


http://www.UnmaskParasites.com/security-report/?page=bible-verses-for-mothers-day.dikol.ok.pe

GeneralTitle: DNSEver-powered Free Sub-Domain URL: hxxp://bible-verses-for-mothers-day.dikol.ok.pe Redirects: 301 -> hxxp://ollo.perl.sh/1.php suspicious ↗ Google: listed as suspicious↗* how to resolve? Status Code: 404. Page not found. Last checked: 0 minutes ago (results are cached for 1 hour)

http://www.google.com/safebrowsing/diagnostic?site=bible-verses-for-mothers-day.dikol.ok.pe

What happened when Google visited this site? Of the 5 pages we tested on the site over the past 90 days, 4 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2010-05-13, and the last time suspicious content was found on this site was on 2010-05-13.

Malicious software is hosted on 1 domain(s), including alla.perl.sh/.

1 domain(s) appear to be functioning as intermediaries for distributing malware to visitors of this site, including ollo.perl.sh/.

This site was hosted on 1 network(s) including AS28753 (NETDIRECT).


In the first quote please replace those http-s with hxxp to make them unclickable!!!

Hi malware fighters,

Another one redirecting to fake-AV.
While google gives this site as green: http://www.unmaskparasites.com/web-page-options/?url=http%3A//www.syracom.fr/blog , but notifies us of a redirect.

It is flagged by http://www.browserdefender.com/site/syracom.fr/

3 Browser exploits, also found here: http://safeweb.norton.com/report/show?name=syracom.fr\\

Threat Name: HTTP Fake AV Redirect Request
Location: htxp://www.syracom.fr/blog/brian+ching.html

Threat Name: HTTP Fake AV Redirect Request
Location: htxp://www.syracom.fr/blog/beth+lyrics.html

Threat Name: HTTP Fake AV Redirect Request
Location: htxp://www.syracom.fr/blog/rico+butler.html

polonus