Results 1 to 2 of 2
  1. #1
    ABW Adviser Panel Dynamoo's Avatar
    Join Date
    January 18th, 2005
    Opposite the Slough of Despond
    There's another update to "Follow the Bouncing Malware" at the ISC.

    The article fingers Sanford Wallace as being one of the people implicated in spreading malware. Sanford Wallace was known as the "Spam King" by some, but claims that he's gone legitimate. My arse.

    If you haven't read the FTBM series I'd advise you do..
    Innovative advertising with Slimeware Corporation and Telephore. Mail-order fuel with Petrol Direct.

  2. #2
    2005 Linkshare Golden Link Award Winner  ecomcity's Avatar
    Join Date
    January 18th, 2005
    St Clair Shores MI.
    Reads like a good mystery book where the scum of the earth team up with the suits to shove Adware up the worlds unsuspecting collective butt.

    "It’s that "something" that’s been slowly pecking away at my subconscious since this whole trip began and has finally surfaced into consciousness only recently. Here it is:

    In FTBM-1:

    1) Joe goes to "" and gets served up a banner ad from
    2) That ad contains an IFRAME that loads mynet-MML.html from
    3) mynet-MML.html contains a script that loads hp2.htm from
    4) hp2.htm whacks Joe’s box with a CHM exploit named (originally enough) hp2.chm
    5) hp2.chm goes out and grabs a file called (seeing a pattern?) hp2.exe
    6) hp2.exe installs "TV media display" on Joe’s machine.

    In FTBM-2:

    1) A trip to Joe’s new default home page (changed in FTBM-1 to ""... no one ever said that these guys were creative when it came to names...) results in the display of "," a warning that Joe’s computer might be (well, duh!) infected with spyware.
    2) In "newspynotice.htm," we found some obfuscated JavaScript that pointed an IFRAME to a file called (hold on.. in case you’re just skimming through this, you need to really start paying attention now, because this is important...) "hp1.htm" from
    3) hp1.html then whacks Joe's box with a CHM exploit named (originally enough) hp1.chm
    4) hp1.chm goes out and grabs a file called (once again, seeing a pattern?) hp1.exe

    Hey... HEY... HEY! What the heck is that all about?

    Well, obviously, the folks who put mynet-MML.html on and newspynotice.htm on "" share the same stunted imagination when it comes to filenames.

    Or something like that...

    Therefore, our goal for today is to try to tie "",, and together.

    So... where do we begin just gets better?

    Infestation is the game the NETWORKS refuse to address. Any thieft knows you gotta beak windows to steal the family jewels.


    ...."Well, if my little excursion into spyware-land has taught me anything, it’s that very little in this ever-shifting terrain stays static. The anti-spyware battle is fought with many of the same "rules" as the anti-virus battle: he who adapts the fastest survives. If you present a fixed target, you get filtered or blocked or "signatured" out of existence. At this point, many of the sites that I’ve mentioned in this chronicle are no longer spyware dumps, having long since been tossed aside once their useful lifetime had expired. In all likelihood, both the Canada and Texas sites are simply innocent hosting companies who were used for connectivity.

    So it appears that the people in the spyware industry have taken a cue from the spammers and they use throwaway accounts and hosting services to do their dirty work. And just like with the spammers, by the time we get around to filtering and blocking a server, they’ve moved on to another.

    While IP addresses may come and go, domain names are forever... So! What can we find out about ""?

    The domain name is registered to:

    Seismic Entertainment Productions, Inc.
    11 Farmington Road
    Rochester, NH 03867 the whole's an eyeopener!
    Todays top TURKEY!
    Webmaster's... Mike and Charlie

    "What have you done today to put real value into a referral click...from a shoppers viewpoint!"

  3. Newsletter Signup

+ Reply to Thread

Similar Threads

  1. Follow "Work from No Home" System or Follow my Heart?
    By Seraffa in forum Newbie Affiliate FAQs & Helpful Articles
    Replies: 5
    Last Post: January 15th, 2013, 01:36 PM
  2. Follow the Bouncing Malware III
    By Dynamoo in forum Midnight Cafe'
    Replies: 4
    Last Post: November 5th, 2004, 05:19 AM
  3. "Follow the Bouncing Malware"
    By Dynamoo in forum Midnight Cafe'
    Replies: 7
    Last Post: August 24th, 2004, 07:49 AM
  4. Follow the bouncing camera merchants
    By Nature Boy in forum Rakuten LinkShare - LS
    Replies: 5
    Last Post: January 30th, 2003, 01:54 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts