14 DAY TRIAL // Security researchers from Commtouch warn that T-Online's free hosting packages are being abused by scareware pushers to host redirect scripts.
Deutsche Telekom-owned T-Online is the largest Internet service provider in Germany with also a strong presence in Hungary, Austria, Switzerland and France.
In addition to DSL and mobile services, the company offers a variety of web hosting packages for clients, the most basic of which is free.
Called "Inklusiv Homepage" the offering allows customers to use an automatioc tool to create a five-page website on a subdomain of the form [name].homepage.t-online.de.
According to Commtouch's Avi Turiel, spammers have began registering accounts in order host redirect scripts that lead to scareware pages.
The rogue website mimics an antivirus scan and falsely claims the visitor's computer is infected with malware. It offers a program to clean the infection, which then asks the user to pay for a license fee.
Such fake antivirus products are collectively known as scareware or roguware and are some of the most profitable cyber criminal schemes.
Major free hosting services, whether destined for websites, files or software projects, are commonly abused for illegal activities.
Some of them, like RapidShare, have even managed to earn a bad reputation because of it and are now viewed with suspicion by security-conscious people. Because of this, criminals are migrating towards more obscure services to host their links and avoid raising red flags.
When encountering pages that display pop-ups claiming infections were detected, users are strongly advised to reject anything that gets offered for download. If the pop-ups prevent the page from being closed down, it's recommended to kill the entire browser process using Task Manager.
Users who make the mistake and install fake antivirus products can download free security tools like Malwarebytes' Anti-Malware which are particularly good at cleaning this type of threats.