The Latest in IT Security

Fake AV network: a new home (Part 7)

02
Sep
2011

After a brief return to life using Impulso‘s DNS services, our bad guys (80.91.176.192) switched to a different provider: publicvm.com

However, at the time of writing this post, I got a 404 page when redirected from ‘redspacetube.com‘.

There’s nothing like a good game of cat and mouse ;-)

In the meantime, let’s have a look at the good folks from publicvm.com:

Registrant:
Lisa Zheng
[email protected]
ND
988 Eight Mile Rd
Cincinnati OH, 45255
+1.8595728480
CA

Registrar: NetDorm, Inc

“Free Dynamic DNS services to allow running websites on home PC at dnsExit.com”

dnsExit is a Subsidiary of NetDorm, Inc :

Registrant
Jack Chen
7721 Five Mile Road, Suite 147
Cincinnati Ohio, 45255
+1.8597608480
US

NetDorm is “ICANN ACCREDITED”:

As I am nearing the end of this post, I did a quick check again and all of the sudden the pages are back online! Sigh..

The latest link is: jirenebusirik.linkpc.net/anal.html

ICANN Registrar:NETDORM, INC. DBA DNSEXIT.COM

The Trojan that gets downloaded is poorly detected by Anti-Virus products (only 2 out of 43 on VirusTotal; link here).

A ticket has been filed with dnsExit’s support. Can someone please do something??

Jerome Segura

Leave a reply


Categories

THURSDAY, SEPTEMBER 19, 2019
WHITE PAPERS

Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...

Featured

Archives

Latest Comments

Social Networks