It is easy for criminals to deceive even those who are informed about online hazards; that is why it is so important to avoid Internet crime spots. The following is a good example of what is presented when a site wants to infect your machine with a fake Anti-Virus.
Two websites are involved in this incident:
sosgt.com hosted by Leaseweb
secureonlinestore.net hosted by Hetzner
First the malware website sosgt.com encourages visitors to scan their computers for viruses.
Obviously the website will report a few viruses.
In this case the criminal wants payment for infecting the visitor’s computer. That way he can also gain access to payment information. The visitor is presented with a purchase page for a “Professional online repair Service”.
Clicking to proceed to the checkout, takes you to the next malware website with the deceptive name of ‘secureonlinestore.net’.
In case you’re wondering, this is actually just a frame that loads. The SSL certificate for secureonlinestore.net itself is provided by RapidSSL.
It is easy to see how many people can be deceived by these legitimate looking websites with security certificates and all. Few people will actually check the credentials of these businesses and websites before trusting the software and entrusting their banking information to these criminals. Therefore it is always advisable to check the track record of the applicable companies and their hosting providers. With an appropriate anti-virus and Internet gateway installed, both websites triggered a danger warning. Fake security and anti-virus websites appear every day, so rather do a little homework when it involve your security; and go for companies and software with a proven track record.
Example of a Danger Warning
MORE INFORMATION ABOUT THE APPLICABLE WEBSITES
sosgt.com
IP: 94.75.233.51
IP PTR: vpn5.vzihostmz.com
ASN: 16265 94.75.192.0/18 Leaseweb Leaseweb AS
Registered to: Alen Aniston, 31alenaniston[@]gmail.com, Gaikar 22, Prague, CZ 21991, Czech Republic, CZ
Phone: +42-0-249-5614, Fax: +42-0-249-5614
secureonlinestore.net
IP: 213.133.101.29
IP PTR: 213-133-101-29.clients.your-server.de
ASN: 24940 213.133.96.0/19 Hetzner-AS Hetzner Online AG RZ
Registered to: Andrew Bradley, abradley[@]asia.com, 53/54, Latviu Street, Vilnius, LI 2600, Lithuania, LT
Phone: +37-05-272-5555, Fax: +37-05-272-5555
OTHER REFERENCE
MysteryFCM – Fake scanner that DOESN’T lead to a fake AV
Related posts:
