Results 1 to 10 of 10
  1. #1
    OPM and Moderator Chuck Hamrick's Avatar
    Join Date
    April 5th, 2005
    Location
    Park City Utah
    Posts
    16,646
    Is Search42 a parasite??
    Has anyone had experience with Search42 or done any parasite research on them. One of our affiliate managers passed me a list of fraudulent affiliates from his Kowabunga program and which shows Search42.com as a known distributor of spyware. I checked my list of sites and found nothing. Putting Search42 shows three AdWords ads for spyware removal.

  2. #2
    15 years and counting
    Join Date
    January 18th, 2005
    Posts
    6,121
    IMHO they look more like an affiliate ready to be eaten by the parasites. They are associated with less than perfect networks but I can't spot downloads. They have a relationship with Kowabunga advertisers so maybe they noticed something from their traffic.

  3. #3
    Lite On The Do, Heavy On The Nuts Donuts's Avatar
    Join Date
    January 18th, 2005
    Location
    Winter Park, FL
    Posts
    6,930
    Search42 uses the downloaded trojan called Vundo (aka Virtumundo, WinFixer) which then installs the BHO hijacker called MSEvents (aka ATLDistrib). Because they stair step like this, and because the trojan is ranked a low security threat, most anti-virus software will leave it alone. Most antispyware apps will remove the subsequent MSEvents BHO app, but the trojan's there to reinstall it quickly.

    The only effective way to remove it all also requires a dump of your system memory to purge its memory resident remnants. This scares the hell out of people (blue screen of death happens on purpose to remove it) so besides the normal tentacles that prevent removal, they've added a "let's scare the shit out of the consumer" angle to make sure it stays installed.

    Search for "search42" and any of these words to verify my post: Vundo, Virtumundo, WinFixer, MSEvents, ATLDistrib

    And then let other affiliate managers and networks know.

  4. #4
    15 years and counting
    Join Date
    January 18th, 2005
    Posts
    6,121
    Good catch Donuts. They are flying low under the radar. My spyware detector and Siteadvisor don't detect them. They look like an innocent, newbie site. They have a "downloads" section for ring tones and mp3... are they using them to download a trojan at the same time?

  5. #5
    2005 Linkshare Golden Link Award Winner  ecomcity's Avatar
    Join Date
    January 18th, 2005
    Location
    St Clair Shores MI.
    Posts
    17,328
    Thumbs down
    Quote Originally Posted by Donuts
    Search42 uses the downloaded trojan called Vundo (aka Virtumundo, WinFixer) which then installs the BHO hijacker called MSEvents (aka ATLDistrib). Because they stair step like this, and because the trojan is ranked a low security threat, most anti-virus software will leave it alone. Most antispyware apps will remove the subsequent MSEvents BHO app, but the trojan's there to reinstall it quickly.

    The only effective way to remove it all also requires a dump of your system memory to purge its memory resident remnants. This scares the hell out of people (blue screen of death happens on purpose to remove it) so besides the normal tentacles that prevent removal, they've added a "let's scare the shit out of the consumer" angle to make sure it stays installed.

    Search for "search42" and any of these words to verify my post: Vundo, Virtumundo, WinFixer, MSEvents, ATLDistrib

    And then let other affiliate managers and networks know.
    I concur that Search42 and all other variants spread by these wanks are Parasites- Adware- Spyware and definate trojan virus. Hard to remove too...
    http://www.help2go.com/Tutorials/Spy...2_Removal.html has some removal tips.

    Common backdoor for this install and others involving Virtumonde trojans comes from these affiliate communities pushing SpywareBot.com and SpywareBot.net for click and lead fees...

    http://www.siteadvisor.com/sites/spy...t.com/summary/
    Webmaster's... Mike and Charlie

    "What have you done today to put real value into a referral click...from a shoppers viewpoint!"

