| View previous topic :: View next topic |
| Author |
Message |
suzi
Site Admin
Joined: 27 Jul 2003
Last Visit: 25 May 2013
Posts: 10271
Location: sunny California
|
 Posted: Mon Jun 19, 2006 5:41 pm Post subject: Webhelper's site under attack by DollarRevenue trojan |
 |
|
http://netrn.net/spywareblog/archives/2006/06/19/spyware-fighter-under-attack-by-trojan-from-dollarrevenue/
| Quote: |
In my last blog post, I wrote about adware/spyware company DollarRevenue and their affiliate program including why affiliates like to trash your machines with huge bundles of adware/spyware. It’$ all about the $Money$.
Now one of the best and most revered spyware fighters around is under attack by a trojan from that very same DollarRevenue group.
Webhelper, whose real name is Patrick Jordan, Senior Malware Researcher for Sunbelt-Software, has posted this message on his site.
| Quote: |
Updated: 19 June, 2006 05:12 PM
As of June 16, 2006, I have been under a DDos attack from a trojan installer that DollarRevenue.com began using which was called from one of the Russian VladZone gangs sites and which with my current hosting company, I cannot block the attacks which in 3 days went over 125 Gig in bandwidth usage of my alloted 200Gig per month. They are putting url addressess to free web pages designed to load my sites pages as if they were images and with the use of a trojan from the VladZone and bundled in DollarRevenue.com infestations, I cannot and will not put all my time into fighting groups that have been running since 2003 and authorities around the world have not been able to stop. |
I deliberately did not link to the site in order to conserve bandwidth there.
This isn’t the first time anti-spyware sites have been attacked by spyware pushers. In 2004 Spywareinfo.com, Tom Coyote’s site and CastleCops were hit by massive DDoS attacks. |
_________________
Former Microsoft MVP 2005-2009, Consumer Security
Please do not PM or Email me for personal support. Post in the Forums instead and we will all learn.  |
|
| Back to top |
|
 |
mikey
Malware Expert
Joined: 12 Feb 2004
Last Visit: 03 Sep 2012
Posts: 1061
Location: CenTex
|
| Posted: Mon Jun 19, 2006 6:55 pm Post subject: |
|
|
I would offer the customary mirror pages but I would go one step further in offering temp hosting for the domain on our appliance/s where I personally control the firewalling.
I'd be curious to see just how many sources are involved. I doubt we could withstand the 50k sources involved in the SI attack but I think we could handle several thousand without interruption.
Anyway, if interested, our systems reside at a mid-upper level and utilize the EV1 data center telco level thruput on RHE/Ensim/Apache.
Not meaning to advertise but in case he's in the market for a more permanent hosting solution, we are currently offering shares in a non-profit endeavor to help each other out with provider level resources at cost. You can read about it here; http://stuff.voiceofthepublic.com/modules/news/article.php?storyid=6
_________________
-
W2K/2K3/XP/2K8/Vista/W7/RHE/DEBIAN/SUSE
Spyware/Adware is NOT freeware, it costs all of us dearly.
Mikey's Stuff
Fiddler and friends...essential web diagnostic, forensic, & development tools.
- |
|
| Back to top |
|
|
suzi
Site Admin
Joined: 27 Jul 2003
Last Visit: 25 May 2013
Posts: 10271
Location: sunny California
|
| Posted: Mon Jun 19, 2006 7:39 pm Post subject: |
|
|
Mikey, I mentioned to him that he might want to check with you because I heard you run a really secure box.
_________________
Former Microsoft MVP 2005-2009, Consumer Security
Please do not PM or Email me for personal support. Post in the Forums instead and we will all learn. |
|
| Back to top |
|
|
mikey
Malware Expert
Joined: 12 Feb 2004
Last Visit: 03 Sep 2012
Posts: 1061
Location: CenTex
|
| Posted: Mon Jun 19, 2006 8:56 pm Post subject: |
|
|
Thx Suzi.
I think it is probably something we could handle. I was just checking out the monitors and there doesn't appear to be any really significant spikes reported for :80
Ref;
These snapshots are not always indicative of reality tho.
_________________
-
W2K/2K3/XP/2K8/Vista/W7/RHE/DEBIAN/SUSE
Spyware/Adware is NOT freeware, it costs all of us dearly.
Mikey's Stuff
Fiddler and friends...essential web diagnostic, forensic, & development tools.
- |
|
| Back to top |
|
|
webhelper
SWW Expert
Joined: 11 Apr 2004
Last Visit: 16 Jul 2011
Posts: 1090
|
| Posted: Tue Jun 20, 2006 6:21 am Post subject: |
|
|
Update on the DDos attacks. Seems that the sites bandwidth excess yesterday is over as they are up and running again. I saved a copy of the page and they are not only attacking my site but also a russian site.
The other site is clock.bb0.ru, so it looks like Dollarrevenue and the vladzone gang are attacking Russians as well.
_________________
Wächter der Geschichten:
http://www.webhelper4u.com/thewatcher.html
Member of ASAP Since 2004 |
|
| Back to top |
|
|
datababe
Warrior
Joined: 13 Dec 2004
Last Visit: 10 Oct 2012
Posts: 217
Location: Inside your head
|
| Posted: Tue Jun 20, 2006 8:43 am Post subject: |
|
|
"The Godfather" goes high tech.  |
|
| Back to top |
|
|
thejynxed
Warrior
Joined: 09 Nov 2004
Last Visit: 14 Oct 2007
Posts: 89
Location: Pennsylvania
|
| Posted: Sun Jul 02, 2006 3:37 pm Post subject: |
|
|
These jerks all act like petulant children. You expose them and they act like the kid who goes "Meanie!" before stomping all over your sand castle.
_________________
"I stab thee with a rusty spork."
  |
|
| Back to top |
|
|
Chao284
Warrior
Joined: 06 Sep 2004
Last Visit: 06 Aug 2011
Posts: 220
Location: Bremerton, WA
|
| Posted: Fri Jul 07, 2006 7:09 pm Post subject: |
|
|
| By any chance would Dollarrevenue and vladzone be related to Cool Web Search and or Direct Revenue/Transponder by any chance, just wanted to ask that? |
|
| Back to top |
|
|
|
