Malware writers seem to never sleep and this time their activity refers also to my last article (published yesterday). How is it possible? When I used google today to find references to my blog post, these results appeared:
Fourth link on first page (which is directly accessible and clickable) refers to a fake AV distribution network. What the infection chain looks like?
All URLs involved in this chain have been immediately added to our URL blocker, so all users with VPS version 100916-1 and above are protected from this threat. But frankly, who of you ever expected reading IT security articles to be such a dangerous thing? People responsible for virusremovaltool.info have been notified to inquire whether their presence in the chain is intentional or not.