Old PornTube, New Rogue AV

It’s one of those days when you have a bit of nostalgia for the stuff you used to do. Back a year or so ago, I used to hunt down fake AV and the like. It involved fake YouTube sites, porn and more porn.

Out of curiosity, I started some searches, the same that I used to do to find the bad stuff.

Like I said, this is quite old (Feb 2011). I clearly remember redspacetube.com, it used to do redirections to various sites using Dynamic DNS.

Guess what? It’s still working!


The DNS service is provided by changeIP.com (click to enlarge):

This page is quite familiar but looks ancient by now…

The file takes forever and a day to download…:


The very low detection rate on VirusTotal makes me wonder whether this file is really old or just too new… (2/41).

Next, I checked whether the file was half broken… but clearly it was working just fine:

It installs a fake AV called “Windows Trouble Taker” (should have been called Trouble Maker IMHO ;-))

A quick search confirms this is not an old rogue AV, but rather the new kid on the block:

This is one tenacious fake porn tube… Can someone unplug redspacetube.com for good?

Jerome Segura

