[China]
mx.geocities.com/herb_dacosta/?akg=wbfchi
replica-watch-store.bestdealspot.com
IP: 218.104.136.188
http://www.apnic.net/apnic-bin/whois.pl?se...218.104.136.188
Full Version: Bad Websites
thx shadowking 
Linked to email spam / drugs / parasite / hosting suspicious files (test33.exe)
http://www.google.com/search?client=opera&...=utf-8&oe=utf-8
www.kalculus.net/ppcwinner/test33.exe
www.kalculus.net
site-images.ws/cust/26034/test33.EXE
www.ppcappraisal.com
neobax.com
ninopills.neobax.com
http://www.google.com/search?client=opera&...=utf-8&oe=utf-8
www.kalculus.net/ppcwinner/test33.exe
www.kalculus.net
site-images.ws/cust/26034/test33.EXE
www.ppcappraisal.com
neobax.com
ninopills.neobax.com
Banner ad: ww2.loanweb.com
Tracking cookie: valueclick.net
Tracking cookie: valueclick.net
www.kaktuz.com
www.freeprod.com (gives you some bad spyware as found in a number of antispyware forums)
Drops a whole lot of trojan downloaders, or maybe just 1, can't remember. I remeber this one site repeatedly droped trojans on my comp but I can't remember the URL, sorry..
if there is a good way to hunt for these sites please let me know, because I would like to do so..the hardest part is going to the sites w/ out getting infected...I/m more interested in huntin down bad sites than IP addresses because I don't know how i would find which IP's are good/bad.
Oh also http://www.spywarewarrior.com/rogue_anti-spyware.htm#sites is a great source for adding rogue anti-spyware sites to the block list (although don't add the ones that say (note) on the right hand side because those are no longer bad. I am not sure if this is a good idea to add these, because maybe they will all reform and become good eventually.
Also, how do we update the HOSTS file? Just download the new version of it when there is a major update and upload the new .txt file into the hosts manager?
www.freeprod.com (gives you some bad spyware as found in a number of antispyware forums)
Drops a whole lot of trojan downloaders, or maybe just 1, can't remember. I remeber this one site repeatedly droped trojans on my comp but I can't remember the URL, sorry..
if there is a good way to hunt for these sites please let me know, because I would like to do so..the hardest part is going to the sites w/ out getting infected...I/m more interested in huntin down bad sites than IP addresses because I don't know how i would find which IP's are good/bad.
Oh also http://www.spywarewarrior.com/rogue_anti-spyware.htm#sites is a great source for adding rogue anti-spyware sites to the block list (although don't add the ones that say (note) on the right hand side because those are no longer bad. I am not sure if this is a good idea to add these, because maybe they will all reform and become good eventually.
Also, how do we update the HOSTS file? Just download the new version of it when there is a major update and upload the new .txt file into the hosts manager?
| QUOTE (Anti_Spyware @ Nov 6 2005, 10:30 AM) |
| if there is a good way to hunt for these sites please let me know, because I would like to do so..the hardest part is going to the sites w/ out getting infected...I/m more interested in huntin down bad sites than IP addresses because I don't know how i would find which IP's are good/bad. |
Hi Anti-spyware.. thanks for your interest in helping out.
The safest way to hunt bad websites is to use some kind of virtual os , like vmware / virtual pc where your physical computer is not affected..
Other software like Shadowuser/Deepfreeze is also very good , or make a image/backup of your harddrive to restore back to , once you have been infected.
I have a short guide on tracking malware sites here :
http://www.bluetack.co.uk/forums/index.php?showtopic=4138
| QUOTE |
| Oh also http://www.spywarewarrior.com/rogue_anti-spyware.htm#sites is a great source for adding rogue anti-spyware sites to the block list (although don't add the ones that say (note) on the right hand side because those are no longer bad. I am not sure if this is a good idea to add these, because maybe they will all reform and become good eventually. |
We work closely with the great people at Spywarewarrior to get any malware sites blocked as soon as they are discovered , most sites will not appear on the rogues list.
| QUOTE |
| Also, how do we update the HOSTS file? Just download the new version of it when there is a major update and upload the new .txt file into the hosts manager? |
To update the Bluetack Hosts file , it's probably best to use Kims's Hosts manager to download the updated file , it will take care of everything.
