Limelight Networks kicks WinFixer to the curb

Posted on January 21st, 2008 by

It took a while … but it looks like Limelight finally sent the WinFixer Group packing …


Back in December I wrote several posts about Limelight hosting malicious content for the WinFixer Group, after which I contacted them and only received a standard reply – “we are looking into it …”.


208.111.129.28  download.cdn.winsoftware.com
208.111.129.28  sec.storageguardsoft.com
208.111.129.28  software.protectdownloads.com
208.111.129.28  setuphost.vo.llnwd.net
208.111.129.28  locator.contentsvc.com


69.28.154.237  bsa.safetydownload.com
69.28.154.237  content.onerateld.com
69.28.154.237  cdn.drivecleaner.com
69.28.154.237  cdn.downloadcontrol.com


The above have all moved locations and “setuphost.vo.llnwd.net” and “locator.contentsvc.com” are now dead …



The above have moved to the following locations where they already have established a presence with a host of their other clones. Euroaccess Belgium [85.12.60.0 – 85.12.60.255] Leaseweb [85.17.4.0 – 85.17.4.255]


Another notable move (sellmosoft.net) which fellow blogger Sandi Hardmeier has been documenting the malicious redirect ads … all WinFixer related!


Gfx-cust-worldstream [84.243.252.0 – 84.243.252.255] [84.243.253.0 – 84.243.253.255]
84.243.252.84  adtraff.com
84.243.252.85  burnads.com
84.243.252.88  forceup.com
84.243.252.91  netmediagroup.net
84.243.252.94  traffalo.com
84.243.252.97  uniqads.com
84.243.253.142  secure.sellmosoft.net
84.243.253.143  stats.sellmosoft.net
84.243.253.220  performanceoptimizer.com
84.243.253.220  errorinspector.com
84.243.253.220  errordigger.com


Kaspersky detects as: FraudTool.Win32.Sellmosoft.a. Symantec has the following write-up which includes:


HKEY_CURRENT_USER\Software\Sellmosoft\Performance Optimizer


Innovative Marketing, Inc.
1876 Hutson Street
Belize City, BZ


SellMoSoft
1876 Hutson Street
Belize City, BZ


WebHosts Inc
1876 Hutson Street
Belize City, BZ


SellMoSoft has now changed their address (5 Cornwall Street, Roseau) which shows up in their [choke] secure certificate.



Now if we could get Comodo to stop issuing certificates to these culprits … seems like another company that failed to do their research before associating themselves with this type activity …

Comments Off on Limelight Networks kicks WinFixer to the curb
Filed under: Uncategorized



Comments are closed.

« »