Results 1 to 9 of 9
  1. #1
    ABW Adviser Panel Dynamoo's Avatar
    Join Date
    January 18th, 2005
    Location
    Opposite the Slough of Despond
    Posts
    5,465
    Exclamation Findwhat / Doubleclick and DNS Poisoining
    In case you didn't already know, the Internet Storm Center has issued a rare Yellow Alert due to a spare of DNS poisoning attacks - basically a way of 0wning a DNS server and redirecting victims (usually whole organisations) to PPC portals.

    According to this excellent writeup at LURQH, the hijackers are using Findwhat and Doubleclick to try to earn money from this unlawful activity. Some of you might remember that Findwhat has been accused of supplying PPC services to parasiteware pushers before.

    It's a good article and worth reading through to the end.. the last paragraph is particularly interesting:

    It doesn't seem too far-fetched to imagine that the persons responsible for the DNS hijacking could be apprehended simply by serving FindWhat with a subpoena to find out where they've been sending the checks for the affiliate IDs being passed in the search redirects. However, this activity has persisted for years now without much law enforcement interest, and as each new affiliate comes on board they invent their own scheme to abuse the PPC system. Clearly it seems that through the chain of advertiser to consumer and back again, the end user is ultimately paying to have him or herself hijacked.
    Innovative advertising with Slimeware Corporation and Telephore. Mail-order fuel with Petrol Direct.

  2. #2
    15 years and counting
    Join Date
    January 18th, 2005
    Posts
    6,121
    Just as a reminder
    http://forum.abestweb.com/showthread...1&page=5&pp=25
    On March 22, 2004, Findwhat acquired all of the outstanding stock of Comet Systems, Inc., a leading provider of connected desktop consumer software, pursuant to a merger of Comet with and into their wholly-owned subsidiary.
    Comet Systems, Inc., a software company launched in 1997, acquired Screensavers.com in 2003.
    Screensavers.com, the content and media division of Findwhat.com (NASDAQ:FWHT), is the #1 advertising-supported digital media website for free, safe and easy to download screensavers and desktop wallpaper.

    Thank you, CJ, nice partners you have here!

    Todd Crawford - it is my understanding that the previous company (coment cursor) and any behavior associated with them is not relevant to the current company's behavior.
    Are you sure?

  3. #3
    2005 Linkshare Golden Link Award Winner  ecomcity's Avatar
    Join Date
    January 18th, 2005
    Location
    St Clair Shores MI.
    Posts
    17,328
    Read up on this earlier today as the cybercrime units went on full alert as this exploit of the DNS system also directed URL typed sites to identity theft phisher sites. The greed driven Spyware/Adware perps monitizing cybercriminals hiding in the affiliate ranks are behind this to increase infestation rates.

    http://isc.sans.org/presentations/dnspoisoning.php

    Follow the money trail....."The motivation for these attacks is very simple: money. The end goal of
    the first attack was to install spyware/adware on as many Windows
    machines as possible. A good spyware/adware program can generate
    significant revenue for the attacker.

    There is an excellent write-up by the folks at LURHQ that describes the
    pay-per-click (PPC) advertising scheme that is likely behind the
    first/third attacks: http://www.lurhq.com/ppc-hijack.html.

    The second attack seems to have been launched by a known spammer. But
    this is quite a complicated attack for a spammer, so my current theory
    is that the attacker(s) are contracting their services for hire.

    The motivation for our detailed analyis was because of the DNS cache
    poisoning attack, which has the potential for affecting millions of
    Internet users and enabling some very dangerous attacks. After
    receiving a couple of reliable reports, it became clear to us that we
    needed to get to the very bottom of this attack."

    Nice to see the DNS poisoning perps and all involved in enabling the exploit face an automatic mandintory 5 year add-on federal prison sentence due to the phishing activity.
    Webmaster's... Mike and Charlie

    "What have you done today to put real value into a referral click...from a shoppers viewpoint!"

