Historical OSINT – A Diversified Portfolio of Fake Security Software

Cybercriminals, continue, actively, launching, malicious, and, fraudulent, campaigns, further, spreading, malicious, software, potentially, exposing, the, confidentiality, availability, and, integrity, of, the, targeted, host, to, a, multi-tude, of, malicious, software.

In, this, post, we’ll, profile, a, currently, active, portfolio, of, fake, security, software, and, discuss, in-depth, the, tactics, techniques, and, procedures, of, the, cybercriminals, behind, it.

Known, to, have, responded, to, the, same, malicious, C&C, server, IPs (91.212.226.203; 94.228.209.195), are, also, the, following, malicious, domains:
hxxp://thebest-antivirus00.com
hxxp://virusscannerpro0.com
hxxp://lightandfastscanner01.com
hxxp://thebest-antivirus01.com
hxxp://thebestantivirus01.com
hxxp://remove-spyware-11.com
hxxp://remove-virus-11.com
hxxp://thebest-antivirus11.com
hxxp://antispyware-module1.com
hxxp://antispywaremodule1.com
hxxp://antivirus-toolsr1.com
hxxp://thebest-antivirus1.com
hxxp://thebest-antivirusx1.com
hxxp://thebestantivirus02.com
hxxp://remove-spyware-12.com
hxxp://remove-virus-12.com
hxxp://delete-all-virus-22.com
hxxp://lightandfastscanner22.com
hxxp://prosecureprotection2.com
hxxp://virusscannerpro2.com
hxxp://antivirus-toolsr2.com
hxxp://thebest-antivirusx2.com
hxxp://thebestantivirus03.com
hxxp://remove-spyware-13.com
hxxp://remove-virus-13.com
hxxp://antispyware-module3.com
hxxp://antispywaremodule3.com
hxxp://virusscannerpro3.com
hxxp://windowsantivirusserver3.com
hxxp://thebest-antivirusx3.com
hxxp://thebestantivirus04.com
hxxp://remove-spyware-14.com
hxxp://remove-virus-14.com
hxxp://antispyware-scann4.com
hxxp://antivirus-toolsr4.com
hxxp://thebest-antivirusx4.com
hxxp://thebestantivirus05.com
hxxp://remove-all-spyware-55.com
hxxp://delete-all-virus-55.com
hxxp://thebest-antivirusx5.com
hxxp://remove-spyware-16.com
hxxp://lightandfastscanner66.com
hxxp://antispywaremodule6.com
hxxp://antispyware-module7.com
hxxp://antispywaremodule7.com
hxxp://antivirus-toolsr7.com
hxxp://antispyware-scann8.com
hxxp://pro-secure-protection8.com
hxxp://windowsantivirusserver8.com
hxxp://antispyware-module9.com
hxxp://antispywaremodule9.com
hxxp://antispyware-scann9.com
hxxp://virusscannerpro9.com
hxxp://antivirus-toolsr9.com
hxxp://thebest-antivirus9.com
hxxp://antiviruspro1scan.com
hxxp://antiviruspro2scan.com
hxxp://antiviruspro7scan.com
hxxp://antiviruspro8scan.com
hxxp://antiviruspro9scan.com
hxxp://antispyware6sacnner.com
hxxp://antivirusv1tools.com
hxxp://antispyware10windows.com
hxxp://antispyware20windows.com
hxxp://antivirus-toolsvv.com
hxxp://remove-spyware-11.com
hxxp://remove-virus-11.com
hxxp://remove-spyware-12.com
hxxp://remove-virus-12.com
hxxp://delete-all-virus-22.com
hxxp://prosecureprotection2.com
hxxp://remove-spyware-13.com
hxxp://remove-virus-13.com
hxxp://windowsantivirusserver3.com
hxxp://remove-spyware-14.com
hxxp://remove-virus-14.com
hxxp://remove-all-spyware-55.com
hxxp://delete-all-virus-55.com
hxxp://remove-spyware-16.com
hxxp://pro-secure-protection8.com
hxxp://windowsantivirusserver8.com
hxxp://antivirus-toolsr9.com
hxxp://antivirusv1tools.com
hxxp://antispyware10windows.com
hxxp://antispyware20windows.com
hxxp://antivirus-toolsvv.com

