|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: block all popups [google knockoff]
From: sh0rtie (this.is
gmail.com)
Date: Thu Aug 26 2004 - 16:06:38 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
its spyware
a quick peek inside the installer reveals links to toolbarshopper.com
so definatly not google (although the toolbar does have links to use
google as well as the usual affiliate links to other sites (using
linksynergy)
the site at ipaddress where the installer is located has links selling
an ebook ,following the money (purchase) leads to a site
called moreinfo4you.net a whois of this site reveals
domain: moreinfo4you.net
status: production
organization: CSI
owner: James Real jackson
email: domainaliasyahoo.com
address: 23244 Avenida Pico
city: San Clemente
state: CA
postal-code: 92654
country: US
admin-c: domainaliasyahoo.com#0
tech-c: domainaliasyahoo.com#0
billing-c: domainaliasyahoo.com#0
nserver: ns.dnsfree.biz
nserver: ns2.dnsfree.biz
registrar: JORE-1
created: 2004-08-22 19:53:30 UTC JORE-1
modified: 2004-08-22 22:25:43 UTC JORE-1
expires: 2005-08-22 15:53:28 UTC
source: joker.com
db-updated: 2004-08-26 20:40:16 UTC
fake details and joker.com is a public dns service often used by
scammers because they can change domain ipaddresses (where the domain
points to) quickly
the ipaddress where the exe is located is based in korea (probably a
compromised adsl machine)
inetnum: 61.248.0.0 - 61.255.255.255
netname: KRNIC-KR
descr: KRNIC
descr: Korea Network Information Center
country: KR
admin-c: HM127-AP
tech-c: HM127-AP
remarks: ******************************************
remarks: KRNIC is the National Internet Registry
remarks: in Korea under APNIC. If you would like to
remarks: find assignment information in detail
remarks: please refer to the KRNIC Whois DB
remarks: http://whois.nic.or.kr/english/index.html
remarks: ******************************************
mnt-by: APNIC-HM
mnt-lower: MNT-KRNIC-AP
changed: hostmasterapnic.net 20010321
changed: hostmasterapnic.net 20010606
status: ALLOCATED PORTABLE
source: APNIC
person: Host Master
address: 11F, KTF B/D, 1321-11, Seocho2-Dong, Seocho-Gu,
address: Seoul, Korea, 137-857
country: KR
phone: +82-2-2186-4500
fax-no: +82-2-2186-4496
e-mail: hostmasternic.or.kr
nic-hdl: HM127-AP
mnt-by: MNT-KRNIC-AP
changed: hostmasternic.or.kr 20020507
source: APNIC
regards
On Tue, 24 Aug 2004 21:49:41 -0400, Jeremy Heslop <vectorezy.net> wrote:
> Not sure who this should go to, but I received an email the other day
> and it is advertising the google toolbar. It installs a toolbar, but not
> googles. Looks sketchy to me and similar to other phishing attempts. URL
> to valuebar_setup.exe was in email.
>
> Jeremy
>
> Html email here: http://footon.jheslop.com/block%20all%20popups.html
> txt email here: http://footon.jheslop.com/block%20all%20popups.txt
>
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]