  4. #4
    15 years and counting
    Join Date
    January 18th, 2005
    Posts
    6,121
    CJ Advertiser Detail- FindWhat.com Advertiser Referrer Affiliate Program through Commission Junction can provide you with the opportunity to make some additional revenue, while providing your customers with a special offer!
    CJ and their affiliates for FindWhat.com are in the money trail. I'm wondering what kind of trouble it could mean?
    LURQH - It doesn't seem too far-fetched to imagine that the persons responsible for the DNS hijacking could be apprehended simply by serving FindWhat with a subpoena to find out where they've been sending the checks for the affiliate IDs being passed in the search redirects.

  5. #5
    ABW Adviser Panel Dynamoo's Avatar
    Join Date
    January 18th, 2005
    Location
    Opposite the Slough of Despond
    Posts
    5,465
    Well, it's almost definite that Findwhat aren't responsible for the DNS hijacking, but on the other hand the LURQH article clearly shows that the money trail goes through them. And I'm pretty sure that this incident is going to be on the radar of the relevant law enforcement people.

    Innovative advertising with Slimeware Corporation and Telephore. Mail-order fuel with Petrol Direct.

  6. #6
    ABW Adviser Panel Dynamoo's Avatar
    Join Date
    January 18th, 2005
    Location
    Opposite the Slough of Despond
    Posts
    5,465
    LURQH = LURHQ by the way. I always get that wrong!
    Innovative advertising with Slimeware Corporation and Telephore. Mail-order fuel with Petrol Direct.

  7. #7
    15 years and counting
    Join Date
    January 18th, 2005
    Posts
    6,121
    From InformationWeek
    New Domain Poisoning Attacks Microsoft Servers April 6, 2005
    http://www.informationweek.com/story...01495&tid=5978
    The newest attack, said Kyle Haugsness, one of the ISC analysts, is actually the third since March 4. Like the initial attack, the motivation is certainly money, since the result is again the installation of mass quantities of spyware on victims' PCs.
    That's a small world. And again, commissions are being stolen from hard working Affiliates.

  8. #8
    I like traffic lights
    Join Date
    January 18th, 2005
    Location
    Southern hemisphere - away from Fukushima
    Posts
    2,936
    Also, let's not forget that Findwhat via CJ only pays out to affiliates it the lead deposits $50. If they only deposit the minimum $25, the affiliate gets ZILCH.

    Amazing that they're allowed to NOT make that clear in their blurb at CJ.

    Apparently the "majority" of clients decide to upgrade to the $50 deposit (because they get an extra $5 in their account, but that still means affiliates are supplying findwhat with clients FOR FREE.

  9. #9
    ABW Adviser Panel Dynamoo's Avatar
    Join Date
    January 18th, 2005
    Location
    Opposite the Slough of Despond
    Posts
    5,465
    I believe that FindWhat has also been named in a lawsuit (along with many other bigger name PPC services) due to alleged click fraud. Well, this definitely looks like click fraud to me.

    I haven't used FindWhat for about two years.. it never sent me any worthwhile traffic then. I'm glad I don't use 'em now.
    Innovative advertising with Slimeware Corporation and Telephore. Mail-order fuel with Petrol Direct.

  10. Newsletter Signup

+ Reply to Thread

Similar Threads

  1. Same IP/DNS
    By Tami in forum Search Engine Optimization
    Replies: 6
    Last Post: May 25th, 2005, 11:20 AM
  2. Findwhat.com
    By Buddha in forum Midnight Cafe'
    Replies: 8
    Last Post: November 29th, 2003, 06:41 AM
  3. FindWhat
    By snoopy in forum Midnight Cafe'
    Replies: 7
    Last Post: June 11th, 2003, 10:17 PM
  4. findwhat
    By iucpxleps in forum Search Engine Optimization
    Replies: 3
    Last Post: April 22nd, 2002, 03:12 AM
  5. Findwhat
    By in forum Search Engine Optimization
    Replies: 11
    Last Post: November 21st, 2001, 02:15 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •