Rogue trying to look like Avira anti-virus

1 minute read

Jerome Segura at ParetoLogic blogged about this yesterday: a rogue security product with a web page that tries to imitate that of the German AV company Avira (check out the red umbrella and the type face.)

Hmmm. If this company has been providing “20 Years of Total Protection” how come its web site was just registered last year and why was it registered by a proxy service?

The fake:

Site registered last year to a proxy service.

Registrant:
   Domains by Proxy, Inc.
   DomainsByProxy.com
   15111 N. Hayden Rd., Ste 160, PMB 353
   Scottsdale, Arizona 85260
   United States

   Domain Name: SECURITY-ANTIVIRUS-SITE.COM
      Created on: 25-Feb-09
      Expires on: 25-Feb-10
      Last Updated on: 25-Feb-09

The real one:

Site registered in 1999, full identifying data in Whois record.

Whois Record

Registrant:
Avira GmbH
   Lindauer Str. 21
   Tettnang D-88069
   DE

   Domain Name: FREE-AV.COM

   Administrative Contact:
      Auerbach, Tjark              
      Avira GmbH
      Lindauer Str. 21
      Tettnang D-88069 DE
      +49 7542 500 300 fax: +49 7542 500 318

   Technical Contact:
      Network Solutions, LLC.                
      13861 Sunrise Valley Drive
      Herndon, VA 20171  US
      1-888-642-9675 fax: 571-434-4620

   Record expires on 26-Mar-2012.
   Record created on 26-Mar-1999.

Nice work Jerome.

Leave a comment