B.I.S.S. Forums > VirusBurst.com - New Rogue Antispyware Site

Full Version: VirusBurst.com - New Rogue Antispyware Site

B.I.S.S. Forums > Bluetack Forums > Global News

Moore

Sep 1 2006, 05:36 AM

VirusBurst.com - New Rogue Antispyware Site

Latest new rogue found by the guys at Bleeping Computer :
http://www.bleepingcomputer.com/securitybl...ue-antispyware/

QUOTE

Don’t let the name fool you, though, this is just the same old rogue anti-spyware wrapped into a new disguise. VirusBurst is also from the same makers of SpywareQuake, SpyFalcon, SpyAxe, SpywareStrike, etc, etc.

Another Rogue - By AndyAtHull:
http://www.securitycadets.com/2006/09/anot...gue-virusburst/

Also gets a mention from TeMerc:
http://temerc.blogspot.com/2006/08/smithfr...virusburst.html

Thanks to Nick for pointing this out in his latest blog..
http://securityticker.blogspot.com/2006/08...ke-spyware.html

QUOTE

VirusBurst, Another Fake Spyware Program
While I was posting about SiteAdvisor in my earlier posts today, Bleeping Computer announced they found yet another fake antispyware program, VirusBurst. While the name is different, it looks pretty much the same as SpywareQuake to me.

Looking at the registration info for VirusBurst.com, I can see the usual suspect is involved with this site as well. Estdomains is the registration provider. They seem to always be near questionable programs and websites.

Registration Service Provided By: ESTDOMAINS INC
Contact: +1.3027224217
Website: http://www.estdomains.com

Domain Name: VIRUSBURST.COM

Registrant:
Burst Technology GesmbH
Judi Stewart ()
Davidgasse 87
Vienna
null,A-1100
AT
Tel. +431.3365073

Creation Date: 10-Aug-2006
Expiration Date: 10-Aug-2007

I'm sure the above info contains fake information. Most of the time when these rogue programs are registered, the info is not real.

A closer look at the domain info reveals that SpywareBurst is directly related to another well known rogue spyware scam known as Spyaxe and various others.

The SpywareBurst domain server tokiodrift.biz is actually a download page for SpyAxe

VIRUSBURST.COM = [ 195.225.177.121 ]
Registration Service Provided By: ESTDOMAINS INC
Contact: 1.3027224217
Website: http://www.estdomains.com
Domain Name: VIRUSBURST.COM
Registrant:
Burst Technology GesmbH
Judi Stewart judi.stewart@gmail.com
Davidgasse 87
Vienna
null A-1100
AT
Tel. 431.3365073
Creation Date: 10-Aug-2006
Expiration Date: 10-Aug-2007
Domain servers in listed order:
ns4.tokiodrift.biz
ns3.tokiodrift.biz
ns2.tokiodrift.biz
ns1.tokiodrift.biz

--

Tokiodrift obviously borrowed from the recent Fast and the Furious movie of the same name , they probably thought it will be a big hit with the kids.. who would suspect spyware from such a cool sounding site like that ??

tokiodrift.biz

195.225.176.68 [no reverse DNS set]
195.225.176.68 (TOKIODRIFT.BIZ)

1. almanah.biz
2. spyaxe.biz
3. spyaxe.com
4. spyaxe.net
5. spywarestrike.com
6. tokiodrift.biz

ns1.tokiodrift.biz = [ 195.225.176.68 ]
Domain Name: TOKIODRIFT.BIZ
Domain ID: D14306663-BIZ
Sponsoring Registrar: ESTDOMAINS INC
Sponsoring Registrar IANA ID: 832
Domain Status: clientTransferProhibited
Registrant ID: DI_3727814
Registrant Name: Joshua Perez
Registrant Organization: Techpeace Ltd
Registrant Address1: Stubenbastei
Registrant City: Wien
Registrant Postal Code: 1010
Registrant Country: Austria
Registrant Country Code: AT
Registrant Phone Number: 431.5127913
Registrant Email: perezjoshu@gmail.com