Known, to, have, responded, to, the, same, malicious, C&C, server, IPs (94.228.209.195), are, also, the, following, malicious, domains:
hxxp://run-antivirusscan0.com
hxxp://runantivirusscan0.com
hxxp://remove-spyware-11.com
hxxp://remove-virus-11.com
hxxp://run-virus-scanner1.com
hxxp://remove-spyware-12.com
hxxp://remove-virus-12.com
hxxp://delete-all-virus-22.com
hxxp://remove-spyware-13.com
hxxp://remove-virus-13.com
hxxp://runantivirusscan3.com
hxxp://run-virusscanner3.com
hxxp://remove-spyware-14.com
hxxp://remove-virus-14.com
hxxp://run-virusscanner4.com
hxxp://remove-virus-15.com
hxxp://remove-all-spyware-55.com
hxxp://delete-all-virus-55.com
hxxp://remove-spyware-16.com
hxxp://run-virus-scanner6.com
hxxp://run-virusscanner6.com
hxxp://runantivirusscan8.com
hxxp://run-virus-scanner8.com
hxxp://windowsantivirusserver8.com
hxxp://run-virus-scanner9.com
hxxp://run-virusscanner9.com

Related, fraudulent, and, malicious, domains, known, to, have, participated, in, the, campaign:
hxxp://run-antivirusscan0.com
hxxp://run-antivirusscan1.com
hxxp://run-antivirusscan3.com
hxxp://run-antivirusscan6.com
hxxp://run-antivirusscan8.com
hxxp://runantivirusscan0.com
hxxp://runantivirusscan3.com
hxxp://runantivirusscan4.com
hxxp://runantivirusscan9.com
hxxp://securepro-antivirus1.com

Known, to, have, responded, to, the, same, malicious, C&C, server, IPs (91.212.226.203), are, also, the, following, malicious, domains:
hxxp://anti-virus-system0.com
hxxp://run-antivirusscan0.com
hxxp://runantivirusscan0.com
hxxp://perform-antivirus-scan-1.com
hxxp://remove-spyware-11.com
hxxp://remove-virus-11.com
hxxp://antivirus-system1.com
hxxp://performspywarescan1.com
hxxp://run-virus-scanner1.com
hxxp://remove-spyware-12.com
hxxp://remove-virus-12.com
hxxp://delete-all-virus-22.com
hxxp://antivirus-scanner-3.com
hxxp://remove-spyware-13.com
hxxp://remove-virus-13.com
hxxp://runantivirusscan3.com
hxxp://run-virusscanner3.com
hxxp://remove-spyware-14.com
hxxp://remove-virus-14.com
hxxp://gloriousantivirus2014.com
hxxp://run-virusscanner4.com
hxxp://smart-pcscanner05.com
hxxp://remove-virus-15.com
hxxp://remove-all-spyware-55.com
hxxp://delete-all-virus-55.com
hxxp://perform-virus-scan5.com
hxxp://perform-antivirus-scan-6.com
hxxp://antivirus-scanner-6.com
hxxp://remove-spyware-16.com
hxxp://run-virus-scanner6.com
hxxp://run-virusscanner6.com
hxxp://antivirus-scan-server6.com
hxxp://perform-antivirus-scan-7.com
hxxp://perform-antivirus-test-7.com
hxxp://antivirus-win-system7.com
hxxp://antivirus-for-pc-8.com
hxxp://perform-antivirus-scan-8.com
hxxp://perform-antivirus-test-8.com
hxxp://run-antivirusscan8.com
hxxp://runantivirusscan8.com
hxxp://run-virus-scanner8.com
hxxp://windowsantivirusserver8.com
hxxp://perform-antivirus-test-9.com
hxxp://perform-virus-scan9.com
hxxp://antispywareinfo9.com
hxxp://run-virus-scanner9.com
hxxp://run-virusscanner9.com
hxxp://antispyware06scan.com
hxxp://antispywareinfo9.com
hxxp://antivirus-for-pc-2.com
hxxp://antivirus-for-pc-4.com
hxxp://antivirus-for-pc-6.com
hxxp://antivirus-for-pc-8.com
hxxp://antiviruspro8scan.com
hxxp://extra-antivirus-scan1.com
hxxp://extra-security-scanb1.com
hxxp://run-antivirusscan0.com
hxxp://run-antivirusscan1.com
hxxp://run-antivirusscan3.com
hxxp://run-antivirusscan6.com
hxxp://run-antivirusscan8.com
hxxp://runantivirusscan0.com
hxxp://runantivirusscan3.com
hxxp://runantivirusscan4.com
hxxp://runantivirusscan9.com
hxxp://securepro-antivirus1.com
hxxp://super-scanner-2004.com
hxxp://top-rateanrivirus0.com
hxxp://topantimalware-scanner7.com

We’ll, continue, monitoring, the, campaign, and, post, updates, as, soon, as, new, developments, take, place.

*** This is a Security Bloggers Network syndicated blog from Dancho Danchev's Blog - Mind Streams of Information Security Knowledge authored by Dancho Danchev. Read the original post at: http://feedproxy.google.com/~r/DanchoDanchevOnSecurityAndNewMedia/~3/HH0dlmx7xBg/historical-osint-diversified-portfolio.html