Spyware Warrior Spyware Warrior
Help with Spyware, Hijacking & Other Internet Nuisances
 
FAQ :: Search :: Memberlist :: Usergroups :: Register
Profile :: Log in to check your private messages :: Log in

Another Rogue Security Center App

 
Post new topic   Reply to topic    Spyware Warrior Forum Index -> Anti-Spyware and Security Software Discussion
View previous topic :: View next topic  
Author Message
MaKaVeLi
SWW Graduate


Joined: 04 Aug 2005
Last Visit: 07 Sep 2007
Posts: 158
Location: USA

PostPosted: Tue Jan 17, 2006 7:21 pm    Post subject: Another Rogue Security Center App Reply with quote

I didn't see this one on the list yet.

hxxp://www.uptodatesecurity.com/

hxxp://www.pesttrap.com/
_________________
Back to top
View user's profile Send private message AIM Address
suzi
Site Admin


Joined: 27 Jul 2003
Last Visit: 28 Apr 2017
Posts: 10420
Location: at the beach

PostPosted: Tue Jan 17, 2006 7:32 pm    Post subject: Reply with quote

MaKaVeLi, which list do you mean? They are not in IE-SPYAD, but Eric hasn't been putting fake security center domains on the rogue list, if that's what you meant.

Thanks for posting them. We will certainly check them. Are those 2 showing up in HJT logs? How did you find them, if I can ask? I'm wondering if they are used for hijacking...

Edit - I see the app now Pesttrap and it isn't on the page, but I suspect it will be soon. Evil or Very Mad

I'll check out the domain whois info too.

Edit- I see the domain uptodatesecurity.com is already showing up in logs on Google.
_________________
Former Microsoft MVP 2005-2009, Consumer Security
Please do not PM or Email me for personal support. Post in the Forums instead and we will all learn. Smile


Last edited by suzi on Tue Jan 17, 2006 8:38 pm; edited 1 time in total
Back to top
View user's profile Send private message Visit poster's website
suzi
Site Admin


Joined: 27 Jul 2003
Last Visit: 28 Apr 2017
Posts: 10420
Location: at the beach

PostPosted: Tue Jan 17, 2006 7:52 pm    Post subject: Reply with quote

From known rogue ISP Intercage:

http://www.whois.sc/pesttrap.com

Quote:
Domain Name: PESTTRAP.COM

Registrant:
Popandopulos Ltd
Alison Popandopulos ()
2 Pyramid, Room 34
Chalkidiki
Chalkidiki,126322
GR
Tel. +001.41512345678

Creation Date: 19-Sep-2005
Expiration Date: 19-Sep-2007

Domain servers in listed order:
ns1.pesttrap.com
ns2.pesttrap.com


http://www.whois.sc/69.50.167.173

Quote:
OrgName: InterCage, Inc.
OrgID: INTER-359
Address: 1955 Monument Blvd.
Address: #236
City: Concord
StateProv: CA
PostalCode: 94520
Country: US

ReferralServer: rwhois://rwhois.intercage.com:4321/

NetRange: 69.50.160.0 - 69.50.191.255
CIDR: 69.50.160.0/19
NetName: INTERCAGE-NETWORK-GROUP
NetHandle: NET-69-50-160-0-1
Parent: NET-69-0-0-0-0
NetType: Direct Allocation
NameServer: MAIL.ATRIVO.COM
NameServer: PAVEL.ATRIVO.COM
Comment:
RegDate: 2003-06-04
Updated: 2005-09-01


Blacklisted already:

http://www.whois.sc/rbl/?ip=69.50.167.173

http://spews.org/html/S2489.html

Evil or Very Mad

http://www.whois.sc/uptodatesecurity.com

UPTODATESECURITY.COM

Quote:
Website Title: Security Center
Response Code: 200
SSL Cert: No valid SSL on this Host, Get Secure
Alexa Trend/Rank: Not Ranked
Website Status: Active
Reverse IP: Web server hosts 5 websites (reverse ip tool requires free login)
Server Type: Apache
(Spry.com also uses Apache)
IP Address: 85.255.115.174 (ARIN & RIPE IP search)
IP Location: - Inhoster Hosting Company
Blacklist Status: Listed - Cached Today (details)
Whois History: 5 records stored
Oldest: 2006-01-06
Newest: 2006-01-14


It says the whois server is down. Frpm the history:

Quote:
Domain: uptodatesecurity.com
Cache Date: 2006-01-14
Registrar: CRITICAL INTERNET, INC.

--------------------------------------------------------------------------------
Registration Service Provided By: ESTDOMAINS
Contact: +372.55647646
Website: http://www.estdomains.com

Domain Name: UPTODATESECURITY.COM

Registrant:
na
Fom Terrens ()
PO Box 378
Senta
,47297
SE
Tel. +44.373849294572

Creation Date: 27-Dec-2005
Expiration Date: 27-Dec-2006

Domain servers in listed order:
ns1.uptodatesecurity.com
ns2.uptodatesecurity.com


http://www.whois.sc/85.255.115.174

Inhoster Hosting Company aka Esthost I think.

5 domains found on 85.255.115.174
Showing all 5.

Website
Dns404.net
Necessaryupdates.com
Securitywarnings.net
Systemupdates.net
Uptodatesecurity.com

http://www.whois.sc/dns404.net
http://www.whois.sc/necessaryupdates.com not in IE-SPYAD
http://www.whois.sc/securitywarnings.net not in IE-SPYAD
http://www.whois.sc/systemupdates.net not in IE-SPYAD

systemupdate.net is in IE-SPYAD, but not systemupdates.net

These domains were just registered within the last week or so. Evil or Very Mad
_________________
Former Microsoft MVP 2005-2009, Consumer Security
Please do not PM or Email me for personal support. Post in the Forums instead and we will all learn. Smile
Back to top
View user's profile Send private message Visit poster's website
eburger68
SWW Distinguished Expert


Joined: 23 Jun 2004
Last Visit: 18 Nov 2008
Posts: 575
Location: Clearwater, FL

PostPosted: Tue Jan 17, 2006 11:56 pm    Post subject: Reply with quote

Hi All:

It's another SpySheriff clone.

(sigh)

Eric L. Howes
Back to top
View user's profile Send private message Send e-mail Visit poster's website
MaKaVeLi
SWW Graduate


Joined: 04 Aug 2005
Last Visit: 07 Sep 2007
Posts: 158
Location: USA

PostPosted: Wed Jan 18, 2006 12:15 pm    Post subject: Reply with quote

suzi wrote:
Edit - I see the app now Pesttrap and it isn't on the page, but I suspect it will be soon. Evil or Very Mad


Yeah I meant the app. Smile
_________________
Back to top
View user's profile Send private message AIM Address
suzi
Site Admin


Joined: 27 Jul 2003
Last Visit: 28 Apr 2017
Posts: 10420
Location: at the beach

PostPosted: Wed Jan 18, 2006 10:26 pm    Post subject: Reply with quote

Thanks again for posting that. It's already being detected by some AV's. See SunbeltBLOG for more info.

http://sunbeltblog.blogspot.com/
_________________
Former Microsoft MVP 2005-2009, Consumer Security
Please do not PM or Email me for personal support. Post in the Forums instead and we will all learn. Smile
Back to top
View user's profile Send private message Visit poster's website
Display posts from previous:   
Post new topic   Reply to topic    Spyware Warrior Forum Index -> Anti-Spyware and Security Software Discussion All times are GMT - 8 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



smartBlue Style © 2002 Smartor
Powered by phpBB © 2001, 2002 phpBB Group