As a follow-up to my post earlier today about a fake CastleCops page, there’s more to the story.
There are other domains sharing the same IP (207.226.177.250):
pepato org
slim-cash com
spyware-wiper com
Cpaypal com
Crazycounter net
All are copying legitimate sites.
Pepato is loading a fake dvdplanet.com page:
Slim-cash is spoofing Allposters.com:
Spyware-wiper spoofs pcworld.com
CrazyCounter copies the European Space Agency:
And Cpaypal copies AboutPayPal.org.
These domains belong to the “Vladzone” malware gang. A while back, we believe that they were responsible for DDoS attacks against webhelper4u.net (Patrick Jordan, who works for Sunbelt) and spamhuntress.com — and maybe a few others. I would not visit these sites…
Alex Eckelberry
(Thanks, Adam)