It’s one of those days when you have a bit of nostalgia for the stuff you used to do. Back a year or so ago, I used to hunt down fake AV and the like. It involved fake YouTube sites, porn and more porn.
Out of curiosity, I started some searches, the same that I used to do to find the bad stuff.
Like I said, this is quite old (Feb 2011). I clearly remember redspacetube.com, it used to do redirections to various sites using Dynamic DNS.
Guess what? It’s still working!
The DNS service is provided by changeIP.com (click to enlarge):
This page is quite familiar but looks ancient by now…
The file takes forever and a day to download…:
The very low detection rate on VirusTotal makes me wonder whether this file is really old or just too new… (2/41).
Next, I checked whether the file was half broken… but clearly it was working just fine:
It installs a fake AV called “Windows Trouble Taker” (should have been called Trouble Maker IMHO ;-))
A quick search confirms this is not an old rogue AV, but rather the new kid on the block:
This is one tenacious fake porn tube… Can someone unplug redspacetube.com for good?