Host file virus (again)
 

Looks like another fucker is active ... According to my stats something went live this saturday.

This is a sample file I managed to get my hands on ...

66.250.107.99 thehun.net
66.250.107.99 www.thehun.net
66.250.107.99 thehun.com
66.250.107.99 www.thehun.com
66.250.107.99 worldsex.com
66.250.107.99 www.worldsex.com
66.250.107.99 sexocean.com
66.250.107.99 www.sexocean.com
66.250.107.99 easypic.com
66.250.107.99 www.easypic.com
66.250.107.99 free6.com
66.250.107.99 www.free6.com
66.250.107.99 al4a.com
66.250.107.99 www.al4a.com
66.250.107.99 thumbnailpost.com
66.250.107.99 www.thumbnailpost.com
66.250.107.99 drbizzaro.com
66.250.107.99 www.drbizzaro.com
66.250.107.99 hoes.com
66.250.107.99 www.hoes.com
66.250.107.99 absolut-series.com
66.250.107.99 www.absolut-series.com
66.250.107.99 elephantlist.com
66.250.107.99 www.elephantlist.com
66.250.107.99 ah-me.com
66.250.107.99 www.ah-me.com
66.250.107.100 msn.com
66.250.107.100 www.msn.com
66.250.107.100 search.msn.com
66.250.107.100 auto.search.msn.com
66.250.107.101 google.com
66.250.107.101 google.de
66.250.107.101 google.co.in
66.250.107.101 google.ca
66.250.107.101 google.fr
66.250.107.101 google.it
66.250.107.101 google.com.au
66.250.107.101 google.co.uk
66.250.107.101 google.be
66.250.107.101 google.com.ar
66.250.107.101 www.google.com

Of course the three servers listed in the hosts file are down. I already mailed abuse department but no response yet.

It's not as big as the files I have seen pass by on this board but it still sucks big time :-(

Already talked to sleazy on the phone and he had some interesting options which I will sure check out!

Just some examples of where visitors go. This guy should be caught and hanged on the highest tree one can find. Sick fucker.

I'm really getting into the bottom of this

66.250.107.99 - http://www.czechvirgins.com/?dotfucked.com
66.250.107.100 - http://www.find-itnow.com/search.html
66.250.107.101 - http://www.find-itnow.com/search.html
http://hot-incest.com/cgi-bin/in.cgi?id=267
66.250.107.101 - 66.250.107.101/psearch.html --> www2.google.com

http://www.rape-land.com/
http://www.rape-land.com/brutalfamily.html
http://www.bestincestporn.com/index.html
http://www.ratedincest.com/
http://vipincest.com/index.html?243
http://free.incest-pics.info/?id=1
http://www.incest50.com/
http://incesta.com/index.html?4
http://incest.violentsex.net/
http://incest.violentsex.net/secretlinks.html

Any help in this matter would be appreciated :-(

Type in a random IP of the above three and run into a dialer hell ;-(

These people should be stopped.
I don't understand why providers just simply redirect their traffic to a page where they explain what just happened to a surfer and explain how they could fix this.

OK...I am an idiot...still had some old info in my signature...
sorry Rutger ;-)

Pierre...

Probably because most of those mother fuckers are their "own host".

a host has an host too ;-)

This mofo is hosted at cogentco ... they gave me their login on their whois database. I hope they shut him down real soon now.

Next thing is write a mail to the sites he sold his traffic to about the scam so his checks will be cancelled.

The only thing to stop people from doind this is to make sure they end up with costs instead of profits.

The main reason that pissed me off is that he's also feeding childporn sites and other rape related sites with my traffic.

Alright, I talked to his provider last night and this morning. They are investigating this issue right now. I got their attention when I mentioned that these hosts forward traffic to childporn/rape sites.

Are there any americans on this board with insights on how to take legal actions? I emailed a webpage to the provider with a webpage that I want to have online, it's a page that explains to surfers how to remove the hosts file virus from their machines.

I hope it will be up soon. At this moment I'm waiting for a callback from his provider. - I'm really pissed off.

Since I'm hit hard my thought about this are: this cheater has been submitting to absolut for quite some time, everytime he cheated he installed some virus routine on surfers computers. This virus routine got life on the 8th of November. I think he can also use these computers to execute DDOS attacks on hosts that he wants to.

This guy is a real pain in the ass to me and I want him stopped ASAP.

Any help is appreciated in this matter.

Thanx

bump

Get his ass Rutger :thumbsup

His IP's will be forwarded to my address within a couple of hours. Otherwise they'll receive written notice from my Attorney.

http://212.204.249.185

If somebody has suggestions for additions to this page, please feel free to post them here ...

Cheers

Why not disable writing to host file via spybot?

My thoughts are that most people that get infected with virusses like these don't have a clue what spybot is ...

Surfers that get caught by scams like these need to handholded to fic their problem. Ik think the best way to do that is by creating a page like the one I set-up ... I'll make additions to this page as needed ...

*cough* offshoreclicks *cough* derek *cough* *cough*

*cough* buying hits *cough * selling them to be hijacked *cough*

need i say more lol

I would do it like call-kelly does and make sure you post info on your first page about it, in plain english. like.

ATTENTION VIEWERS OUR WEBSITE AND SEVERAL OTHER HIGH PROFILE WEBSITES HAVE RECENTLY BEEN THE TARGET OF A HACK ATTACK, PLEASE FOLLOW THIS LINK TO MAKE SURE YOU ARE NOT INFECTED OR ARE UNKNOWINGLY INFECTING OTHERS, THIS IS NOT AN AD THIS COSTS NO MONEY AND YOU WONT BE ASKED FOR ANY INFORMATION AT ALL .

Then link it to a page with detailed instructions that even a first time user can figure out.

You might even want to translate it into several languages.

Thanx smokey :thumbsup

Those are my intentions as well. We have a small area on our site that sort of warns people but I don't think anyone actually reads it. The horn surfer just clicks straight to the porn...

I'm going to highlight this and will translate into multiple languages. I only know French, German and Dutch so I need someone Spanish as well. Anybody on this board that could do that?

First step succeeded. IP's are down.

Second step is to have the provider reroute the traffic to my help page. They're looking for ways to do that now.

I'll fix the help page to redirect on browser language next.