smutserver installs trojans?
 

do they do that weird stuff? I just came across two galleries hosted there and my firewall drove nuts.

that's a ja.va scr.ipt incl.ude on some of their sites
http://www3.smutserver.com/anal/badar/helpf.php (check source)

it opens an ifr.ame http://www3.smutserver.com/anal/badar/helpf.php (don't click unless you have a firewall) that tries to install a trojan

a sample page (!!! installs trojan) http://www22.smutserver.com/cumshots/lake/

view the source and you'll see the scri.pt gets hahahahahahahad in the smutserver top banner code

???????? ???????????? ????????? ??? ???????????????? ???????? ??????? ??? ?? ?????? ? ????? .

Is it the cws.searchx trojan? I am wondering where that is coming from all the time.

:mad:

AWW FUCK! Boycott Smutservers and contact their sponsors. Fuck that shit!!!!:BangBang:

trojans are very popular stuff. but for smutserver i didn't hear until now. :(

Hmm :Graucho

it's the vbs.trojan.psyme

is that just 1 user or across all servers?

from what I've seen it's on all their servers/ sites, even on hosted domains. However thy seem to have removed it now

What happened to smutserver anyway? They used to be best freeserver out there a couple of years ago and now they just suck

bump

:BangBang:

somebody added an i-frame (dont ask me how or who)
to this file to many of the servers headers
http://www3.smutserver.com/anal/badar/helpf.php

decode this and you will get this:
http://66.98.248.63/exploit.htm
using chm at http://66.98.248.63/EXPLOIT.CHM
which loads and e-xecutes this file http://66.98.248.63/exploit.exe

dont click/open any of those urls.. trojans!

the latest norton antivirus did not find anyhting wrong with this exe, so its either a custom coded trojan or a very new trojan.

we are working on the problem.
sorry for the problems.

any help (on who this IP belongs to for example) is greatly appreciated

:thumbsup

http://www.whois.sc/66.98.248.63

66.98.248.63

Record Type: IP Address
IP Location: United States - Texas - Houston - Everyones Internet Inc
Reverse IP: No websites hosted using this IP address

OrgName: Everyones Internet, Inc.
OrgID: EVRY
Address: 2600 Southwest Freeway
Address: Suite 500
City: Houston
StateProv: TX
PostalCode: 77098
Country: US

NetRange: 66.98.128.0 - 66.98.255.255
CIDR: 66.98.128.0/17
NetName: EVRY-BLK-14
NetHandle: NET-66-98-128-0-1
Parent: NET-66-0-0-0-0
NetType: Direct Allocation
NameServer: NS1.EV1.NET
NameServer: NS2.EV1.NET
Comment:
RegDate: 2003-07-02
Updated: 2004-02-06

TechHandle: RW172-ARIN
TechName: Williams, Randy
TechPhone: +1-713-400-5400

Ahhh I long for the days before everyone fucktard was trying to make a buck installing shit on my computer.

on another server he i-framed something from a different domain petite-virginz.biz

Domain Name: PETITE-VIRGINS.BIZ
Domain ID: D6715842-BIZ
Sponsoring Registrar: DIRECT INFORMATION PVT. LTD., (D.B.A. DIRECTI.COM)
Domain Status: clientTransferProhibited
Registrant ID: DI_343543
Registrant Name: Nick Fedorov
Registrant Organization: Online service
Registrant Address1: Belinskogo street 69-3
Registrant City: Nizhny Novgorod
Registrant State/Province: None USA resident
Registrant Postal Code: 603600
Registrant Country: Russian Federation
Registrant Country Code: RU
Registrant Phone Number: +7.88312391465
Registrant Email: [email protected]


oh man i DO HATE russian scumbags