Spyware Sucks
“There is no magic fairy dust protecting Macs" – Dai Zovi, author of “The Mac Hacker’s Handbook"

ALERT: Malvertizement featuring Skype

July 8th 2008 in Uncategorized

No company is safe from impersonation….

Campaign URLS:

waytotheprofit.com/?cmpid=contangogo
station-appraisals.com/c/index.php?id=<<removed>>

image

image

image

 

The waytotheprofit URL leads us to an adverdaemon.com URL, and from there to the fraudware site – I ended up at a German site, being sicherheitstool.com.

Robtex reports that “sicherheitstool.com is a domain controlled by two nameservers at sicherheitstool.com themselves. They are on the same IP network. Incoming mail for sicherheitstool.com is handled by one mailserver which are also at sicherheitstool.com. sicherheitstool.com has one IP record . virusvakt.com, winanonymous.com, avsystemcare.com and at least seven other hosts point to the same IP.

sicherheitstool.com is hosted by Webair Internet Development Inc (http://www.webair.com/).  Feel free to complain to them ;o)

Hostnames sharing IP with A-Records
anchisupaisutsu.com | .anchiwamu2008.com | .antiespiadorado.com | .antispionagepro.com | .antispywaresuite.com | .antivirusforalle.com | .antiviruspcsuite.com | .antiworm2008.com | .avsystemshield.com | .bugdokter.com | .debellaworm2008.com | .defensaantimalware.com | .discosemerros.com | .diskfejlfri.com | .diskrensare.com | .driveproteccion.com | .errorsoshi.com | .fjernervirus.com | .ingavirus.com | .ingenmulighetforvirus.com | .keineviren.com | .kyouikyuuen.com | .maximumantivirus.com | .meinbesterschutz.com | .menacerescue.com | .mistikotitatuipologisti.com | .nettordinateur.com | .onlinepcguard.com | .orantiespion.com | .pcprivacytool.com | .pcrengoringsmaskine.com | .pcsikker.com | .pcveiligheidstool.com | .pcvirusless.com | .plattefehlerfrei.com | .pp-total.com | .privacidadeprotegida.com | .protecaoconfiavel.com | .proteccionconfiable.com | .puliscitutto.com | .rescatedeamenazas.com | .riscattodaminacce.com | .safepctool.com | .shinraihogo.com | .sikkerpcredskap.com | .sistemaimune.com | .skyddsverktyg.com | .smittfri.com | .solutionreg.com | .suiteantispyware.com | .supashuri.com | .suspenzorpc.com | .trojansfiltre.com | .trustedprotection.com | .turvapc.com | .utiledereparation.com | .utilisateursur.com | .virtualpcguard.com | .virusdeteccion.com | .virusfrittsystem.com | .virusstopper.net | .virusuwadame.com | .virusvakt.com | .winanonymous.com | .winsecureav.com | .winspycontrol.com | adioserrores.com | alltiettantivirus.com | anchisupaisutsu.com | anchiwamu2008.com | antiespiadorado.com | antiespionspack.com | antigusanos2008.com | antispionage.com | antispionagepro.com | antispypremium.com | antispywarecontrol.com | antispywareseigyo.com | antispywaresuite.com | antiver2008.com | antivirusaskeladd.com | antivirusgenial.com | antivirusordi.com | antiviruspcpakke.com | antiviruspcsuite.com | antiviruspertutti.com | antivirusscherm.com | antivirussolusjon.com | antiworm2008.com | antiwurm2008.com | aucunsvirus.com | avsystemcare.com | avsystemshield.com | bedreigingsmonitoor.com | bedsteantivirus.com | bereiniger.com | beschermingstool.com | besutohogo.com | bogyotsuru.com | bortmedvirus.com | bugdokter.com | bugsdestroyer.com | debellaworm2008.com | defectshuri.com | diannaoqingjieji.com | discerrorfree.com | discosemerros.com | discosenzaerrori.com | discosinerrores.com | diskfejlfri.com | diskrensare.com | disqudurprotection.com | dokterfix.com | doraibuhogo.com | drivedefender.com | driveproteccion.com | echterschutz.com | effaceurvirus.com | einaprivadesapc.com | elmejorantivirus.com | errclean.com | errorfri.com | errorout.com | errorskydd.com | errorsoshi.com | fehlerbeseitiger.com | fejlrenser.com | fejlreparering.com | felfixare.com | festplattenreiniger.com | fiksfeil.com | filtrodetrojan.com | filtrotroiani.com | fixmenaces.com | fullsystemprotection.com | goldenantispy.com | gorudenanchisupai.com | harddiskvakt.com | harddrevvagt.com | herramientadereparacion.com | hukommelsesbeskytter.com | keinegefahr.com | keinestoerungen.com | konsekieraser.com | kontentsueraser.com | kyoishusei.com | kyouikyuuen.com | liberapc.com | lifelongpc.com | lungavitapc.com | maskinpcpro.com | maximumantivirus.com | megaviruskit.com | megliopc.com | meinbesterschutz.com | melhorpc.com | memoiredefenseur.com | menacerescue.com | menacesecure.com | mendingtool.com | miavcompleto.com | mijnantivirus.com | minnesverktyg.com | mistikotitatuipologisti.com | moncontenuassistant.com | munazifalhasob.com | nettordinateur.com | nientevirus.com | nochanceforvirus.com | nocompromaat.com | noespias.com | norwayvirus.com | nowayvirus.com | nulinfektioner.com | oczyszczaczkomputerza.com | onlinepcguard.com | pasokoneiju.com | pc-prot.com | pcbeskyttelse.com | pcohneviren.com | pcopschoner.com | pcopschoningsstel.com | pcprivacytool.com | pcrengoringsmaskine.com | pcsegura.com | pcsikker.com | pcsikkerhed.com | pcsod.com | pcsuanbukkon.com | pcvirusless.com | pembersihkomputer.com | plattefehlerfrei.com | pp-total.com | privacidadeprotegida.com | privacidadplus.com | proteccionconfiable.com | protectingtool.com | protectioncomplete.com | protejaseudrive.com | protejasudrive.com | protezionesoft.com | puliscitutto.com | puliturasystem.com | regbotemedel.com | regrensere.com | rejishufuku.com | rensningverktyg.com | reparameacas.com | reparamenazas.com | repareja.com | reparetudo.com | rescatedeamenazas.com | riscattodaminacce.com | sanitardiska.com | schijfhersteller.com | schutztool.com | semerros.com | senzaerrori.com | shinraihogo.com | shufukutsuru.com | sikkerpcvaerktoj.com | sininfecciones.com | sistemaimune.com | skyddsverktyg.com | sletingenvirus.com | solutionreg.com | stoltbeskyttelse.com | suiteantispyware.com | supashuri.com | suspenzorpc.com | sysdepannage.com | syskontroller.com | systemesansvirus.com | systemordnare.com | tabortvirus.com | toroianfiruta.com | trojanerfilter.com | trojansfilter.com | trojansfiltre.com | tryggdator.com | turvapc.com | utiledeprotection.com | vacinatotal.com | varrevirus.com | vigilamenazas.com | virenfrierpc.com | virenloescher.com | virenstopper.com | virtual-leatherman.com | virtualpcguard.com | virusdeteccion.com | virusdifesa.com | viruseffaceur.com | virusfjernere.com | virusforsvar.com | virusfrittsystem.com | virusgarde.com | virusschlacht.com | virusseigyo.jp | virusstopper.net | virusudryddet.com | virusuwadame.com | virusvakt.com | virusvanguard.com | wegvonviren.com | winadsiz.com | winanonyme.com | winanonymitet.com | winanonymous.com | winanzen.com | winbescherming.com | windefensa.com | winhogo.com | winpcalmeglio.com | winpcdocteur.com | winpcdoctor.com | winpcdoktor.com | winpckontroll.com | winpcrensare.com | winpcrensere.com | winriservatezza.com | winsecureav.com | winsikkerantivirus.com | winsikretav.com | winspycontrol.com | winsurffilter.com | wintemizleyicisi.com | wintrygghet.com | wirusumuryokuka.com | www.antiwurm2008.com | www.avsystemcare.com | www.besutohogo.com | www.ingavirus.com | zebraantivirus.com