Thanks added
Direct Revenue:
www.dr-addremove.com
dr-addremove.com
Rouge anti-spyware:
affiliates.spywaredefense.com
www.teosoft.biz
teosoft.biz
www.shootspyware.com
shootspyware.com
Ads:
ads.urbandictionary.com
ISTbar:
www.news-affairs.com
news-affairs.com
Fake Spy Sweeper website:
www.spyeater.com
spyeater.com
www.dr-addremove.com
dr-addremove.com
Rouge anti-spyware:
affiliates.spywaredefense.com
www.teosoft.biz
teosoft.biz
www.shootspyware.com
shootspyware.com
Ads:
ads.urbandictionary.com
ISTbar:
www.news-affairs.com
news-affairs.com
Fake Spy Sweeper website:
www.spyeater.com
spyeater.com
Did you add the two sites I mentioned Kimberly? You said "added thanks" but I wasn't sure if you were talking to Samurai or me or both of us. Sorry to interrupt I just wanted to clarify
ftp.pisem.net - mentions it on its' frontpage as a attacker's site who uses spam to promote a false update of MSAS and takes the user to this site among others.
1.dns10.peterhost.ru - Trojan Downloader site, also found at doxdesk
bflog.net - installs CHM parasite and password stealing trojan- even the site index contains a parasite- installs through pre SP2 security holes under link of "George W Bush is dead" disguised as a BBC link - possibly linked to CWS gang.
ftp.pisem.net - mentions it on its' frontpage as a attacker's site who uses spam to promote a false update of MSAS and takes the user to this site among others.
1.dns10.peterhost.ru - Trojan Downloader site, also found at doxdesk
bflog.net - installs CHM parasite and password stealing trojan- even the site index contains a parasite- installs through pre SP2 security holes under link of "George W Bush is dead" disguised as a BBC link - possibly linked to CWS gang.
The peterhost.ru entry from my last post is actually already in the blocklist file- just ignore that one, thanks! By the way do we need to get permission from the sites and people who have found these sites like Andrew Clover at doxdesk, etc, before we use them to put into a blocklist? Just wondering. Also, how do we only download the new updates to the blocklist without replacing the entire thing with a new one? How do we keep certain entries seperate from not being replaced with the next version of the list, if we wanted to do that for some reason?
start-space.com
Thanks everyone, added.
| QUOTE (Anti_Spyware) |
| Did you add the two sites I mentioned Kimberly? You said "added thanks" but I wasn't sure if you were talking to Samurai or me or both of us. Sorry to interrupt I just wanted to clarify |
It means that I did add the sites from my last post up to the new post.
| QUOTE (Anti_Spyware) |
| Also, how do we only download the new updates to the blocklist without replacing the entire thing with a new one? How do we keep certain entries seperate from not being replaced with the next version of the list, if we wanted to do that for some reason? |
You can't download only the updates, you download each time the full hosts file. If you want to use the complete current file, use the Replace btn. In case that some entries have been removed (dead servers or errors) but you don't want to remove them, use Append btn. Use the Inclusion or Exclusion list to keep your own entries. Btw, the Hosts Manager has a help file, click on the small arrow at the extreme right border or hit F1.
Kim
Email spam pharmacy [Chinanet]
http://onlinepharmacy.nicelifesurroundings.com/
http://onlinepharmacy.realhighpower.com/
http://onlinepharmacy.directiontocyberworld.com/
http://onlinepharmacy.superstarsuper.com/
http://onlinepharmacy.savingtheory.com/
http://onlinepharmacy.ourheartycheer.com/
http://onlinepharmacy.staroftopdeals.com/
http://onlinepharmacy.totalconveniencezone.com/
http://onlinepharmacy.highpowertosave.com/
http://onlinepharmacy.cyberblockbuster.com/
http://onlinepharmacy.timetorejuvenate.com/
http://onlinepharmacy.highpowertosave.com/
http://onlinepharmacy.cyberblockbuster.com/
http://www.verlitece.com
http://nicelifesurroundings.com/
http://realhighpower.com/
http://directiontocyberworld.com/
http://superstarsuper.com/
http://savingtheory.com/
http://ourheartycheer.com/
http://staroftopdeals.com/
http://totalconveniencezone.com/
http://highpowertosave.com/
http://cyberblockbuster.com/
http://timetorejuvenate.com/
http://highpowertosave.com/
http://cyberblockbuster.com/
http://onlinepharmacy.nicelifesurroundings.com/
http://onlinepharmacy.realhighpower.com/
http://onlinepharmacy.directiontocyberworld.com/
http://onlinepharmacy.superstarsuper.com/
http://onlinepharmacy.savingtheory.com/
http://onlinepharmacy.ourheartycheer.com/
http://onlinepharmacy.staroftopdeals.com/
http://onlinepharmacy.totalconveniencezone.com/
http://onlinepharmacy.highpowertosave.com/
http://onlinepharmacy.cyberblockbuster.com/
http://onlinepharmacy.timetorejuvenate.com/
http://onlinepharmacy.highpowertosave.com/
http://onlinepharmacy.cyberblockbuster.com/
http://www.verlitece.com
http://nicelifesurroundings.com/
http://realhighpower.com/
http://directiontocyberworld.com/
http://superstarsuper.com/
http://savingtheory.com/
http://ourheartycheer.com/
http://staroftopdeals.com/
http://totalconveniencezone.com/
http://highpowertosave.com/
http://cyberblockbuster.com/
http://timetorejuvenate.com/
http://highpowertosave.com/
http://cyberblockbuster.com/
MANN!! I just found like 10 more sites after sorting through doxdesk and listed em all here but closed the window before I posted them...this really sucks. Is there any way I can transfer my HOSTS file to you and you can overwrite yours with mine to include the 10 or so entries I found or is that too much trouble, cause I took an hour to find em all..
