Rootscan.info? More Rogue Security Software on the horizon?



To follow up the last post about watching google hot trends….

I noticed an unusual search in the trends for rootscan.info. It currently seems to redirect to a site talking about rogue antivirus removal so it might not be anything, but the related searches for virus doctor, virus doctor removal, windows pc defender removal make me wonder if we’ve got another wave of rogue applications. Everything I see referenced is older though with the possible exception of Windows PC Defender.


I found this listing of domains that should be blocked related to Windows PC Defender:

74.125.45.100 4-open-davinci.com
74.125.45.100 securitysoftwarepayments.com
74.125.45.100 privatesecuredpayments.com
74.125.45.100 secure.privatesecuredpayments.com
74.125.45.100 getantivirusplusnow.com
74.125.45.100 secure-plus-payments.com
74.125.45.100 www.getantivirusplusnow.com
74.125.45.100 www.secure-plus-payments.com
74.125.45.100 www.getavplusnow.com
74.125.45.100 www.securesoftwarebill.com
74.125.45.100 secure.paysecuresystem.com
74.125.45.100 paysoftbillsolution.com

–Update–

Now I’ve had a chance to take a look at the site further that rootscan.info is redirecting to. It’s cgidoctor.com

I see reports over at McAfee’s siteadvisor that some users are claiming there is spyware/adware being pushed from that site. I’m visiting it via firefox/linux and am not seeing anything overtly suspicious. It looks as though the download that is in each of the posts is for an installer for spyware doctor. (PCTools Spyware Doctor is a legitimate piece of software assuming that they are one and the same. (It’s Starter Edition is included in the Google Pack.) Mcafee’s scan of cgidoctor.com claims that it’s clear however many users have complaints about the site hosting dubious rogue downloads. There is also a site that has covered the rogue software groups does list cgidoctor.com as a blackhat SEO farm site for pushing software to remove the infections. By the way this site ddanchev.blogspot.com has some good info on the scareware groups and some of the domains that are being used to push the stuff.

Related Posts

Blog Traffic Exchange Related Posts
  • chkconfig for ubuntu or other debian based linux systems As I've mentioned I've got an ubuntu based test system. Most of my linux experience has been from a red-hat derivitive-based background and for that, at the command line, you have chkconfig which is a good tool for checking the configuration of services to run at startup. It is a......
  • Beware: Wolves in sheeps clothing found on different sites (security scams) This is another "wolf in sheeps clothing" alert. The Sunbelt blog has information and tips on a number of other sites that are posing as either the Windows security center page, or a page not found error. The windows security center spoof once again claims the following "Attention! Your system......
  • How to Remove Desktop Defender 2010 | Removal Guide Desktop Defender 2010 is a rogue antivirus program. It will prompt you with popups complaining about various problems that it claim your system has as well as scanning your computer and consistently finding some files to complain about. It also claims that it cannot fix the problems with your system......
Blog Traffic Exchange Related Websites
  • Myrtle Creek Golf Course, Myrtle Creek, OR Myrtle Creek Golf Course is located in: Myrtle Creek, OR Phone: 888-T-MYRTLE Website: http://www.myrtlecreekgolf.com/ Course History: This is a terrific course that offers a wonderful traditional experience with just the right mix of challenge and fun. The course was first opened with 9 holes in 1997, and the back nine......
  • Day 1 of my fitness journey Day 1 so time for my weigh in and measure. The scientist in me wanted to record my baseline body measurements so if my weight loss plateaus I can hopefully stay motivated with some recordable inch losses. I chose 9 points to measure on my body which I've shown on......
  • New Loan Funded — Finance for an ESTABLISHED Business — $25,000 at 24% — B Credit — DTI 1392557% A new loan funded (Finance for an ESTABLISHED Business – $25,000 at 24%).  I participated via a manual bid the loan was Autofunding.  The borrower had B credit and a 1392557% DTI (unverifiable income).  As a reminder my standing orders (and manual bids) only find loans with 0 current delinquencies, 10 or less delinquencies......
www.pdf24.org    Send article as PDF   

Similar Posts


See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

Comments are closed.


Switch to our mobile site