Who Max Power is? Well, we don't know either. It's a pseudonym of a gang or guy who has a decent-sized spyware racket going. Max has been sitting on the same IP address for the past three months, 210.51.166.119, in AS9929. ChinaNet. Even Google knows that 10% of the sites in this AS are malicious.

Looking at the IP address in Reverse DNS or MalwareURL.com, we can see the many malware domains "Max Power" has been using in the recent past. Some of the names are associated with the Koobface and Zeus malware families. The address lay dormant for the last week of November, but just woke up again yesterday morning, and is currently serving the malware domain "tempa3-dot-cn". This domain is at the moment linked to from various questionable "pharmaceuticals" web sites, and it currently pushes a bunch of exploits which, if successful, download and run a backdoor of the "TDSS"/"Tidserv" family. Detection was dismal at first, but has improved a bit over the last 24 hours.