|
|
|
|
||||
|
Welcome to the GoFuckYourself.com - Adult Webmaster Forum forums. You are currently viewing our boards as a guest which gives you limited access to view most discussions and access our other features. By joining our free community you will have access to post topics, communicate privately with other members (PM), respond to polls, upload content and access many other special features. Registration is fast, simple and absolutely free so please, join our community today! If you have any problems with the registration process or your account login, please contact us. |
 |
|
|||||||
| Discuss what's fucking going on, and which programs are best and worst. One-time "program" announcements from "established" webmasters are allowed. |
|
|
Thread Tools |
11-18-2004, 04:44 AM
|
#1 |
|
Confirmed User
Join Date: Apr 2002
Location: Ft liquordale FL
Posts: 6,481
|
Trojan Hijacks Browser, Sends User To Porn Site
"imagine that"
Unwary surfers infected by a new Trojan horse may be in for a shock when their browser is unexpectedly redirected to a hard-core porn site, a security firm warned Wednesday. The Delf-IT Trojan horse lurks in the background on infected PCs, said U.K.-based Sophos, and waits for the user to visit Web sites that contain one of 50-some trigger phrases, then shunts the browser to a porno page. Sophos thinks that the Trojan was designed to push porn traffic from competing sites to the new destination. "It's possible that Delf is deliberately designed to drive traffic from other adult Web pages to its own grubby website," said Graham Cluley, a senior technology consultant at Sophos, in a statement. "With so much money being made by Internet pornographers, it may be that some of them are using Trojan horses like this to generate more traffic and revenue." Among the trigger phrases that Sophos has IDed in Delf are "nympho" and "spanked," but also the innocuous "beauty" and "outdoor." "Because some of the trigger phrases chosen by the Trojan can be used perfectly innocently, it's possible that surfers who wished to see nothing sordid will find themselves redirected to a hardcore pornography website," said Cluley. "People who have an interest in the great outdoors may find themselves far from the beaten track." Only a small number of copies of the Trojan have been spotted so far, added Cluley, but he recommended that users update their anti-virus defenses to keep their browsers pointed in the right direction.
__________________
 IS Prime Hosting Bald Head Shine "BT" The American Dream, baby! " THE HOST WITH THE MOST!" My ICQ 122994792 |
|
|
|
11-18-2004, 04:45 AM
|
#2 |
|
Confirmed User
Join Date: Aug 2004
Posts: 855
|
-INSERT TIMELINE HERE-
|
|
|
|
|
11-18-2004, 05:14 AM
|
#3 | |
|
Confirmed User
Join Date: Apr 2002
Location: Ft liquordale FL
Posts: 6,481
|
Quote:
__________________
IS Prime Hosting Bald Head Shine "BT" The American Dream, baby! " THE HOST WITH THE MOST!" My ICQ 122994792 |
|
|
|
|
|
11-18-2004, 05:16 AM
|
#4 | |
|
So Fucking Banned
Join Date: Jul 2004
Location: go troll goo!
Posts: 7,708
|
Quote:
|
|
|
|
|
|
11-18-2004, 05:17 AM
|
#5 | |
|
Too lazy to set a custom title
Join Date: Apr 2004
Location: Buffalo, NY
Posts: 35,218
|
Quote:
 |
|
|
|
|
|
11-18-2004, 05:19 AM
|
#6 | |
|
So Fucking Banned
Join Date: Jul 2004
Location: go troll goo!
Posts: 7,708
|
Quote:
so ? that shit is OLD news ! they have been doing this for years now! if your newsource thinks this is new doesnt make it so |
|
|
|
|
|
11-18-2004, 07:20 AM
|
#7 |
|
Confirmed User
Industry Role:
Join Date: Mar 2001
Posts: 126
|
Name JS/NoClose-G
Type Worm Aliases Trojan.JS.NoClose.e JS/NoClose.M JS/Noclose JS/NoClose.L JS/NoClose-G hides the browser window and, after 10 minutes, opens a pop-up window. The pop-up window will typically have a URL located at http://www.tv69.com/ and may contain sexual images or links to adult websites. A cookie flag is set to prevent the pop-up from being shown more than once in a 24 hour period. JS/NoClose-G typically arrives on the computer by browsing websites whose HTML pages contain the script. JS/NoClose-G is not particularly malicious, but its behaviour can be regarded as undesirable. Name JS/Fortnight-B Type Worm JS/Fortnight-B is a worm that attempts to spread by dropping a file that it sets as the signature file for Outlook Express 5.0. The file is dropped in the Windows folder and is called s.htm. JS/Fortnight-B sets the following registries: HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel\SecurityTab HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel\AdvancedTab to "1" and HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\URL \DefaultPrefix\ to "http://www.pixpox.com/cgi-bin/click.pl?url=" JS/Fortnight-B also creates a file in the Windows folder called hosts. The hosts file has the effect of subverting access to the following websites: *.mtree.com ads.sexplanets.com adultfriendfinder.com adultmegacash.com adv.sexcounter.com amc2.adultmegacash.com auto.search.msn.com c.fsx.com cart.penispill.com cash.helmy.com cgi.gammae.com click.passiondollars.com click.payserve.com click.silvercash.com clickcash.webpower.com clicks.filthyclicks.com clicks.nastydollars.com clicks.oxcash.com clicks.uni-cash.com clicks2.oxcash.com ctc.amateurpages.com ctc.japanesegirls.com cybererotica.com db.fetishcash.com db.smutcash.com dollartraffic.com gotd.stiffycash.com home.vividvip.com in.cybererotica.com in.paycounter.com join.pibcash.com link.siccash.com links.lifetimebucks.com lobby.sexlist.com media.fastclick.net network.nocreditcard.com network.nocreditcard.com partner.globill-systems.com partners.hotgold.com penismedical.net php.offshoreclicks.com php.offshoreclicks.com porndollar.com potd.oxcash.com programs.wegcash.com rd1.hitbox.com refer.ccbill.com referral.topbucks.com secure.2000charge.com secure.dpbill.com secure.dutchbilling.com secure.ibill.com secure.pswbilling.com secure.visionbill.net secure1.websitebilling.com select.2000charge.com stats.allliquid.com stats1.pussypayments.com the.sextracker.com track.oxcash.com traffic.acpay.com vip.mtree.com ww2.amateur-pages.com ww2.amateur-pages.com www.1shoppingcart.com www.adultbucks.com www.adultmovienetwork.com www.adultrevenueservice.com www.albionmedical.com www.asacp.org www.babylon-x.com www.bigpay.com www.big-penis.com www.blacksonblondes.com www.candidclicks.com www.cashforlink.com www.ccbill.com www.clickcash.com www.clubpix.com www.cybererotica.com www.cyberpatrol.com www.cybersitter.com www.danni.com www.deluxepass.com www.dibill.com www.dollars4babes.com www.dollartraffic.com www.eazybucks.com www.entertainmentcash.com www.eroticacash.com www.eroticcash.com www.fatclicks.com www.fatpockets.com www.freeezinebucks.com www.freeticketcash.com www.hawgscash.com www.herbalbucks.com www.herbalo.com www.hpic.com www.icra.org www.intergal.com www.iteens.com www.lightspeedcash.com www.makingitpay.com www.maturemoney.com www.maximumcash.com www.morepenis.com www.mtreexxx.net www.n69.com www.nastydollars.com www.netnanny.com www.nocreditcard.com www.oxcash.com www.penilesecrets.com www.penismedical.net www.penispill.com www.pillmedics.com www.pillscash.com www.pillsmoney.com www.platinumbucks.com www.pluspills1.com www.porndollar.com www.pornstardollars.com www.rsac.org www.safesurf.com www.scoreland.com www.sexfantasyzone.com www.sexhit.com www.signup.globill-systems.com www.spyglass.com www.stiffycash.com www.surfwatch.com www.thecashzone.com www.totally4freecash.com www.trueclicks.com www.tv69.com www.twistyscash.com www.webmastersmakemoney.com www.xpays.com www.xxxesscash.com www2.karupspc.com www2.seductiveamateurs.com JS/Fortnight-B exploits a vulnerability in the Microsoft VM ActiveX component. If an affected web page is opened, a JScript embedded on the page attempts to use the vulnerability in order to drop files on a local drive, change registry keys without the user's knowledge or perform any other malicious action on the local computer. For more details about the Microsoft VM ActiveX component exception vulnerability please see Microsoft Security Bulletin MS00-075. Maybe this has something to do with all the signups disappearing. This second one is an older one, but it was updated 14 Nov 2004. IMAGINE THAT! |
|
|
|
|
11-18-2004, 08:47 AM
|
#8 |
|
Confirmed User
Industry Role:
Join Date: Mar 2001
Posts: 126
|
BTW...BT did you get my email yesterday? I didn't hear anything from you on it.
|
|
|
|
|
11-18-2004, 08:50 AM
|
#9 |
|
Confirmed User
Join Date: Jul 2003
Location: The Windy City
Posts: 8,403
|
Look at all those "stand up companies" taking hijack trojan browser traffic
__________________
Build a Massive Traffic Network, Hands FREE, Totally Automated |
|
|
|
|
11-18-2004, 09:06 AM
|
#10 |
|
Confirmed User
Industry Role:
Join Date: Mar 2001
Posts: 126
|
The only one you should worry about is the asshole who owns pixpox.com. He's the one exploiting all the "stand up companies".
Apparently, when a "infected" surfer cruises your site and hits one of your sponsor links and clicks thru, the hijack takes over and redirects them to "pixpox.com". I already checked the whois info and imagine that...asshole is from a "third world country". |
|
|
|
|
11-18-2004, 09:23 AM
|
#11 |
|
Orgasms N Such!
Industry Role:
Join Date: Sep 2002
Location: Oakville, Ontario
Posts: 18,135
|
I don't know how the people who write these trojans and have them point at a SOURCE THAT BE USED TO TRACK AND PROSECUTE them figure they're going to profit from this shit? All they're doing is ruining their chances. Fucking retards.
|
|
|
|
|
11-18-2004, 09:31 AM
|
#12 | |
|
Confirmed User
Join Date: Mar 2004
Posts: 4,400
|
Quote:
__________________
Click 9500 FHG Text Descriptions--Only $89! |
|
|
|
|
