Antivirusterra.com

Antivirusterra.com is – or was – a very dangerous malicious website. Regardless of whether or not Antivirusterra.com is active, you should not visit Antivirusterra.com for any reason, because the site has a well-documented history of drive-by downloads.

It appears to be the case that sometime very recently, Antivirusterra.com went offline. The website's registration is inactive. However, records indicate that Antivirusterra.com received almost one million hits in the past month, which was a sharp increase in traffic compared to the previous one or two months that the site had been online. Given that all of the major Internet service providers and web browsers have blacklisted Antivirusterra.com and blocked access to it, and the fact that all of the major security software companies have analyzed the site and deemed Antivirusterra.com malicious, it makes sense that Antivirusterra.com would no longer be worth maintaining for the crooks who created Antivirusterra.com.

What Made Antivirusterra.com Dangerous

Antivirusterra.com was a site that promoted the fake security software System Tool. However, Antivirusterra.com did not pretend to sell System Tool, and Antivirusterra.com did not represent itself as the site of any company offering anti-virus software. Rather, Antivirusterra.com was a site that consisted entirely of malicious JavaScript, which would run as soon as you viewed Antivirusterra.com.

The overall effect of what Antivirusterra.com's malicious JavaScript did was to make it appear as if Internet Explorer had suddenly closed and My Computer had suddenly opened in order to run a virus scan. The script would cause the web browser to shrink to a tiny little square, and that square would be hidden behind a pop-up window that said that a security risk made it necessary for Windows to run a system scan. Then, the script would maximize the browser window, and make the visible portion of it look like an ordinary system window within Windows, with images of the contents of My Computer – at least, images mimicking the appearance of My Computer on the average PC, with only one hard drive – and it would play a little animation on that faked My Computer background. The animation simulated a virus scan, shows a progress bar and an enumeration of results. Then, you would be given the option to remove the "threats," which were never anything more than animations in a web browser window, by clicking a button. If you clicked that button, it would cause System Tool to download and install, and System Tool would then be active the next time you started Windows. So, in other words, Antivirusterra.com was a perfect example of a drive-by download site, which exploited common Javascript browser settings.

Unfortunately, drive-by download malware sites like Antivirusterra.com are becoming increasingly common, but they're useless if no one visits them. Antivirusterra.com may have been supported by a browser hijacker, which would have infected the victim computer without the user's knowledge, and then caused the web browser to go to Antivirusterra.com on its own. Alternatively, malicious sites like Antivirusterra.com will show up in search engine results when the sites are new, and so anyone looking for anti-virus software may have visited Antivirusterra.com hoping to find anti-virus software, or perhaps a free virus scan. There is also an existing personal blog called Antivirusterra, which deals with security news, and it is likely that when Antivirusterra.com was new, it drew in people who were looked for the blog.

There is no guarantee that Antivirusterra.com is permanently gone, and there are other websites that use identical malicious Javascript to promote rogue anti-virus software. So although Antivirusterra.com is gone, it cannot be discounted as a threat, because Antivirusterra.com may reappear with a modified name or in a different location.