|
Estdomains Is Behind The Trojan!
So I am here to bust out the people behind this... From a post on adx by DanS where he pointed out that surfers were being redirected to a codec download on assisass.com I found the domain that the codec was being downloaded from...
The domain also has other exploits so I am not going to post the url but I will post the IP... 216.255.179.125 Some investigation of this ip revealed that it resolves to an ISP called InterCage... From an earlier post you will find that the people that discovered the trojan at the University of Minnesota discovered that the varient that they wrre analyzing was being hosted by InHosters and they determined that InHosters was being run by a crime ring from the Ukraine. http://lists.sans.org/pipermail/unis...er/026937.html After digging a little deeper into Intercage I discovered that they have been blacklisted and accused of many crimes... including hijacking proxies and whole netblocks... http://spamhuntress.com/wiki/Dyakon http://blogs.zdnet.com/Spyware/?p=752 I did a whois on the domain serving the trojan and discovered that it was registered via ESTDOMAINS... there have been many posts on adx about the onslought of cheaters that have appeared over the last few months that were registered via ESTDOMAINS... the odd thing about most of these cheaters is that the traffic doesn't necessarily look like cheater traffic... it doesn't always have alot of proxy and it generates clicks... I think it's already been posted that this trojan generates fake traffic. And then I hit the motherload... InHosters, Estdomains and Intercage are all the same company... http://blogs.zdnet.com/Spyware/?p=763 Quote:
|
Ma.....get muh shotgun...
|
Estdomains is behind alot of crap, no need to even post it. They are probably one of the biggest spammers on the net
|
|
The Ukraine...what a surprise. Its really time they get their own internet over there thats cut off from the rest of the world.
|
Good fucking job man!!!!!
Now like what do we do? I say lets start that coillation against this shit! It is like the war on terror,same shit different towel head! Until all the sponsors get there act together we as webmasters will always run this risk! Problem is will the sponsors play ball? |
why can't you give a url to the codec download? I have my own reservations about estdomains, but an accusation needs the solid proof, or else you're leaving yourself open for banning....
|
Quote:
Problem is cheater scum not Race/Religion/or region:thumbsup |
Quote:
http://alexa.com/data/details/traffi...m%2Fgoanal.php that won't take you directly to the download but will show you what the url is. |
|
Quote:
--edit never mind the source shows the links |
just be careful nation-x - great investigative posting, but the motherload post, even following the links is still circumstantial....
|
Quote:
Let's consider the enormity of this for a moment... not only is this rampant ripping off of affiliates (and more then likely programs as well)... it's a HUGE security problem... Those professors estimated that lots and lots of people were infected... it could even be millions since there are no antivirus programs that currently detect the trojan... and judging by the amount of traffic that this one install location gets I would be willing to estimate that it's POSSIBLE that more then a million machines may be infected. Dude... that is a National Security Risk! |
btw... I should mention that the codec installer doesn't show up for firefox
|
and really... ultimately... your posts tell me that you didn't read the mailing list post from Brian Eckman... he plainly says that the thing is controlled by InHost... Inhost = Estdomains...
|
Quote:
I infected a puter with the trojan, and tested it out, and in my tests the first click had a refcode changed, which stuck. If the link had no refocde in it, it appeared unchanged, but when it got the the processor, a new refcode got added. The refcode appeared to change randomly though, which was weird. HOWEVER - there is a current easy workaround for this trojan, and with a bit more implementation, will protect for a few more revisions. I'm not posting what the solution is on a public board, but it is a payside server-side implementation that will protect all affiliates. Funny though how some big guys don't seem to care about it :2 cents: |
Quote:
Quote:
|
Nice work man
|
Quote:
|
Quote:
I think if this is true and enuff of us bitch we can at least get epass and paypal to pull the plug on them. |
Quote:
|
Don't have time to read it all (read only your initial post), but because they are registered through estdomains, estdomains is behind it? Is that what you're saying?
|
PLEASE SEE THREAD:ANTI SPYWARE COALITION!!!!!!!
Why can't we form a group, say the " anti spyware coalition ". Why can't affiliates donate $50 a month to this and sponsors donate $500 a month. If just 100 affiliates anti up and just 10 sponsors that is $10,000 a month. apoint a board, hire a couple full time well qualified anti spyware people to start working on this. 10K a month should hire a couple really qualified people. the more people who join the group the lower we can reduce the fees. $50 x 100 is the same as 1000 x $5 so fees could be lowered as more people join and/or more people could be hired to work on it. If you make even $1,000 a month what is $50 to help fight this. Sponsors, if you make millions a month what is $500 ? |
Quote:
It's not rocket science.... yet it requires a bit of backend work, which most don't want to do, until that is enough affiliates start talking up.... |
Anti Spyware Coalition.
PLEASE SEE THREAD AND SIGN THE FUCK UP!!!!!!!!!!!!!:thumbsup |
Fuck those homos... I hope someone stops them up.
|
where is Ukraine?
|
Quote:
http://www.gofuckyourself.com/showthread.php?t=573522 |
it funny how this shit has turned out to be all interconnected
|
I am amazed at the lack of response I am seeing to these threads...
|
| All times are GMT -7. The time now is 10:28 AM. |
Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2025, vBulletin Solutions, Inc.
©2000-, AI Media Network Inc123