Sign in with
Sign up | Sign in
Your question

XP Defender 2010 question

Last response: in Windows XP
May 17, 2011 4:09:42 PM

Does anyone out there know the source domain for this fake AV program? I'd like to find the source IP addresses and block them at my router to help prevent infection, but I haven't been able to find the source domain yet. I'll be duplicating that blacklist with all my family members' routers as well.

I'd also like to see if I can hunt the guys down who makes these programs and beat them to a bloody pulp. Using Whois on that domain might lead me in their direction.

More about : defender 2010 question

a b 8 Security
May 17, 2011 7:30:25 PM

It does not come from one domain, it comes from whatever site is hosting it, which is many.
May 17, 2011 7:39:42 PM

The trick to that program is that it links to a different IP address from where the hacked banner ad resides, so that the signature of the hack is reduced. If they copied the whole program to the hacked banner ad source, it would be easier to detect. (I have been dealing with this for a very long time.) It used to be under, but that got changed. I also know that multiple domains reference that same address. I just need one and I can get what I need. I know there are multiple IPs associated with the domain, but I can resolve it and block all those addresses at the router.