Hosts News

A little background … I have this blog set to “Approve” most content that is added via the “Comments” link. Now I usually get a few Spam entries that I simply ignore … but this one caught my eye and I thought I’d follow the link posted to see where it went …

Notice the content posted at the bottom of the above page? … it’s a quote from one of my posts the other day “Beware of YouTube look-alikes” … however clicking on any of the images just above that leads to “reportblogsite(dot)com” … even the page layout and design is the same … strange …

 Image edited for display purposes.

Which looks like a typical blog type site … except if you click any of the images on the page which leads to …

Imagine that! … another YouTube look-alike with the same old bogus (Trojan.Codec/Zlob) prompt … the download “setup_axplugin.exe” from “axvideoplay(dot)com” is not very well detected [VirusTotal results]

Then just this morning I get another Spamdexing comment … waiting for Approval … same page layout and design as the others … well isn’t that special! … and you guessed it … clicking any of the innocent looking images leads to “youutubee(dot)com“. Matter of fact the images are actually being drawn from Metacafe a safe YouTube type site …

Needless to say all these culprits will be added to the next HOSTS file update …
reportblogsite(dot)com and reachnewsworld(dot)com are both hosted at Intercage [69.50.160.0 – 69.50.191.255]
axvideoplay(dot)com and axvideoplugin(dot)com are both hosts at Layered Technologies which is fast becoming a new haven for the Trojan.Codec gang … as evidenced in my last post …

3 Comments »
Filed under: Uncategorized