Domains sharing mailservers
acchiappavirus.com | adiosvirus.com | allertaminacce.com | antiamenazas.com | antievidence.com | antivirusfiable.com | antivirusforalle.com | antivirusmagique.com | anzentsuru.com | apagahistorico.com | apolloantivirus.com | archivoprotector.com | archivosenestado.com | atemaiserro.com | atrapavirus.com | aucunchoixpourvirus.com | aucunefaute.com | aucuninfection.com | aucunmenace.com | avseguro.com | bandoaivirus.com | bandoalleinfezioni.com | bastioneantivirus.com | beskyttelseonline.com | beskyttendevaerktoj.com | blanchdisc.com | borresuspasos.com | bossedeserreurs.com | brossedesfautes.com | bugseraser.com | caiforavirus.com | chasseurdeserreures.com | cleanpctool.com | confidentsurf.com | confidentuser.com | contenteraser.com | curerrores.com | dataconfidentiality.com | defensecelebre.com | defensededriver.com | defensedinformation.com | defensedudisque.com | defensenetsurfage.com | defensivesystem.com | dejitarufukugen.com | dejitarukyoikira.com | dejitaruwakuchin.com | detapurotekuta.com | detaripea.com | detectaerrores.com | diskassistent.com | disksizesaver.com | disksparare.com | disukushuri.com | driversecurise.com | einwandfreierpc.com | eliminadordeamenazas.com | elmejorantivirus.com | emperahogo.com | enmiendaerrores.com | eracheisa.com | erasutoppu.com | erreurchasseur.com | errorfighter.com | essentialeraser.com | extremuclean.com | fairukyua.com | feilvakt.com | fejlreparering.com | felfixare.com | ferramentasegura.com | festplattentool.com | fiksdinpc.com | filtredetraces.com | fixthemnow.com | fjernervirus.com | foutenwacht.com | geheugenredder.com | guardiandelaprivacidad.com | gubbishremover.com | hackerstaisaku.com | herramientasegura.com | historialout.com | ingavirus.com | ingenmulighetforvirus.com | inmunepc.com | kakujitsutsuru.com | keinespurenlassen.com | keineviren.com | knowhowprotection.com | konsekiauto.com | kontentsufiruta.com | kurinkonseki.com | kyoiireza.com | largavidapc.com | limpietodo.com | lomejorenantivirus.com | longlifepc.com | lungavitapc.com | manutencaopc.com | menacefighter.com | menacemonitor.com | menacescrubber.com | monitordeamenazas.com | mycontentassistant.com | nettoyeurdeserreures.com | nettoyeurdevirus.com | ohnespurensurfen.com | omelhorantivirus.com | onlineverktyg.com | onrainpurotekuta.com | oruripea.com | pasderreurs.com | pasdesfautes.com | pasendommagement.com | pasplusdespertes.com | pasplusdevirus.com | pcantiviruspro.com | pcassertor.com | pcboosterpro.com | pcbunan.com | pceternel.com | pcforfender.com | pchealthkeeper.com | pchjaelper.com | pckairyo.com | pclibredevirus.com | pcpropre.com | pcredskab.com | pcsansbug.com | pcsecuresystem.com | pcsecurise.com | pctoolpro.com | pcultralimpia.com | pcveiligheidstool.com | perfektantivirus.com | preservingtool.com | privacidadyseguridad.com | privacywarrior.com | protecaoconfiavel.com | proteccioncompleta.com | proteccionimperial.com | protecteurdinfo.com | protectionassuree.com | protectionconue.com | protectiondedriver.com | protectiondenetsurfage.com | proteggidati.com | puraibashihosho.com | puraibashitoshinrai.com | rendimientototal.com | rensanu.com | reparaerrores.com | reparemenaces.com | repareya.com | rimuoviciarpame.com | riparaminacce.com | riparasubito.com | safeharddrive.com | safepctool.com | safudaijoubu.com | salvaspaziosudisco.com | sansendommagement.com | sansinfections.com | sayonarabaggu.com | schijfruimteredder.com | schutzderdaten.com | schutzfuerpc.com | secretosasalvo.com | secretoseguro.com | sefunahimitsu.com | sekretessforsvarare.com | senzadoppioni.com | shingaidome.com | shinraihogo.com | shinraipafomansu.com | shisutemudifensu.com | sichererschutz.com | sikkerbrukere.com | sikkerpcredskap.com | sikkersystem.com | sinataques.com | sinrrastros.com | sinsenales.com | sistemaprotegido.com | sistemupyua.com | sisutemuantei.com | sisutemuorugurin.com | skyddsprogram.com | smittfri.com | speichertool.com | stopbedreiging.com | stopminacce.com | storageprotector.com | succesantivirus.com | surfforsure.com | syssauvegarde.com | systemesansfaute.com | systemhoover.com | systemschild.com | tackanejvirus.com | tilforlatelig.com | trasheraser.com | trojansdestroyer.com | trustedantivirus.com | trustedprotection.com | trygpcbruger.com | turnkeyantivirus.com | uk.prevedhosting.net | unidadessanas.com | usuarioprotegido.com | utiledereparation.com | utilisateursur.com | vaktmotvirus.com | virenvernichter.com | virusbekaemper.com | viruskrakker.com | virussperr.com | virusurimuva.com | virusvanger.com | virusvijand.com | volumformatredskap.com | wirusufinisshu.com | wirusukyua.com | wirusushattodaun.com | yourprivacyguard.com | zentaiwakuchin.com

