Rogue AV Using Malware Domains List

[nmb]

Rogue av using mdl :

http://www.malwaredomainlist.com/forums/index.php?topic=3188.0

also seen at:

http://www.f-secure.com/weblog/archives/00001743.html

[YoKenny]

Also:
WARNING: Malware Domain List has a new impersonator
http://hphosts.blogspot.com/2009/08/warning-malware-domain-list-has-new.html

[Alan Baxter]

The rogue site is gone now, but the screenshots of it demonstrate a reasonably effective social engineering page.  The clumsy English grammar might have been a giveaway to a careful reading by a fluent English reader, but perhaps not noticeable to many people.  It looks so similar to the Firefox warning page that I had to examine it carefully before I realized it was bogus.

I'll keep telling my friends that don't know any better yet, "Don't accept any software installation offered to you by a website unless you asked for it."  And I've given up typing urls in the address bar.  A simple typing error could take me to a rogue site.  I only use bookmarks and search engines now.

[DavidR]

<snip>
I'll keep telling my friends that don't know any better yet, "Don't accept any software installation offered to you by a website unless you asked for it."  And I've given up typing urls in the address bar.  A simple typing error could take me to a rogue site.  I only use bookmarks and search engines now.

Clicking on search engine results links opens you up to another means of attack, where search results have malformed URLs I believe, etc. so they have you over a barrel don't type the URL and risk possible exploit

[Alan Baxter]

Good point, David.  But I'll still take the first hit from "State of Colorado" over guessing what its url should be or relying on not misremembering or making a typo in the url bar.  It's good practice to actually look at the urls your search engine serves up.

That said, bookmarks are safer. 

[Mr.Agent]

Well its a bad idea for them to put it in the web so maybe some guy will press on it and be infected...