ads.1revenue.net
*.elitemediagroup.net ( just put elitemediagroup.net w/ out star and dot)
dropspam.com
*.elitemediagroup.net ( just put elitemediagroup.net w/ out star and dot)
dropspam.com
1110100011o1window.info
Email spam [china CNC / Kornet]
http://eub.bnik.com
http://cgk.bllng.com
http://replica-watch-store.net/
http://eub.bnik.com
http://cgk.bllng.com
http://replica-watch-store.net/
All the fake Security Center and 404 Error pages advertising PSGuard, SpyAxe etc. (Note: The blank pages generate the popups for these. Just because the page is blank doesn't mean it shouldn't be added.)
www.warningmessage.com
warningmessage.com
www.syserrors.com
syserrors.com
www.notfound404.com
notfound404.com
www.patchyoursystem.com
patchyoursystem.com
www.onlinesecuritytest.net
onlinesecuritytest.net
www.onlyfavorite.com
onlyfavorite.com
www.pc2006.net
pc2006.net
www.securityfix2006.com
securityfix2006.com
www.warningmessage.com
warningmessage.com
www.syserrors.com
syserrors.com
www.notfound404.com
notfound404.com
www.patchyoursystem.com
patchyoursystem.com
www.onlinesecuritytest.net
onlinesecuritytest.net
www.onlyfavorite.com
onlyfavorite.com
www.pc2006.net
pc2006.net
www.securityfix2006.com
securityfix2006.com
Added
Lol MaKaVeLi, I know very well how that crap works ... I'll add the missing ones, since I already did update the SpyAxe stuff earlier today since the "main complaint" is syserrors.com which leads to the Estdomains crap again 
Lol MaKaVeLi, I know very well how that crap works ...
I'll add the missing ones, since I already did update the SpyAxe stuff earlier today since the "main complaint" is syserrors.com which leads to the Estdomains crap again
execash.com
www.car-pictures-photos-pics.com
You guys should really push for this HOSTS file to be included in Microsoft's Vista OS, since it is freeware- you could have a link to the BISS Site and say "Please ask for donations so we can continue to find bad sites to add to our blocklist and keep you safe on the net" or some such.
I think this would REALLY be a GREAT idea because of the GREAT JOB you guys have done with this...65 THOUSAND SITES I mean WOW. It's almost impossible to get infected with spyware if you have this hosts file up and running along with other anti-spyware protection. I think this would keep thousands, if not millions, more people safe. If you worked out a deal with MS, maybe you could send updates with the MS updates that will come with VISTA and Windows Protector aka MSAS beta (or you could just have users manually update it, but they might be too lazy or forget; IMO automatic updates is the best way to keep the masses secure).
What do you think? I think the number of logfiles on major anti-spyware sites would go from hundreds down to about 20, especially if you also bundled this with all the Linux/Unix OS's. Why I am mentioning Windows in particular is because millions of people use it. And that would keep millions more people safe. I hope you seriously consider this proposal, as it is being made in the effort to keep millions safe. If there is something seriously flawed or wrong with it, let me know. Give me feedback on what you think. This is maybe a bad place to write all this stuff but I just thought of it and it really really makes a lot of sense to me to do that. Of course, I dont own the blocklist so the decision is yours, but just think of how many people you could protect doing this!!!
www.car-pictures-photos-pics.com
You guys should really push for this HOSTS file to be included in Microsoft's Vista OS, since it is freeware- you could have a link to the BISS Site and say "Please ask for donations so we can continue to find bad sites to add to our blocklist and keep you safe on the net" or some such.