Name Server: NS1.TOKIODRIFT.BIZ
Name Server: NS2.TOKIODRIFT.BIZ
Name Server: NS3.TOKIODRIFT.BIZ
Name Server: NS4.TOKIODRIFT.BIZ
Created by Registrar: ESTDOMAINS INC
Last Updated by Registrar: ESTDOMAINS INC
Domain Registration Date: Sat Aug 19 07: 59: 17 GMT 2006
Domain Expiration Date: Sat Aug 18 23: 59: 59 GMT 2007
Domain Last Updated Date: Sat Aug 19 09: 34: 52 GMT 2006

Following on from the previous report of new rogue spyware scams that are hosted through ESTdomains and Atrivohell / Intercage / Nlayer gangster network - http://www.bluetack.co.uk/forums/index.php?showtopic=15209

Sabu75

Sep 1 2006, 09:35 AM

heres the article from paperghost:

http://www.vitalsecurity.org/uploaded_imag...cut1-799805.jpg

QUOTE

...well, you get the idea.

Yet another wonderful variant of - uh - all of the above has surfaced, not long after we slamdunked VirusRescue. This one looks pretty much the same as all the others - fairly unspectacular "virus removal" application, that actually tends to end up on your system as a result of a screwball file...and then goes and detects the file that put it there in the first place.

Gotta love it.

Another wonderful feature of VirusBurst is the website itself. Check out the quote from a "satisfied customer":

"My kids used to download mp3 music from Internet, and our computer got infected. So, I had to forbid my children to do that. Since I purchased VirusBurst, my computer is always clean from infections and we download now music and movies without any problems."

In other words - all we do all day is download illegal music files infected with crap! But now I can do it as much as I want! RIAA love me!! THANK JOO, VIRUSBURST!

.....lmao. And:

Our products continue winning awards and gaining recommendations from respected reviewers around the globe.

....yeah, check out those awesome reviews on, er, Snapfiles and Topshareware.com.

Or rather don't, because VirusBurst doesn't seem to exist on either of those sites despite somehow getting five stars according to their review page.

...anyone smell a crock yet?

I do.

The best part about these apps is that when people compare them to things like Spywarequake, VirusThingy and SpankyMalwareKillah (or whatever the Hell they're called this week) some representative comes out and claims there's "no connection" between them. Like, ever. Despite the fact there's overwhelming evidence pointing to the contrary.

On a completely unrelated note, here's the EULA for VirusBurst to the left (click to enlarge). If you think it mentions Spywarequake, I assure you it's actually some kind of drug induced hallucination.

Well, it's time to stop beating this already dead dog with a brick (because sticks are so last year) and retreat back into the alleyways, ninja style. No doubt with spooky smoke all over the place and clattering rooftops and screams of horror and stuff.

Ninjas are awesome.

posted by paperghost at 8:09 AM Comment (1) | Link me (0) | Digg it!
Thursday, August 31, 2006
Update on the broken laptop

...after beating a neighbour to death and stealing his shoes, his jacket and his XP disk, I managed to get back into the laptop, fire up the repair thingy and BOOYAH, back in business baby!

Thanks to everyone for their help - place all your sisters in a large, unmarked envelope and send it to me as soon as possible. Anything that's too large and hairy to fit into anything smaller than a large, wooden crate will be returned to sender.

Or put on guard duty.

posted by paperghost at 1:02 PM

source.
http://www.vitalsecurity.org/2006/09/virus...e-daughter.html

Sabu

AndyAtHull

Sep 1 2006, 04:23 PM

Looking the way the search engines are set. We may even beat them before their own page gets published.

Moore

Sep 1 2006, 04:51 PM

Yeah

Lets hope the googlebot gets hungry for all these links soon

AndyAtHull

Sep 1 2006, 09:06 PM

Spoke too soon. virusburst.org (yes org) has number one spot now.

http://whois.domaintools.com/virusburst.org

Interesting thing here is that in the robots.txt it has googlebot disallowed. Yet is it in there. I suppose there is more than one googlebot.