  6. #6
    Lite On The Do, Heavy On The Nuts Donuts's Avatar
    Join Date
    January 18th, 2005
    Location
    Winter Park, FL
    Posts
    6,930
    Quote Originally Posted by Zeus
    They have a "downloads" section for ring tones and mp3... are they using them to download a trojan at the same time?
    http://www.siteadvisor.com/sites/mp3u.com
    http://www.siteadvisor.com/sites/winantivirus.com
    http://www.siteadvisor.com/sites/winantiviruspro.com
    http://www.siteadvisor.com/sites/amaena.com
    http://www.siteadvisor.com/sites/internetantispy.com
    http://www.siteadvisor.com/sites/systemdoctor.com

    hundreds of sites and techniques, literally too many too list

    travel, teens, mp3, antivirus junk, antispy junk and much more

    innovativemarketing.com folks

  7. #7
    2005 Linkshare Golden Link Award Winner  ecomcity's Avatar
    Join Date
    January 18th, 2005
    Location
    St Clair Shores MI.
    Posts
    17,328
    LOL... www.Innovativemarketing.com ... Innovative Marketing has been working hard developing several products to help the consumer adapt to the change technology brings. Our developers have created software to help your computer adapt as well.

    Our software works to optimize your computer’s potential. We have developed software that will protect your computer against worms, viruses, and other diseases that infect it.
    While others help to “clean” your computer from unwanted elements that tend to slow down your computer’s response time.

    Since the advancement of technology, the issue of privacy has become a worry of many consumers. With the invention of the Internet, came thieves who invade your computer to steal information about you. Our products have been developed to protect your computer against these intruders to assure your identity’s safety.

    There entire site has about 400 words so they don't tip their hand. They infect ...then charge for the cure... how innovative! Looks like a Adwhore front for a download site...

    Current Registrar: TUCOWS INC.
    IP Address: 66.244.254.177 (ARIN & RIPE IP search)
    IP Location: CA(CANADA)-ONTARIO-PETERBOROUGH
    Record Type: Domain Name
    Server Type: Apache
    Lock Status: REGISTRAR-LOCK
    Web Site Status: Active
    DMOZ no listings
    Y! Directory: see listings
    Web Site Title: Welcome To Innovative Marketing
    Secure: No
    E-commerce: No
    Traffic Ranking: Not available
    Data as of: 06-Jul-2006
    Webmaster's... Mike and Charlie

    "What have you done today to put real value into a referral click...from a shoppers viewpoint!"

  8. #8
    OPM and Moderator Chuck Hamrick's Avatar
    Join Date
    April 5th, 2005
    Location
    Park City Utah
    Posts
    16,646
    Alright, you scared the out of me. I will take it out of Ancestry already

  9. #9
    ABW Ambassador Ron Bechdolt's Avatar
    Join Date
    January 18th, 2005
    Location
    Affiliateville, USA
    Posts
    7,927
    I commend Chuck for coming here and asking these kind of questions. I sure wish more AM's would do that. Just think of the housecleaning we could all do for them.

    Thanks, Chuck.
    Ron Bechdolt | Affiliate Program Management Consultant
    7 Days A Week Marketing

  10. #10
    OPM Queen Kristin Kinsey's Avatar
    Join Date
    January 4th, 2006
    Location
    Rolling Hills of Ohio
    Posts
    1,707
    Check both programs at SAS and CJ and did not see them!! Thanks Chuck for pointing them out!!
    KK

  11. Newsletter Signup

+ Reply to Thread

Similar Threads

  1. Another parasite??
    By Gordon in forum Suspicious Activity!
    Replies: 12
    Last Post: June 2nd, 2004, 12:33 PM
  2. Another new parasite?
    By Linda - 5starAffiliatePrograms in forum Suspicious Activity!
    Replies: 18
    Last Post: September 23rd, 2003, 02:29 AM
  3. New parasite?
    By baguio in forum Suspicious Activity!
    Replies: 7
    Last Post: October 31st, 2002, 05:06 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •