|
Download this Codec(Virus)
:warning Here is a gallery that is promoting Wildcash with the Moviebox/zlob trojan:warning
porn-abc.com/ike/1666520193/1/ contains a javascript file here porn-abc.com/js/cchrslib_t_1000.js which contains this download on a domain registered a few days ago. This/these gallery(s) use to link to a different domain, so I assume they are trying to stay ahead of the scanners use-play.com/download/use-play1000.exe Their link to Wildcash is wildpornreviews.com/mov/fromasstomouth.com/2/005/MTA1ODAxOjU6MTY which makes their wildcash id 105801 Download this stuff and see how your surfers just won't make it anywhere that will make you money. |
This is Videoscash work, and it is stealing from you in a big way.
Here is another domain spreading this crap with more domains in the background. Pagerank of 6 moviereality.com on ip 209.51.138.181, which contains 3 nameservers: ns2.teenprofiles.com ns1.moviereality.com ns2.videoscash.com |
Here is a link to another GFY thread that details just a small portion of what this malware does.
fucking-around-and-business-discussion/720781-spyware-killing-industry-proof-inside-thread-video.html |
Did you know that Videoscash changes the binaries on these trojans which puts them 1 step ahead of the av companies?
Once a surfer is infected with this lureware, you have NO chance of making money with that surfer until they get 'cleaned'/reformatted. |
Why do you think this trojan scans the surfers computer for recent visits to adultwebmaster boards?
http://www.sophos.com/security/analyses/trojzlobpe.html |
When link is followed …
• Runs Malicious JavaScript (Troj/Pysme-DL) • Exploits IE Vulnerability • Downloads Troj/Dropper-MH • Drops Troj/Bckdr-PPY used to ‘hide’ processes • Also drops Troj/Proxy-EN which tells the backdoor what tohide • Once installed, cannot be “seen” • Main purpose – Troj/Proxy-EN used to ‘relay’ spam Read more in this PDF by Sophos-- http://icsecurity.di.uniroma1.it/sto...rrisSophos.pdf Doesn't appear people here care too much, but if you do, check your trades/links. Your income depends on it. |
:Oh crap.....
|
Lame....
|
**bump**
|
BE WARNED
If you are using adware in ANY promotion of our programs your account will be banned! The account mentioned above has been removed. Adam |
Quote:
|
Quote:
|
Fucking scumbags man! This type of shit pisses me of. I guess the only thing that can be done is to out them to the related sponsor and hope they get removed.
Good work Quickdraw...way to go Adam:thumbsup |
Won't happen of course, but it would be nice if programs not only closed the accounts (well done Wild Cash), but make it known who the offending affiliate is so other programs can do the same. Because I am sure this guy/gal will just move on to the next one, and next one, and next one...
|
Quote:
|
Quote:
|
Quote:
|
Quote:
|
That zlob trojan is a muther to get out. I had to deal with that about a week ago!!!!!
|
Quote:
|
porn-abc.com = registered @ ESTdomains (no surprise there).
porn-abc.com = hosted @ cernel.net (no surprise there). Where ever there's a trojan, you can find EST domains, EST host, cernel, intercage, inhoster or attrivo. |
Quote:
|
After a deeper investigation we feel the need to clarify a few things..
First of all, about the WildCash affiliate mentioned in this thread: It is entirely possible and likely that he has absolutely no knowledge of the MovieBox trojan or porn-abc.com. porn-abc.com is a completely independent domain. We investigate all these matters very seriously, and although this stuff has nothing to do with Wildcash at all we're reporting what we've found to the community. The following we know to be 100% certain: An independent malicious party is downloading gallery pages from the web and re-hosting them on their own servers with the videos removed and links to a fake-codec (MovieBox trojan) inserted. As QuickDraw mentioned, there is also JavaScript added to the page that attempts to install the malware automatically. If the surfer's browser does not allow this automatic installation there is still a chance the surfer, in all his horniness, will download and install the fake codec manually. They are hosting these spidered galleries on at least 233 domains spread across at least 56 IP addresses. All the domains are registered through ESTDOMAINS. All the hosting is at CERNEL and INTERCAGE (55 IPs at CERNEL; 1 IP at INTERCAGE). It is important to note that galleries from many programs and many different affiliates have been downloaded and re-hosted by these guys, and that in almost all cases it's entirely likely the affiliate and program have no knowledge of this. Ok, that's great, so what can we do? As a surfer: * Keep your system up to date with the latest security patches * Don't download untrusted .EXE's (no matter how horny you are) As a gallery hoster: * Blacklist the offending IP addresses from spidering your galleries As a gallery submission site: * Blacklist the submission of entries containing the offending domain names * Blacklist the submission of entries whose domain names resolve to offending IP addresses As a motivated onlooker: * Report URLs like this to StopBadware.org, then there's a good chance they will show up with a warning in Google search results like this one: http://www.google.com/search?hl=en&q...2705851%2F1%2F To find more galleries like this, the following Google search terms give pretty decent results: inurl:load=1 inurl:id +(site:.com OR site:.net) |
Quote:
|
Great information Adam.
Now that you mention it, I do remember someone saying their galleries had been stolen and used like this. Okay, found it. Gleem posted about it here and I even posted in the thread. :/ I should have remembered and mentioned it. fucking-around-and-business-discussion/725401-guy-stealing-galleries-using-install-viruses-look.html Good on you guys for investigating further and posting the information here. Thanks |
| All times are GMT -7. The time now is 04:08 PM. |
Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2025, vBulletin Solutions, Inc.
©2000-, AI Media Network Inc123