I think this would REALLY be a GREAT idea because of the GREAT JOB you guys have done with this...65 THOUSAND SITES I mean WOW. It's almost impossible to get infected with spyware if you have this hosts file up and running along with other anti-spyware protection. I think this would keep thousands, if not millions, more people safe. If you worked out a deal with MS, maybe you could send updates with the MS updates that will come with VISTA and Windows Protector aka MSAS beta (or you could just have users manually update it, but they might be too lazy or forget; IMO automatic updates is the best way to keep the masses secure).
What do you think? I think the number of logfiles on major anti-spyware sites would go from hundreds down to about 20, especially if you also bundled this with all the Linux/Unix OS's. Why I am mentioning Windows in particular is because millions of people use it. And that would keep millions more people safe. I hope you seriously consider this proposal, as it is being made in the effort to keep millions safe. If there is something seriously flawed or wrong with it, let me know. Give me feedback on what you think. This is maybe a bad place to write all this stuff but I just thought of it and it really really makes a lot of sense to me to do that. Of course, I dont own the blocklist so the decision is yours, but just think of how many people you could protect doing this!!!
There is only one thing wrong with your idea: some people find the Bluetack HOST file restrictive.
http://www.wilderssecurity.com/showthread.php?t=87769
http://www.wilderssecurity.com/showthread.php?t=101201
http://www.wilderssecurity.com/showthread.php?t=87769
http://www.wilderssecurity.com/showthread.php?t=101201
Yes, maybe one or two do, but the majority of users are probably very very satisfied with it. It's positives far outweigh the few negatives. Besides, its just a simple matter of a person with a legit site sending a PM to Kimberly and she can review the site and see if its legit or not- that is if she approves of my plan and of this too...
What do you think Kimberly? Yes or no?
What do you think Kimberly? Yes or no?
Microsoft would never go for that idea because (1) advertisers would complain, (2) some non-spyware sites (i.e., "shock" sites) are listed in the Hosts file, and (3) many of the more-intrusive Microsoft sites (like Microsoft search sites) are blocked too.
Regarding over- or under-blocking: I find that most other Hosts files tend to underblock tracking cookie and adserver domains. After having used all the major Hosts files, I consider Bluetack to be the best for security-conscious users who are comfortable making some manual edits to the Hosts file.
Regarding over- or under-blocking: I find that most other Hosts files tend to underblock tracking cookie and adserver domains. After having used all the major Hosts files, I consider Bluetack to be the best for security-conscious users who are comfortable making some manual edits to the Hosts file.
I have to agree with what haas been said by Makaveli and Samurai V. Although I personally use the list myself, al lot of people do find it much too restrictive and it is in a certain way. It's far from being surf friendly and since some people do use Microsoft sites they need to take out some entries sometimes. Same goes for the Yahoo adverts or tracking cookies. The ads are indeed only just a small part of the file as Samurai V did point out, we have many other websites in the hosts file.
It's not really 65000 sites that are listed in the hosts file, it's 52036 entries and they are not unique. For the blocking to be effective, you need to put in the 2 sites, like www.notfound404.com and notfound404.com if they resolve to an IP. Some other sites don't have the www. prefix, they only are listed once.
It's not really 65000 sites that are listed in the hosts file, it's 52036 entries and they are not unique. For the blocking to be effective, you need to put in the 2 sites, like www.notfound404.com and notfound404.com if they resolve to an IP. Some other sites don't have the www. prefix, they only are listed once.