Domains sharing nameservers
acchiappavirus.com | adiosvirus.com | antiamenazas.com | antievidence.com | antivirusfiable.com | antivirusforalle.com | antivirusmagique.com | anzentsuru.com | apagahistorico.com | apolloantivirus.com | archivosenestado.com | atemaiserro.com | atrapavirus.com | aucunchoixpourvirus.com | aucunefaute.com | aucuninfection.com | aucunmenace.com | avseguro.com | bandoalleinfezioni.com | bastioneantivirus.com | beskyttelseonline.com | beskyttendevaerktoj.com | blanchdisc.com | borresuspasos.com | bossedeserreurs.com | brossedesfautes.com | bugseraser.com | chasseurdeserreures.com | cleanpctool.com | cleanuptool.com | confidentsurf.com | confidentuser.com | contenidoseguros.com | contenteraser.com | curerrores.com | dataconfidentiality.com | defensecelebre.com | defensededriver.com | defensedinformation.com | defensedudisque.com | defensivesystem.com | dejitarufukugen.com | dejitarukyoikira.com | dejitaruwakuchin.com | detapurotekuta.com | detaripea.com | detectaerrores.com | diskassistent.com | disksizesaver.com | disksparare.com | disukushuri.com | doubledefender.com | driversecurise.com | einwandfreierpc.com | eliminadordeamenazas.com | emperahogo.com | enmiendaerrores.com | erasutoppu.com | errorfighter.com | essentialeraser.com | extremuclean.com | fairukyua.com | feilvakt.com | fejlfripc.com | fejlreparering.com | felfixare.com | ferramentasegura.com | festplattentool.com | filtredetraces.com | fixthemnow.com | fjernervirus.com | foutenwacht.com | geheugenredder.com | guardiandelaprivacidad.com | gubbishremover.com | hackerstaisaku.com | herramientasegura.com | historialout.com | ingavirus.com | ingenmulighetforvirus.com | inmunepc.com | keinespurenlassen.com | keineviren.com | knowhowprotection.com | konsekiauto.com | kontentsufiruta.com | kurinkonseki.com | kyoiireza.com | largavidapc.com | limpietodo.com | lomejorenantivirus.com | longlifepc.com | lungavitapc.com | manutencaopc.com | menacefighter.com | menacemonitor.com | menacescrubber.com | monitordeamenazas.com | mycontentassistant.com | netsurfageassure.com | nettoyeurdeserreures.com | nettoyeurdevirus.com | ohnespurensurfen.com | omelhorantivirus.com | onlineverktyg.com | onrainpurotekuta.com | oruripea.com | pasderreurs.com | pasdesfautes.com | pasdesmenaces.com | pasendommagement.com | pasplusdespertes.com | pasplusdevirus.com | pcantiviruspro.com | pcassertor.com | pcboosterpro.com | pcbunan.com | pceternel.com | pcforfender.com | pchealthkeeper.com | pchjaelper.com | pcinforedder.com | pclibredevirus.com | pcredskab.com | pcsansbug.com | pcsecurise.com | pctoolpro.com | pcultralimpia.com | pcveiligheidstool.com | poseidonantivirus.com | preservingtool.com | privacidadgarantizada.com | privacidadyseguridad.com | privacywarrior.com | protecaoconfiavel.com | proteccionasegurada.com | proteccioncompleta.com | proteccionimperial.com | protecteurdinfo.com | protectiondedriver.com | protectiondenetsurfage.com | proteggidati.com | puraibashihosho.com | puraibashitoshinrai.com | rendimientototal.com | rensanu.com | reparaerrores.com | repareja.com | reparemenaces.com | repareya.com | rimuoviciarpame.com | riparaminacce.com | riparasubito.com | safeharddrive.com | safepctool.com | safudaijoubu.com | salvaspaziosudisco.com | sansendommagement.com | sansinfections.com | sayonarabaggu.com | schijfruimteredder.com | schutzderdaten.com | schutzfuerpc.com | secretosasalvo.com | secretoseguro.com | sefunahimitsu.com | sekretessforsvarare.com | senzadoppioni.com | shingaidome.com | shinraihogo.com | shinraipafomansu.com | shisutemudifensu.com | sikkerbrukere.com | sikkerpcredskap.com | sikkersystem.com | sinataques.com | sinrrastros.com | sinsenales.com | sistemaprotegido.com | sistemupyua.com | sisutemuantei.com | sisutemuorugurin.com | skyddsprogram.com | smittfri.com | speichertool.com | stopbedreiging.com | stopminacce.com | succesantivirus.com | surfforsure.com | syssauvegarde.com | systemesansfaute.com | systemhoover.com | systemschild.com | tackanejvirus.com | tilforlatelig.com | trustedantivirus.com | trustedprotection.com | trygpcbruger.com | turnkeyantivirus.com | uk.prevedhosting.net | unidadessanas.com | usuarioprotegido.com | utiledereparation.com | utilisateursur.com | vaktmotvirus.com | virenvernichter.com | virusbekaemper.com | virussperr.com | virusurimuva.com | virusvanger.com | virusvijand.com | volumformatredskap.com | winchesterprotector.com | wirusufinisshu.com | wirusukyua.com | wirusushattodaun.com | zentaiwakuchin.com


2 comments to...
“ALERT: Malvertizement featuring Skype”

Novack

You suck. Take your Vista aids and jam them up your ass. Windows is ***. IE is ***. Its all ***.



sandi

My readers may like to know that our unfriendly correspondent “Novack” posted from IP address 71.29.80.79, a dynamic IP that leads us back to Windstream Communications Inc.  71.29.80.79 is, at time of writing, located in Lincoln, Nebraska (http://www.utrace.de).  The address for reporting abuse to Windstream Communications Inc is abuse@windstream.net, or the telephone number 1-888-292-3827.


Edit: the Geobytes flag has been removed from the blog being discussed below – YAY!!! I was pinged by another MVP tonight, who was very concerned because he had visited a blog on msmvps.com, only to have his web browser immediately hijacked – redirected away from the blog he wanted to read to ozdirect.com.au.  So, […]

Previous Entry

Campaign URLS (you will note that the campaign is identical to the one for the Skype malvertizement): waytotheprofit.com/?cmpid=contangogostation-appraisals.com/c/index.php?id=<<removed>>

Next Entry

Archives