Spyware Sucks
“There is no magic fairy dust protecting Macs" – Dai Zovi, author of “The Mac Hacker’s Handbook"

ALERT: please treat all content from metrixlab-tds.com with extreme caution

October 30th 2008 in Uncategorized

Courtesy of Kimberley

URLs used to facilitate the hijacking:

bannersrotator.com/fx22010/click.php
stl.0ups.com/stl/in.cgi?24&

Note that different SWF files are served to the potential victim, depending on the version of Flash being used…

I’ll also emphasise that the malicious domain is not associated with the legitimate company Metrixlab at www.metrixlab.com.

AND, guess who is the ICANN Registrar…. DIRECTI.

I ask you, what possible excuse is there for accepting an WHOIS entry like the one for metrixlab-tds.com?

ad1.metrixlab-tds.com – 82.98.193.102
Registrar: DIRECTI INTERNET SOLUTIONS PVT. LTD. D/B/A PUBLICDOMAINREGISTRY.COM
Sharing IP with A Record: tds1.onlineredirsystem.com
Registrant:
    n/a
    Josh Silver (metrixlab.uk@googlemail.com)
    n/a
    n/a
    n/a
    n/a
    ,000000
    US
    Tel. +999.999999999

bannersrotator.com – 82.98.193.165
Registrar: DIRECTI INTERNET SOLUTIONS PVT. LTD. D/B/A PUBLICDOMAINREGISTRY.COM
Registrant:
    N/A
    Jonh Anderson (mailalexmail@gmail.com)
    Mulwar str.46
    New York
    null,12576
    US
    Tel. +534.347324774

stl.0ups.com – 82.98.193.166 and 82.98.235.104
Registrar: DIRECTI INTERNET SOLUTIONS PVT. LTD. D/B/A PUBLICDOMAINREGISTRY.COM
Registrant:
    N/A
    Jonh Anderson (mailalexmail@gmail.com)
    Mulwar str.46
    New York
    null,12576
    US
    Tel. +534.347324774

image

image image

image

 

 

 

 

image

image

image image

image

 

 

 

 

 

 

 

 

 

image image

image


Comments are closed.

This time we see that he is tweaking the WHOIS for traveltray.com and workhomecenter.com.     To recap, so far he has tweaked mydwnld.info, matchservice.com, supportsvc.com, getfreecar.com and veritylimited.com in recent times:

Previous Entry

Mea culpa: Marian is apparently male, not female.
Marian Radu of the Microsoft Malware Protection Center has written about SWF being used for malware.  She He states:

“What I found out is that, excluding flash exploits, SWFs are mainly used as redirectors”

Yep, we know this … that is why Flash is “the Typhoid Mary of the Internet”.
I’m […]

Next Entry

Archives