QUOTE

Domain ID:D127491321-LROR
Domain Name:VIRUSBURST.ORG
Created On:19-Aug-2006 10:32:38 UTC
Expiration Date:19-Aug-2007 10:32:38 UTC
Sponsoring Registrar:EstDomains, Inc. (R1345-LROR)
Status:TRANSFER PROHIBITED
Registrant ID:DI_3727928
Registrant Name:Judi Stewart
Registrant Organization:Burst Technology GesmbH
Registrant Street1:Davidgasse 87
Registrant Street2:
Registrant Street3:
Registrant City:Vienna
Registrant State/Province:
Registrant Postal Code:A-1100
Registrant Country:AT
Registrant Phone:+431.3365073
Registrant Phone Ext.:
Registrant FAX:
Registrant FAX Ext.:
Registrant Email:Whois Privacy and Spam Prevention by Whois Source
Admin ID:DI_3727928
Admin Name:Judi Stewart
Admin Organization:Burst Technology GesmbH
Admin Street1:Davidgasse 87
Admin Street2:
Admin Street3:
Admin City:Vienna
Admin State/Province:
Admin Postal Code:A-1100
Admin Country:AT
Admin Phone:+431.3365073
Admin Phone Ext.:
Admin FAX:
Admin FAX Ext.:
Admin Email:Whois Privacy and Spam Prevention by Whois Source
Tech ID:DI_3727928
Tech Name:Judi Stewart
Tech Organization:Burst Technology GesmbH
Tech Street1:Davidgasse 87
Tech Street2:
Tech Street3:
Tech City:Vienna
Tech State/Province:
Tech Postal Code:A-1100
Tech Country:AT
Tech Phone:+431.3365073
Tech Phone Ext.:
Tech FAX:
Tech FAX Ext.:
Tech Email:Whois Privacy and Spam Prevention by Whois Source
Name Server:NS1.ESTPARKING.COM
Name Server:NS2.ESTPARKING.COM
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:

Edit - Just to add my two cents - again

http://www.securitycadets.com/2006/09/viru...ing-of-domains/

Moore

Sep 2 2006, 04:10 AM

Thanks Andy

Looks like these were all created on the same day:

Created On:19-Aug-2006

140. virusburst.biz
141. virusburst.info
142. virusburst.net
143. virusburst.org

166 domains on the IP 67.15.35.88

1. 220v-blog.com
2. 220v-media.com
3. 220v-software.com
4. 220v-team.com
5. 220vblog.com
6. 220vmedia.com
7. 220vsoftware.com
8. 220vteam.com
9. 25y.org
10. 4ck.org
11. acccona.org
12. acccoona.org
13. accooma.org
14. accooona.org
15. ackoona.org
16. akkoona.org
17. alcocrewproductions.info
18. axbot.org
19. b2bimc.org
20. bestvoyeurcam.info
21. bigbroblog.info
22. binmovies.com
23. buenoslista.com
24. burnebony.com
25. cbultra.info
26. cheba.org
27. deadseo.org
28. dildosexworld.com
29. e9k.org
30. elitemovies.org
31. formeli.info
32. forumobjects.com
33. fromss.com
34. ftpmania.com
35. george-lyrics.com
36. hugecbcheck.info
37. inclusion2005.org
38. jomeli.info
39. justxuy.org
40. letax.org
41. longclips.org
42. luckydomain.info
43. lyrics-collection.org
44. manjatix.org
45. martinslife.com
46. medionics.org
47. mmmore.info
48. morebill.info
49. myxep.org
50. nefteller.com
51. ok-lyrics.com
52. outandbeyond.org
53. pharmcraft.com
54. phillygca.org
55. poisktura.org
56. professii.net
57. proxyzae.biz
58. rapidcbe.info
59. reg-domains.org
60. safesoftwareguide.com
61. safesurf2006.com
62. safetydefender.com
63. safetyuptodate.com
64. safetyuptodate.net
65. se-ads.com
66. se-ads.net
67. search2k.net
68. security-toolbar.com
69. security2k.net
70. securitybulletin.net
71. securitycaution.com
72. securityenhance.com
73. securityerror.com
74. securityerrors.com
75. securityfeature.com
76. securityfix2006.com
77. securityindex.net
78. securitylist.net
79. securitynetpage.com
80. securityprecaution.net
81. securityuptodate.com
82. securityuptodate.net
83. securitywarning.net
84. securitywarnings.net
85. sexvideogid.info
86. sledkoff.com
87. sledov.net
88. soft4earn.info
89. sopharmacy.com
90. sopharmacy1.com
91. sopharmacy10.com
92. sopharmacy2.com
93. sopharmacy3.com
94. sopharmacy4.com
95. sopharmacy5.com
96. sopharmacy6.com
97. sopharmacy7.com
98. sopharmacy8.com
99. sopharmacy9.com
100. specgate.com
101. specgate.net
102. spycrush.com
103. superhotpages.com
104. svideocodec.com
105. syserrors.com
106. sysguardsite.net
107. sysmessage.net
108. sysnetsecurity.com
109. sysnetsecurity.net
110. sysprotect.net
111. sysprotectionpage.net
112. syssafetypage.com
113. syssecuritypage.com
114. syssecuritysite.com
115. systemsecurityindex.com
116. systemupdate.net
117. systemupdates.net
118. systemwarning.com
119. sysupdatecenter.com
120. testonlinesite.com
121. testsecurityonline.com
122. theguardservices.com
123. thesecurityhelp.com
124. tiron.org
125. todaywarnings.com
126. topich.org
127. topsecuritysite.net
128. tornadopartners.com
129. transmpgs.net
130. unitedinprayer.org
131. updatescenter.com
132. updatesystempage.com
133. updateyoursystem.com
134. uptodatesecurity.com
135. v-codec.com
136. valerumanos.biz
137. vetplast.org
138. vicodec.com
139. vip-porn.org
140. virusburst.biz
141. virusburst.info
142. virusburst.net
143. virusburst.org
144. voyeurpreviews.com
145. wal-greens.org
146. warningmessage.com
147. webcamclub.biz
148. websurfhelp.com
149. webtopsecurity.com
150. webtopsecurity.net
151. wepaw.org
152. wezha.org
153. wildclips.org
154. winprotections.com
155. x-stocking.com
156. xepnation.org
157. xich.org
158. yourentertain.com
159. yourentertain.net
160. youronlinesecurity.com
161. yoursearch4.info
162. yoursecuritysystem.com
163. yoursystemupdate.com
164. zaebalo.org
165. zelen.info
166. zgateway.net
167. ztraq.com

timada

Apr 27 2008, 10:56 PM

I am really amazed, how do you really get all this information? I just remembered, looking over your list that I got once spam, in my hotmail, with virusburst. Strange thing, anyway!

______________________________________________

TIMADA Drug Rehab

Moore

Jul 19 2008, 01:48 PM

Update for virusburst.

QUOTE

virusburst.com
91.192.106.6

Domain Name: VIRUSBURST.COM
Registrar: DIRECTI INTERNET SOLUTIONS PVT. LTD. D/B/A PUBLICDOMAINREGISTRY.COM
Name Server: NS1.FOLKMAHEM.BIZ
Name Server: NS2.FOLKMAHEM.BIZ
Status: ok
Updated Date: 23-jun-2007
Creation Date: 10-aug-2006
Expiration Date: 10-aug-2008

inetnum: 91.192.106.0 - 91.192.107.255
netname: SQHOST-NET
descr: SQHost LTD
country: EE

QUOTE

I am really amazed, how do you really get all this information?

Just use everything and anything available to dig up the information. Good place to start is centralops - http://centralops.net/co/

This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.