Rogue version of malware information forum detected as spreading fake anti-virus

Warnings have been made about a rogue domain that is disguised as a popular malware knowledge forum.

F-Secure claimed that the Malware Domains List website is popular among security professionals, and a rogue anti-virus promoter has latched onto its popularity by setting up a website on a URL very close to the domain name.

Therefore when visitors click on malwaredomainlist.com, and expect to see the homepage for the website, they may instead end up seeing a fake warning page that ‘visiting this site may harm your computer' that gives the user the option to ‘continue unprotected' or ‘get security software'.

F-Secure claimed that there is a difference in the URL between the legitimate website and the fake one. “Despite a few grammatical errors, the warning does a decent job of looking like a legitimate notice from Firefox. Note the ‘Get security software' button on the malicious website's ‘warning' message. If clicked, the user is directed to a website promoting an anti-virus solution,” said the company blog.

The company has also highlighted a new feature on the social networking and micro-blogging site Twitter, with tweets now filtering malicious URLs. Mikko Hypponen, CRO at F-Secure, said: "As Twitter has been getting more and more popular, it is increasingly targeted by worms, spam and account hijacking. We've recommended Twitter to start filtering traffic to fight this. They can easily do it, as all the messages go through them.

"Twitter hasn't announced this, but we just noticed that they have now started filtering tweets that contain links to known malware sites. If a user now adds a malicious URL into a tweet, a warning is displayed that says 'Oops! Your tweet contained a URL to a known malware site!'."

Sign up to our newsletters