|
|
|
|
||||
|
Welcome to the GoFuckYourself.com - Adult Webmaster Forum forums. You are currently viewing our boards as a guest which gives you limited access to view most discussions and access our other features. By joining our free community you will have access to post topics, communicate privately with other members (PM), respond to polls, upload content and access many other special features. Registration is fast, simple and absolutely free so please, join our community today! If you have any problems with the registration process or your account login, please contact us. |
 |
|
|||||||
| Discuss what's fucking going on, and which programs are best and worst. One-time "program" announcements from "established" webmasters are allowed. |
|
|
Thread Tools |
04-30-2007, 08:43 AM
|
#1 |
|
Confirmed User
Join Date: Mar 2004
Location: → → →
Posts: 1,717
|
Download this Codec(Virus)
Here is a gallery that is promoting Wildcash with the Moviebox/zlob trojan porn-abc.com/ike/1666520193/1/ contains a javascript file here porn-abc.com/js/cchrslib_t_1000.js which contains this download on a domain registered a few days ago. This/these gallery(s) use to link to a different domain, so I assume they are trying to stay ahead of the scanners use-play.com/download/use-play1000.exe Their link to Wildcash is wildpornreviews.com/mov/fromasstomouth.com/2/005/MTA1ODAxOjU6MTY which makes their wildcash id 105801 Download this stuff and see how your surfers just won't make it anywhere that will make you money. |
|
|
|
04-30-2007, 09:12 AM
|
#2 |
|
Confirmed User
Join Date: Mar 2004
Location: → → →
Posts: 1,717
|
This is Videoscash work, and it is stealing from you in a big way.
Here is another domain spreading this crap with more domains in the background. Pagerank of 6 moviereality.com on ip 209.51.138.181, which contains 3 nameservers: ns2.teenprofiles.com ns1.moviereality.com ns2.videoscash.com |
|
|
|
|
04-30-2007, 09:29 AM
|
#3 |
|
Confirmed User
Join Date: Mar 2004
Location: → → →
Posts: 1,717
|
Here is a link to another GFY thread that details just a small portion of what this malware does.
https://gfy.com/fucking-around-and-business-discussion/720781-spyware-killing-industry-proof-inside-thread-video.html |
|
|
|
|
04-30-2007, 09:43 AM
|
#4 |
|
Confirmed User
Join Date: Mar 2004
Location: → → →
Posts: 1,717
|
Did you know that Videoscash changes the binaries on these trojans which puts them 1 step ahead of the av companies?
Once a surfer is infected with this lureware, you have NO chance of making money with that surfer until they get 'cleaned'/reformatted. |
|
|
|
|
04-30-2007, 09:48 AM
|
#5 |
|
Confirmed User
Join Date: Mar 2004
Location: → → →
Posts: 1,717
|
Why do you think this trojan scans the surfers computer for recent visits to adultwebmaster boards?
http://www.sophos.com/security/analyses/trojzlobpe.html |
|
|
|
|
04-30-2007, 09:54 AM
|
#6 |
|
Confirmed User
Join Date: Mar 2004
Location: → → →
Posts: 1,717
|
When link is followed …
• Runs Malicious JavaScript (Troj/Pysme-DL) • Exploits IE Vulnerability • Downloads Troj/Dropper-MH • Drops Troj/Bckdr-PPY used to ‘hide’ processes • Also drops Troj/Proxy-EN which tells the backdoor what tohide • Once installed, cannot be “seen” • Main purpose – Troj/Proxy-EN used to ‘relay’ spam Read more in this PDF by Sophos-- http://icsecurity.di.uniroma1.it/sto...rrisSophos.pdf Doesn't appear people here care too much, but if you do, check your trades/links. Your income depends on it. |
|
|
|
|
04-30-2007, 09:58 AM
|
#7 |
|
Too lazy to set a custom title
Industry Role:
Join Date: Jun 2005
Location: 127.0.0.1
Posts: 27,047
|
 .....
__________________
Make Money
|
|
|
|
|
04-30-2007, 11:26 AM
|
#8 |
|
Confirmed User
Join Date: Mar 2006
Location: San Diego, CA
Posts: 1,421
|
Lame....
__________________
 Naughty America - Director of Technology It's a CELEBRATION bitches!! For the hottest content promote Naughty America!  swish at naughtyamerica dot com | ICQ: 226 737 620 | See Who I Am At AdultWhosWho.com! |
|
|
|
|
04-30-2007, 11:27 AM
|
#9 |
|
Confirmed User
Join Date: Feb 2007
Posts: 1,003
|
**bump**
|
|
|
|
|
05-01-2007, 04:59 PM
|
#10 |
|
Confirmed User
Industry Role:
Join Date: Mar 2006
Location: Australia
Posts: 3,800
|
BE WARNED
If you are using adware in ANY promotion of our programs your account will be banned! The account mentioned above has been removed. Adam |
|
|
|
|
05-01-2007, 05:04 PM
|
#11 | |
|
Confirmed User
Join Date: Mar 2004
Location: → → →
Posts: 1,717
|
Quote:
 |
|
|
|
|
|
05-01-2007, 05:07 PM
|
#12 | |
|
Confirmed User
Join Date: Feb 2006
Posts: 5,122
|
Quote:
|
|
|
|
|
|
05-01-2007, 05:07 PM
|
#13 |
|
Confirmed User
Join Date: Mar 2005
Location: Da Hood
Posts: 5,688
|
Fucking scumbags man! This type of shit pisses me of. I guess the only thing that can be done is to out them to the related sponsor and hope they get removed.
