Rogue AV Using Malware Domains List

Rogue av using mdl :

http://www.malwaredomainlist.com/forums/index.php?topic=3188.0

also seen at:

http://www.f-secure.com/weblog/archives/00001743.html

Also:
WARNING: Malware Domain List has a new impersonator
http://hphosts.blogspot.com/2009/08/warning-malware-domain-list-has-new.html

The rogue site is gone now, but the screenshots of it demonstrate a reasonably effective social engineering page. The clumsy English grammar might have been a giveaway to a careful reading by a fluent English reader, but perhaps not noticeable to many people. It looks so similar to the Firefox warning page that I had to examine it carefully before I realized it was bogus.

I’ll keep telling my friends that don’t know any better yet, “Don’t accept any software installation offered to you by a website unless you asked for it.” And I’ve given up typing urls in the address bar. A simple typing error could take me to a rogue site. I only use bookmarks and search engines now.

Clicking on search engine results links opens you up to another means of attack, where search results have malformed URLs I believe, etc. so they have you over a barrel don’t type the URL and risk possible exploit ;D

Good point, David. But I’ll still take the first hit from “State of Colorado” over guessing what its url should be or relying on not misremembering or making a typo in the url bar. It’s good practice to actually look at the urls your search engine serves up.

That said, bookmarks are safer. 8)

Well its a bad idea for them to put it in the web so maybe some guy will press on it and be infected…