Thread: Who will be the first sponsor to step up about the link code change / trojan problem?
View Single Post
Old 03-12-2007, 07:54 PM  
nation-x
Confirmed User
 
nation-x's Avatar
 
Industry Role:
Join Date: Mar 2004
Location: Rock Hill, SC
Posts: 5,370
I got this email from Sunbelt Software today
Quote:
----- Original Message -----
From: "Alex Eckelberry" <AlexE[-at-]sunbelt-software.com>
To: <nation-x[-at-]artgps.com>
Sent: Monday, March 12, 2007 10:25 AM
Subject: RE: Huge trojan/spyware network and crime ring


> Shawn -- fwiw, inhosters, intercage/atrivo, etc. are well known in the
> security community as being very loose ISPs. I've talked with the FTC
> about it and a lot of people know, we just don't know when it will ever
> stop.
>
> -----Original Message-----
> From: nation-x[-at-]artgps.com [mailto:nation-x[-at-]artgps.com]
> Sent: Sunday, March 11, 2007 6:01 PM
> To: Alex Eckelberry; thomas | AdultReviews.net
> Subject: Huge trojan/spyware network and crime ring
>
> This last week I was informed about a trojan that was being spread
> around the internet
>
> http://lists.sans.org/pipermail/unis...er/026937.html
>
> I found your blog listed in one of the replies.
>
> I discovered this trojan being served via a porn site at this address
>
> http://www.fresh3xvideos.com/goanal.php
>
> If you research the traffic in alexa you will find that this site get's
> ALOT of traffic... in fact it's currently ranked 5,324
>
> http://alexa.com/data/details/traffi...2F%2Fwww.fresh
> 3xvideos.com%2Fgoanal.php
>
>
> I did a little more investigation and found that the trojan is being
> served from ACTIVEXVIDEOSOFTWARE.COM
>
> We have discovered that a huge number of spammers and ppc cheaters are
> using ESTDOMAINS to register domains and the above domain is no
> different...
> registered at estdomains.
>
> As it turns out the ip of the domains (and dns) is hosted by a comany
> called InterCage... a google search on the company shows that this
> company has been accused of alot of different crimes...
>
> and then I found this post on zdnet.
>
> http://blogs.zdnet.com/Spyware/?p=763
>
> InHosters, Intercage, Atrivo, Esthost and Estdomains are all the same
> company.
>
> I hope that you can help us in some way to defeat this serious issue.
>
> Sincerely,
> Shawn McAllister
and I also got one back from the FBI informing me that they take my report seriously and wwill be investigating....
nation-x is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote