Results 1 to 5 of 5
  1. #1
    ABW Adviser Panel Dynamoo's Avatar
    Join Date
    January 18th, 2005
    Location
    Opposite the Slough of Despond
    Posts
    5,465
    For those that have been following it, Tom Liston at the Internet Storm Center has published his third part of the "Follow the Bouncing Malware" story, which is a detailed analysis of a particular type of spyware infestation and what it does.

    It's here: http://isc.sans.org/diary.php?date=2004-11-04 - and also has links back to the original two parts. Recommended reading IMHO.
    Innovative advertising with Slimeware Corporation and Telephore. Mail-order fuel with Petrol Direct.

  2. #2
    ABW Adviser Panel Dynamoo's Avatar
    Join Date
    January 18th, 2005
    Location
    Opposite the Slough of Despond
    Posts
    5,465
    It's interesting that one of the outfits fingered in the report is e2give.com. I wouldn't recommend visiting their site in Internet Explorer just in case they try a drive-by download, but there's plenty of familar merchants there.. just to list a few:

    <UL TYPE=SQUARE><LI>Dentalplans.com
    <LI>Oreck.com
    <LI>Shoes.com
    <LI>SurplusComputers
    <LI>TigerDirect
    <LI>Babystyle
    <LI>EasyClickTravel
    <LI>Mondera
    <LI>Overstock
    <LI>Shutterfly
    <LI>Fogdog
    <LI>ForeclosureNet
    <LI>Motormint
    <LI>NowOnSale
    <LI>Sierra Trading Post[/list]

    Networks that e2give are using are CJ, Bfast and Linksynergy.
    Innovative advertising with Slimeware Corporation and Telephore. Mail-order fuel with Petrol Direct.

  3. #3
    Affiliate Miester my2cents's Avatar
    Join Date
    January 18th, 2005
    Location
    far far away....
    Posts
    2,161
    that's some scary stuff...
    ++++++++++++++++++++++++++++++++++++++++++
    that's my2cents, 'cuz I'm a legend in my own mind....

  4. #4
    Member
    Join Date
    January 18th, 2005
    Location
    Thailand
    Posts
    102
    Thanks Dynamoo, for picking up this very nicely written tale.
    A warning for anyone who starts reading the article,It's not that suitable for a first read with a morning cup of coffee, better wait for tonight with some
    Peter

  5. #5
    Member
    Join Date
    January 18th, 2005
    Location
    Thailand
    Posts
    102
    Anyhow after the second time reading.... i noticed this:
    <BLOCKQUOTE class="ip-ubbcode-quote"><font size="-1">quote:</font><HR>The installation of ezbdlLs.dll dropped a “Utility for downloading files and upgrading software” from “ABetterInternet”, a utility to “Make Your Internet Browsing Simple, Exciting, and Personal” from the fine folks at “ezULA”, and an affiliate ID hijacker called SAHAgent onto Joe’s PC.
    <HR></BLOCKQUOTE>
    Now, isnt that our friend 'Shop at Home Select'?
    Went to their site and found some 'trusted merchants'.....
    >>Chis from Mondera, what's the scope on this...?
    Peter

  6. Newsletter Signup

+ Reply to Thread

Similar Threads

  1. Follow "Work from No Home" System or Follow my Heart?
    By Seraffa in forum Newbie Affiliate FAQs & Helpful Articles
    Replies: 5
    Last Post: January 15th, 2013, 02:36 PM
  2. "Follow the Bouncing Malware" - Part 4
    By Dynamoo in forum Midnight Cafe'
    Replies: 1
    Last Post: November 25th, 2004, 06:41 AM
  3. "Follow the Bouncing Malware"
    By Dynamoo in forum Midnight Cafe'
    Replies: 7
    Last Post: August 24th, 2004, 08:49 AM
  4. Follow the bouncing camera merchants
    By Nature Boy in forum Rakuten LinkShare - LS
    Replies: 5
    Last Post: January 30th, 2003, 02:54 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •