“0-800-098-8522” fake virus warning messages.

there is a .net frame work file missing“ip5.ip-158-69-114.net” / “158.69.114.5” seems to be hosting several domains associated with fake virus warnings.

The page I came across was:

hxxp://upwardd.website/0508/E2/
error9/uk/800-098-8522/alert.html

With the fake alert as follows….

Security Error

There is a .net frame work file missing due to some harmfull virus

Debug malware error 895-system 32.exe failure.

Please contact Windows technicians to rectify the issue.
Please do not open internet browser for your security issue to avoid data corruption on your registery of your operating system. Please contact Windows technicians at

Tollfree Helpline at 0-800-098-8522

PLEASE DO NOT SHUT DOWN OR RESTART YOUR COMPUTER, DOING THAT MAY LEAD TO DATA LOSS AND FAILIURE OF OPERATING SYSTEM , HENCE NON BOOTABLE SITUATION RESULTING COMPLETE DATA LOSS . CONTACT ADMINISTRATOR DEPARTMENT TO RESOLVE THE ISSUE ON TOLL FREE – 0-800-098-8522

The message asks victims to call “0-800-098-8522” (aka. 0800 098 8522 / +448000988522 / 08000988522).

If you manage to click past the javascript alerts you then get sent onto another page:
http://upwardd.website/0508/E2/error9/uk/800-098-8522/error.html

This page claims the following along with a scary count down..

0x000314CE VIRUS_DETECTED_WITHOUT_CANCELLING_PENDING_OPERATIONS

Hard Drive Safety Delete Starting In 4:36

To STOP Deleting Hard Drive Call:
0-800-098-8522

ERROR CODE: 0x000314CE

Hard Drive Safety Delete Starting In 4:36

************************************************
************************************************
Please contact technical support Toll Free: 0-800-098-8522
To immediately rectify issue and prevent data loss

Another scam message hosted at “geekbanks.xyz” has the following message:

Call Windows Help Desk Immediately at 0-800-090-3105

The following data will be compromised if you continue:
1. Passwords
2. Browser History
3. Credit Card Information

This virus is well known for complete identity and credit card theft. Further action through his computer or any computer on the network will reveal private information and involve serious risks.

Call Windows Help Desk Immediately at 0-800-090-3105

Along with a fake user / password box of:

0x80070424 Warning: Activation Key Damaged !!! Call Windows Help Desk: +0-800-090-3105 (TOLL-FREE)

asking victims to call 08000903105 aka. “0800 090 3105” or +448000903105

The scam domain I came across is also associated with:

upwardd.website
virtuloan.website
technostarjet.xyz
performancestars.xyz
geekstars.xyz
celebrationbank.xyz
friendlycounsel.xyz
computerstars.xyz
geekbanks.xyz
keygeekcounsil.xyz
ab5.iwla1.org
windows-criticalerror121.com
windows-criticalerror122.com
windows-criticalerror123.com
windows-criticalerror124.com
windows-criticalerror125.com
traading.website
masterfund.website
ranklytic.website
percentt.website
flowbux.website
warnertravel.xyz

Associated with the domains is “sarthak754@gmail.com” and the following set of domains that were previously hosted on another server:

ftp.error-script.info
ftp.error-scripts.info
identityjet.website
warnertravels.xyz
glamswipe.online
dhawanfinance.xyz
dhawanfin.xyz
cloudenic.online
universaltravel.xyz
dhawanfinancegroup.xyz
bunkerup.online
plazafinancegroup.xyz
playfinance.xyz
dhawanfinancial.xyz
microda.online
venusfinancegroup.xyz
windowscrashreport.info
sportfinance.xyz
venusfinance.xyz
techierisk.website
windowscrashreport.info
cavi.website
fibena.online
solesto.online
caqo.website
warnervacation.xyz
internationaltrip.xyz
plazafinance.xyz
appletravel.xyz
playfinancegroup.xyz
globalcommute.xyz
zensoro.online
techierisk.xyz
venusfinancial.xyz
techierisk.site
startingkey.website
venusfin.xyz
stopshopper.net
sifi.website
rankbolt.online
web1.errorscripts.info
globaltravels.xyz
appletravelagency.xyz
fault-script.net
web2.errorscripts.info
cashy.website
techosoo.online
stopshopper.us
scribber.website
internationaltrip.xyz
windows-criticalerror.net
windows-criticalerror.co
warnertrip.xyz
finally.website
web3.errorscripts.info
chil.website
stopshopper.biz
qabla.website
yesmargin.website
vobi.website
snaat.website
windows-criticalerror.xyz
ftp.errorscript.info
accountking.website
venusfin.xyz
windows-criticalerror.org
stopshopper.info
nort.website
windows-criticalerror.info
texuro.online
zoto.website
playfinancegroup.xyz

Advertisements
This entry was posted in Uncategorized. Bookmark the permalink.

Comment on this topic

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s