A new Rogue Antivirus program called Total Defender appeared over the weekend.
The following data is included for informational purposes only. Please do not attempt to view or download files from the website.
Domain: Total-Defender. com
Host: DATORU EXPRESS SERVISS Ltd.
0 200 HTTP 184.108.40.206 /ck.php 21
1 200 HTTP 220.127.116.11 /tdd.php?i=1
2 200 HTTP 18.104.22.168 /ck.php
3 301 HTTP 22.214.171.124 /tdp.php?ak=24DIGITHASH
4 200 HTTP CONNECT pp-pay.net:443
5 200 HTTP CONNECT pp-pay.net:443
6 200 HTTP CONNECT pp-pay.net:443
7 200 HTTP CONNECT bill-support.com:443
An interesting thing we noticed is that the Rogue did not attempt to
scare us into purchasing it, rather telling us that the computer was
secure after the scan. The Rogue authors are probably doing this to
keep a high amount of Rogue installations active for the purposes of
data theft or for hire services.