Vancouvererrorsonfile infection

Over the past few days we’ve cleaned 312 infected websites all with the script:

(spaces added so it doesn’t set an alarm with your anti-virus program).

As of right now the following sites don’t recognize vancouvererrorsonfile.com as being malicious:

  • Google
  • Norton
  • rfc_ignorant
  • malc0de

However, McAfee’s SiteAdvisor and hpHosts do recognize it as being malicious.

At first it appeared that it was specific to one or two hosting providers, however as the infection carried on, we found it on at least 12 different hosting provider’s networks.

Looking at the server where this site is hosted, reveals other domains that have been used in various malscripts as well:

  • dottasink.net
  • nowisisdudescars.com
  • onlineisdudescars.com

and a few others.

These domains are all registered by the same person: hilarykneber@yahoo.com. This person is the contact person on whois records for 337 domains.

The name servers for vancouvererrorsonfile.com are:

  • ns1.masterhostingit.ru
  • ns2.masterhostingit.ru

Our service contiues to see these infections and clean them, even though these domains are not yet registered within Google’s Safe Browsing malware list. They have been submitted.

If you are infected with this, you can contact me at traef@wewatchyourwebsite.com and we will clean it for you.

If you have any other information to submit, please feel free to post comments.

Thank you.