Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security FullDisclosure
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Full-Disclosure] Re: block all popups [google knockoff]

from [sh0rtie] Network Security [Permanent Link]
Subject: [Full-Disclosure] Re: block all popups [google knockoff]
Date: Thu, 26 Aug 2004 22:06:38 +0100 
its spyware
a quick peek inside the installer reveals links to toolbarshopper.com
so definatly not google (although the toolbar does have links to use
google as well as the  usual affiliate links to other sites (using
linksynergy)

the site at ipaddress where the installer is located has links selling
an ebook ,following the money (purchase) leads to a site
called moreinfo4you.net a whois of this site reveals

domain:       moreinfo4you.net
status:       production
organization: CSI
owner:        James Real jackson
email:        domainalias@yahoo.com
address:      23244 Avenida Pico
city:         San Clemente
state:        CA
postal-code:  92654
country:      US
admin-c:      domainalias@yahoo.com#0
tech-c:       domainalias@yahoo.com#0
billing-c:    domainalias@yahoo.com#0
nserver:      ns.dnsfree.biz
nserver:      ns2.dnsfree.biz
registrar:    JORE-1
created:      2004-08-22 19:53:30 UTC JORE-1
modified:     2004-08-22 22:25:43 UTC JORE-1
expires:      2005-08-22 15:53:28 UTC
source:       joker.com
db-updated:   2004-08-26 20:40:16 UTC

fake details and joker.com is a public dns service often used by
scammers because they can change domain ipaddresses (where the domain
points to) quickly

the ipaddress where the exe is located is based in korea (probably a
compromised adsl machine)

inetnum:      61.248.0.0 - 61.255.255.255
netname:      KRNIC-KR
descr:        KRNIC
descr:        Korea Network Information Center
country:      KR
admin-c:      HM127-AP
tech-c:       HM127-AP
remarks:      ******************************************
remarks:      KRNIC is the National Internet Registry
remarks:      in Korea under APNIC. If you would like to
remarks:      find assignment information in detail
remarks:      please refer to the KRNIC Whois DB
remarks:      http://whois.nic.or.kr/english/index.html
remarks:      ******************************************
mnt-by:       APNIC-HM
mnt-lower:    MNT-KRNIC-AP
changed:      hostmaster@apnic.net 20010321
changed:      hostmaster@apnic.net 20010606
status:       ALLOCATED PORTABLE
source:       APNIC

person:       Host Master
address:      11F, KTF B/D, 1321-11, Seocho2-Dong, Seocho-Gu,
address:      Seoul, Korea, 137-857
country:      KR
phone:        +82-2-2186-4500
fax-no:       +82-2-2186-4496
e-mail:       hostmaster@nic.or.kr
nic-hdl:      HM127-AP
mnt-by:       MNT-KRNIC-AP
changed:      hostmaster@nic.or.kr 20020507
source:       APNIC


regards





On Tue, 24 Aug 2004 21:49:41 -0400, Jeremy Heslop <vector@ezy.net> wrote:

Not sure who this should go to, but I received an email the other day
and it is advertising the google toolbar. It installs a toolbar, but not
googles. Looks sketchy to me and similar to other phishing attempts. URL
to valuebar_setup.exe was in email.

Jeremy

Html email here:  http://footon.jheslop.com/block%20all%20popups.html
txt email here: http://footon.jheslop.com/block%20all%20popups.txt



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Full-Disclosure] Automated ssh scanning, Matt Zimmerman
Next by Date:  [Full-Disclosure] Re: block all popups [google knockoff], sh0rtie
Previous by Thread:  [Full-Disclosure] RE: block all popups [google knockoff], Steven Hess
Next by Thread:  [Full-Disclosure] Re: block all popups [google knockoff], sh0rtie
Indexes:  [Date] [Thread] [Top] [All Lists]