Yesterday, while researching some blacklisted domains, we came across five rogue scanning UIs hosted from a single URL.

That's five scams for the price of one and we only needed to refresh our browser. All of our screenshots were taken from a computer running Linux.

The first one called itself AntivirusPlus and wanted its victim to Erase infected.

Next, we refreshed, and there was another version of AntivirusPlus (red & white emblem) asking the victim to Protect now.

Refreshing again, and it became XPert Antivirus (again with red & white emblem).

But then back to AntivirusPlus on the next refresh, this time with a friendly 7 on the left side and an option to Turn on.

And last but not least, the classic Windows XP look and feel.

Before the XP UI was launched, this prompt was displayed:

Hmm… notice anything interesting about the Cancel button? We have just one thing to say to that.

Spasibo, ne nado.

On 09/04/10 At 12:59 PM