Good work Quickdraw...way to go Adam
__________________
ICQ: 150-803-430 Email: marketing7(at)cox(dot)net |
|
|
|
|
05-01-2007, 05:14 PM
|
#14 |
|
Moo Moo Cow
Join Date: Mar 2004
Location: Washington State
Posts: 14,748
|
Won't happen of course, but it would be nice if programs not only closed the accounts (well done Wild Cash), but make it known who the offending affiliate is so other programs can do the same. Because I am sure this guy/gal will just move on to the next one, and next one, and next one...
|
|
|
|
|
05-01-2007, 05:21 PM
|
#15 | |
|
Confirmed User
Join Date: Feb 2006
Posts: 5,122
|
Quote:
 |
|
|
|
|
|
05-01-2007, 09:43 PM
|
#16 | |
|
Too lazy to set a custom title
Industry Role:
Join Date: Jun 2005
Location: 127.0.0.1
Posts: 27,047
|
Quote:
__________________
Make Money
|
|
|
|
|
|
05-01-2007, 11:02 PM
|
#17 | |
|
Confirmed User
Join Date: Aug 2006
Posts: 268
|
Quote:
|
|
|
|
|
|
05-01-2007, 11:10 PM
|
#18 | |
|
Confirmed User
Join Date: Mar 2007
Posts: 602
|
Quote:
 |
|
|
|
|
|
05-01-2007, 11:33 PM
|
#19 |
|
Confirmed User
![[ Nate ]'s Avatar](image.php?u=88539&dateline=1397860340)
Industry Role:
Join Date: Mar 2007
Location: Asia
Posts: 1,468
|
That zlob trojan is a muther to get out. I had to deal with that about a week ago!!!!!
|
|
|
|
|
05-02-2007, 01:49 AM
|
#20 | |
|
Confirmed User
Industry Role:
Join Date: Oct 2001
Location: Toronto
Posts: 7,103
|
Quote:
|
|
|
|
|
|
05-02-2007, 02:19 AM
|
#21 |
|
there's no $$$ in porn
Industry Role:
Join Date: Jul 2005
Location: icq: 195./568.-230 (btw: not getting offline msgs)
Posts: 33,063
|
porn-abc.com = registered @ ESTdomains (no surprise there).
porn-abc.com = hosted @ cernel.net (no surprise there). Where ever there's a trojan, you can find EST domains, EST host, cernel, intercage, inhoster or attrivo. |
|
|
|
|
05-02-2007, 02:40 AM
|
#22 | |
|
Confirmed User
Join Date: Feb 2006
Posts: 5,122
|
Quote:
|
|
|
|
|
|
05-02-2007, 09:01 PM
|
#23 |
|
Confirmed User
Industry Role:
Join Date: Mar 2006
Location: Australia
Posts: 3,800
|
After a deeper investigation we feel the need to clarify a few things..
First of all, about the WildCash affiliate mentioned in this thread: It is entirely possible and likely that he has absolutely no knowledge of the MovieBox trojan or porn-abc.com. porn-abc.com is a completely independent domain. We investigate all these matters very seriously, and although this stuff has nothing to do with Wildcash at all we're reporting what we've found to the community. The following we know to be 100% certain: An independent malicious party is downloading gallery pages from the web and re-hosting them on their own servers with the videos removed and links to a fake-codec (MovieBox trojan) inserted. As QuickDraw mentioned, there is also JavaScript added to the page that attempts to install the malware automatically. If the surfer's browser does not allow this automatic installation there is still a chance the surfer, in all his horniness, will download and install the fake codec manually. They are hosting these spidered galleries on at least 233 domains spread across at least 56 IP addresses. All the domains are registered through ESTDOMAINS. All the hosting is at CERNEL and INTERCAGE (55 IPs at CERNEL; 1 IP at INTERCAGE). It is important to note that galleries from many programs and many different affiliates have been downloaded and re-hosted by these guys, and that in almost all cases it's entirely likely the affiliate and program have no knowledge of this. Ok, that's great, so what can we do? As a surfer: * Keep your system up to date with the latest security patches * Don't download untrusted .EXE's (no matter how horny you are) As a gallery hoster: * Blacklist the offending IP addresses from spidering your galleries As a gallery submission site: * Blacklist the submission of entries containing the offending domain names * Blacklist the submission of entries whose domain names resolve to offending IP addresses As a motivated onlooker: * Report URLs like this to StopBadware.org, then there's a good chance they will show up with a warning in Google search results like this one: http://www.google.com/search?hl=en&q...2705851%2F1%2F To find more galleries like this, the following Google search terms give pretty decent results: inurl:load=1 inurl:id +(site:.com OR site:.net) |
|
|
|
|
05-02-2007, 09:04 PM
|
#24 | |
|
Moo Moo Cow
Join Date: Mar 2004
Location: Washington State
Posts: 14,748
|
Quote:
|
|
|
|
|
|
05-03-2007, 07:20 AM
|
#25 |
|
Confirmed User
Join Date: Mar 2004
Location: → → →
Posts: 1,717
|
Great information Adam.
Now that you mention it, I do remember someone saying their galleries had been stolen and used like this. Okay, found it. Gleem posted about it here and I even posted in the thread. :/ I should have remembered and mentioned it. https://gfy.com/fucking-around-and-business-discussion/725401-guy-stealing-galleries-using-install-viruses-look.html Good on you guys for investigating further and posting the information here. Thanks |
|
|
|
