lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <2135dbeb040826140673ced9ef@mail.gmail.com>
From: this.is at gmail.com (sh0rtie)
Subject: Re: block all popups [google knockoff]

its spyware
a quick peek inside the installer reveals links to toolbarshopper.com
so definatly not google (although the toolbar does have links to use
google as well as the  usual affiliate links to other sites (using
linksynergy)

the site at ipaddress where the installer is located has links selling
an ebook ,following the money (purchase) leads to a site
called moreinfo4you.net a whois of this site reveals

domain:       moreinfo4you.net
status:       production
organization: CSI
owner:        James Real jackson
email:        domainalias@...oo.com
address:      23244 Avenida Pico
city:         San Clemente
state:        CA
postal-code:  92654
country:      US
admin-c:      domainalias@...oo.com#0
tech-c:       domainalias@...oo.com#0
billing-c:    domainalias@...oo.com#0
nserver:      ns.dnsfree.biz
nserver:      ns2.dnsfree.biz
registrar:    JORE-1
created:      2004-08-22 19:53:30 UTC JORE-1
modified:     2004-08-22 22:25:43 UTC JORE-1
expires:      2005-08-22 15:53:28 UTC
source:       joker.com
db-updated:   2004-08-26 20:40:16 UTC

fake details and joker.com is a public dns service often used by
scammers because they can change domain ipaddresses (where the domain
points to) quickly

the ipaddress where the exe is located is based in korea (probably a
compromised adsl machine)

inetnum:      61.248.0.0 - 61.255.255.255
netname:      KRNIC-KR
descr:        KRNIC
descr:        Korea Network Information Center
country:      KR
admin-c:      HM127-AP
tech-c:       HM127-AP
remarks:      ******************************************
remarks:      KRNIC is the National Internet Registry
remarks:      in Korea under APNIC. If you would like to
remarks:      find assignment information in detail
remarks:      please refer to the KRNIC Whois DB
remarks:      http://whois.nic.or.kr/english/index.html
remarks:      ******************************************
mnt-by:       APNIC-HM
mnt-lower:    MNT-KRNIC-AP
changed:      hostmaster@...ic.net 20010321
changed:      hostmaster@...ic.net 20010606
status:       ALLOCATED PORTABLE
source:       APNIC

person:       Host Master
address:      11F, KTF B/D, 1321-11, Seocho2-Dong, Seocho-Gu,
address:      Seoul, Korea, 137-857
country:      KR
phone:        +82-2-2186-4500
fax-no:       +82-2-2186-4496
e-mail:       hostmaster@....or.kr
nic-hdl:      HM127-AP
mnt-by:       MNT-KRNIC-AP
changed:      hostmaster@....or.kr 20020507
source:       APNIC


regards





On Tue, 24 Aug 2004 21:49:41 -0400, Jeremy Heslop <vector@....net> wrote:
> Not sure who this should go to, but I received an email the other day
> and it is advertising the google toolbar. It installs a toolbar, but not
> googles. Looks sketchy to me and similar to other phishing attempts. URL
> to valuebar_setup.exe was in email.
> 
> Jeremy
> 
> Html email here:  http://footon.jheslop.com/block%20all%20popups.html
> txt email here: http://footon.jheslop.com/block%20all%20popups.txt
>


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