Just doing some routine checks on incoming referrers on one of my sites today, I came across this site:
http://safeadultweb.com/main.shtml
They are ditributing a toolbar that will bypass traffic scripts on TGP/MGP type sites, and probably others. This in itself is bad enough for TGP owners, as it will completely screw up productivity numbers if enough of your surfers are using it. They currently have a list of over 800 sites that it works with, and there are some pretty big names on that list.
Upon further investigation, this
Thread was brought to light on a spyware forum. The registrant of the domain mentioned there is also the current registrant of the domain safeadultweb.com
Registrant:
Exeneden Group Ltd.
14 Niche Willy Arena Str.
Gzira, MT GZR-06
MT
+356.347689
Domain Name: SAFEADULTWEB.COM
Administrative Contact:
Koval, Andrew
[email protected]
14 Niche Willy Arena Str.
Gzira, MT GZR-06
MT
+356.347689
Technical Contact:
Koval, Andrew
[email protected]
14 Niche Willy Arena Str.
Gzira, MT GZR-06
MT
+356.347689
Record expires on 02-05-2008
Record created on 02-05-2007
Domain servers in listed order:
NS1.HOSTING.FLYINGCROC.NET 207.246.129.73
NS2.HOSTING.FLYINGCROC.NET 207.246.129.74
I don't know if it's faked or not, but you'll also notice the email address given there for Admin contact is
[email protected]
This toolbar does not identify itself in the user-agent field, it is being distributed 100% free, and there is no advertising or upsells on either the safeadultweb.com pages, or the sawtoolbar.com pages. The toolbar also works off a database provided from their server that needs to be updated and maintained.
I find it hard to believe anyone would go through all that trouble just to help out Joe Surfer. It smells of someone trying to get a ton of installs and then turning it into something bad for a windfall of cash.
I just wanted to make people aware, and see if maybe someone can come up with a way through Java or PHP to detect it in the user's browser and redirect them.
See sig...