|
Quote:
|
BTW here is my contact information if anyone needs it:
Thanks! |
Quote:
I wish what you were saying was true but AFF/CAMS, and Sex Search off the top of my head pretty much go against everything you just said. Or I guess to put it better, AFF/CAMS and SEX Search fall into your 1%... but I do think it is bigger than 1 %, I am sure there are a good bit more companies that don't care where they get their signups from. |
Quote:
We do monitor signups and look for fraud, but the problem with the malware is the joins won't look obviously different from any others, so (as I said in the other thread) one of the things we want to look into is statistical analysis of the patterns behind the joins... if you have a sponsor with traffic literally coming from everywhere and not concentrated in any one source, and that sponsor has different conversion rates than other sponsors sending traffic from similar sites/promotion types, that would be very suspicious and we would act on it. But to do that, we will have to write new scripts to analyze the traffic, and in the other thread there was some discussion about a collaborative effort to do that, which we'd be supportive of. Perhaps it can eventually be built into NATS, MPA3 and CCBill's own affiliate tracking. But we're committed to acting on anything we can identify now, as well as investigating and acting on any reports we get from affiliates. |
Quote:
Let's see what it writes in some articles step by step: taken from http://blogs.zdnet.com/Spyware/?p=763 Quote:
|
Quote:
taken from http://spamhuntress.com/wiki/Dyakon conclusion of the article: Quote:
Quote:
Quote:
|
Quote:
|
Quote:
from http://netrn.net/spywareblog/archive...um-on-the-run/ Quote:
|
Any Sponsors that are interested in having spyware removed from their programs please see my thread
Anit Spyware Coilation Sign Up There is a guy there who claims to be the inventor of spyware and he says that he has the cure!!!! Also any Webmasters that are sick of loosing money sign up! Stop the madness.......... |
Quote:
|
Quote:
|
Pinging spywarequake.info [195.225.177.7] with 32 bytes of data:
20 104 ms 88 ms 88 ms 64.111.192.205 21 87 ms 90 ms 88 ms 66.230.128.91 22 92 ms 84 ms 86 ms 195.225.177.7 OrgName: ISPrime, Inc. OrgID: IPRM Address: 25 Broadway Address: 6th Floor, Suite #2 City: New York StateProv: NY PostalCode: 10004-1086 Country: US ReferralServer: rwhois://rwhois.isprime.net:4321/ |
Quote:
is that all you have to reply to the bunch of posts about intercage on the last page?? here in another recent malware codec downloading site, guess where it's hosted? Quote:
your host seems to be nothing else than the "El Dorado" and "Paradise" for all kind of criminals. I would suggest that NO adult site should be doing business anymore with sites anywa related to estdomains, eshost, intercage and any other company somehow using any of these services. If we cap the traffic exchange with sites hosting with hosts that obviously tolerate and support criminals, than a lot of our problems should be fixed automaticly as we are not longer part of the malware distribution or at very least it will decrease a lot. |
Quote:
|
Quote:
|
Quote:
|
At this point, I think you can safely say: If the traffic comes from a domain registered with ESTDOMAINS, it is fairly suspect.
|
Quote:
I wage to bet that if we look closer we will find out which sponsors do and dont support this for I have a feeling that behind this organized group lies Quite of few others.... Every good band havs a front man! Join the "Anti Spyware Coilition" See thread. |
I got this email from Sunbelt Software today
Quote:
|
To Emil,
Thanks for taking the time to reply to this thread... I am glad I got the right name when I made the report to the FBI... you ARE Emil Kacpersky correct? I sent an email to [email protected] but I see the site is still live... as far as I know it's a crime to facilitate an international crime... you do know that disseminating viruses/trojans is a crime right? Here is why we have a serious issue with Intercage... first of all... you host spammers, ppc cheaters, hackers, etc... wtf are you thinking? Btw... here is the email I sent you... Quote:
|
Quote:
Or better yet maybe they could get with this guy over on the "Anti Spyware Coilation Sign Up" Thread who claims to be the originator of spyware and pay him for a cure! |
In case you were interested... I downloaded a pdf of the report to the FBI... I am not going to make it public because it has my personal info in it but here is the report part...
Quote:
Quote:
|
Quote:
1.This guy signed up today right before he started posting threads 2.How was he alerted of this discussion? With those two out in the open Hmmmmmmmm? I wonder who alerted him! 3.THE BIG PICTURE? |
if you don't think that these fuckers posts here then you are misguided... We swim with sharks...
|
Lets say someone does get caught with how I track them, Does anyone know if ccbill will give those sales to the right person? I wrote an email asking and they did not give me a clear answer
|
Quote:
|
A member at another board I posted at provided this find:
from http://www.tunix.nl/index.php?s_cat=...loits_advisory Quote:
|
bump this back to 1st page
|
Quote:
:2 cents: |
Quote:
|
I hear microsoft is onto this codec exploit issue now!
|
Quote:
it would be nice for them to do so, they really shouldn't allow something as significant as this trojan to be installed without noticeable warnings being issued by the OS first. |
Quote:
|
I wonder why Emil never posted again :D
|
Quote:
It isn't a 100% sure thing that someone with ESTDOMAINS is going to be a scammer, but if you live next to a crack house, some people might think you like drugs, right? |
Quote:
|
Alternately, you lie down with dogs, and you will get fleas.
|
Microsoft Windows WMF exploits advisory
An update from Microsoft that fixes this vulnerabilty is now available: http://www.microsoft.com/athome/secu...00601_WMF.mspx A very serious vulnerability has been discovered in Microsoft Windows, for which exploits are found on the internet. It concerns issues with files that are interpreted by windows as .WMF files. At this moment there is no patch from Microsoft. There are some workarounds for vulnerable systems that can be applied. More information on this issue can be found here: urls: http://www.security.nl/article/12594...F_exploit.html http://secunia.com/advisories/18255/ http://isc.sans.org/diary.php http://www.viruslist.com/en/alerts?alertid=176701669 Malicious files that can lead to an exploit can be both in e-mail attachments and on the internet on http servers. The TUNIX/Firewall can help to avoid some risk in the following ways: Firstly the Kaspersky virusscanner for email on TUNIX firewalls detects trojans that use this exploit, if the firewall uses a recent signature-database. It has been doing so since December 28th 2005. Secondly a number of URLs have been identified that may contain malicious content. TUNIX recommends blacklisting the listed URLs on the TUNIX/Firewall. This can be accomplished using a simple URL blacklist. At this moment the following URLs can be blocked: m.cpa4.org 008k.com mscracks.com keygen.us dailyfreepics.us pornsites-reviews.com mmxo.megaman-network.com 600pics.com Crackz.ws unionseek.com www.tfcco.com Iframeurl.biz beehappyy.biz Buytoolbar.biz teens7.com Thirdly two netblocks can be blocked as well according to sources at SANS: http://isc.sans.org/diary.php InterCage Inc.: 69.50.160.0/19 (69.50.160.0 - 69.50.191.255) Inhoster: 85.255.112.0/20 (85.255.112.0 - 85.255.127.255) This can also be implemented by http blocklists. It should be noted that blocking entire netblocks always carries the risk of blocking websites that should not be blocked. Customers with a Managed Firewall (MF) contract, customers with a Remote Standby (RS) contract or customers with a Remote Maintenance (RB) contract can contact TUNIX Firewall Support to make the necessary adjustments to the configuration of TUNIX/txhttp or Tunix/http-gw to block this activity. |
Quote:
When this happens on a daily basis I beleive that this is where the problem starts for any sponsor! When the thousands of redirected dollars start flowing in come on back and tell us who gets paid! Better yet why dont you just send us a post card from the Islands:thumbsup |
Just for clarification... the trojan we are posting about isn't always delivered via an exploit... We have found multiple urls that are masking the trojan as a codec that users are voluntarily installing.
|
| All times are GMT -7. The time now is 06:52 AM. |
Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2025, vBulletin Solutions, Inc.
©2000-, AI Media Network Inc123