Speaking of adservers, I found a new one serving ad frames: mm.chitika.net
Also, Kimberly, have you seen this list of additional adservers? http://www.bluetack.co.uk/forums/index.php?showtopic=11421
Also, Kimberly, have you seen this list of additional adservers? http://www.bluetack.co.uk/forums/index.php?showtopic=11421
Yet another ad-frame server:
rcm.amazon.com
rcm.amazon.com
I've got some serious homework to do, did completly overlook that post. I'll run them thru and check the valid ones. They will be in tomorrow's update. Thx Samurai V
[Mass email spamming - replicawatches / rolex]
127.0.0.1 rws.clicktobenefits.com
127.0.0.1 rws.rightwaytoclick.com
127.0.0.1 rws.thequickestgrowth.com
127.0.0.1 rws.superfuninterface.com
127.0.0.1 rws.wondersavinginterface.com
127.0.0.1 rws.ourowndimension.com
127.0.0.1 rws.feelecomfort.com
127.0.0.1 rws.checkforthefinest.com
127.0.0.1 rws.clicktobenefits.com
127.0.0.1 rws.rightwaytoclick.com
127.0.0.1 rws.thequickestgrowth.com
127.0.0.1 rws.superfuninterface.com
127.0.0.1 rws.wondersavinginterface.com
127.0.0.1 rws.ourowndimension.com
127.0.0.1 rws.feelecomfort.com
127.0.0.1 rws.checkforthefinest.com
Very bad trojan/exploit sites, discussed in today's diary at isc.sans.org:
127.0.0.1 traffsale.biz
127.0.0.1 iframesite.biz
127.0.0.1 iframetraff.biz
127.0.0.1 toolbartraff.biz
127.0.0.1 buytraff.biz
127.0.0.1 iframecash.biz
127.0.0.1 toolbarurl.biz
127.0.0.1 iframebiz.biz
127.0.0.1 toolbarbiz.biz
127.0.0.1 traffsale.biz
127.0.0.1 iframesite.biz
127.0.0.1 iframetraff.biz
127.0.0.1 toolbartraff.biz
127.0.0.1 buytraff.biz
127.0.0.1 iframecash.biz
127.0.0.1 toolbarurl.biz
127.0.0.1 iframebiz.biz
127.0.0.1 toolbarbiz.biz
http://forums.spywareinfo.com/index.php?showtopic=61280
According to that person, this site is VERY VERY VERY bad. Google yielded no hits however...site URL: www.crackz.ms (and also crackz.ms)
He said it gave him several viruses and unknown ones, a whole host of nasty spyware like L2ME, spysherrif, etc, several worms and trojans, and the IP resolving to that address kept trying to hack his system. He said its a network of thousands of compromised bots and also a phising scam, as well as a possible coverup for the Winfixer makers of popups - Check his story out Kim, but be careful...sounds nasty (unless its a hoax).
According to that person, this site is VERY VERY VERY bad. Google yielded no hits however...site URL: www.crackz.ms (and also crackz.ms)
He said it gave him several viruses and unknown ones, a whole host of nasty spyware like L2ME, spysherrif, etc, several worms and trojans, and the IP resolving to that address kept trying to hack his system. He said its a network of thousands of compromised bots and also a phising scam, as well as a possible coverup for the Winfixer makers of popups - Check his story out Kim, but be careful...sounds nasty (unless its a hoax).
^^Added, thanks to all of you
Thx for reporting Anti_Spyware
At first sight it looks like a hoax ...
Thx for reporting Anti_Spyware
At first sight it looks like a hoax ...
| QUOTE |
| Address lookup lookup failed www.crackz.ms Could not find an IP address for this domain name. Domain Whois record Queried whois.adamsnames.tc with "crackz.ms"... No crackz.ms is not registered. Network Whois record Don't have an IP address for which to get a record DNS records DNS query for www.crackz.ms returned an error from the server: NameError DNS query for crackz.ms returned an error from the server: NameError No records to display Traceroute Don't have a destination IP address Service scan Don't have an IP address to scan for services |
One post makes sense tho ...
| QUOTE |
| the fact that crack sites are generally virus/spyware havens isn't exactly news... thats how I infect my Virtual Machines when I'm in the mood |
I'll be carefully Anti_Spyware, don't worry
I don't have VM installed atm, but I have a solid ghost image ...
I asked the member who posted the site to give me an IP address for that site...so the real site could be traced. I'll let you know if he responds...and of course it could be a spoofed IP...no idea how to trace the real site....maybe using a packet analyzer like Ethereal?
Annoying blinking banner ad:
www6.addfreestats.com
www6.addfreestats.com
www7.addfreestats.com is offline and standing by, waiting for us to block www6.
No sign of www8 or www9 yet… ;]
No sign of www8 or www9 yet… ;]
What about www. or ww1 or ww2...ww3...ww4..ww5?
| QUOTE (Anti_Spyware @ Nov 26 2005, 01:42 AM) |
| What about www. or ww1 or ww2...ww3...ww4..ww5? |
Those are already in the Hosts file, along with top.addfreestats.com
Ah thanks Samurai =)
How on earth do you find so many sites? What exactly do you search for on google, Pharmacy/add servers? What do you google or how do U research? I could find a lot more sites if I knew probably.
How on earth do you find so many sites? What exactly do you search for on google, Pharmacy/add servers? What do you google or how do U research? I could find a lot more sites if I knew probably.
I found a site that supposedly was of dumb criminals and jokes about them...however it had nothing to do with them and just offers search results...not only that, but when I closed the window, ANOTHER WINDOW OPENED AFTER THE FIRST ONE CLOSED FROM THE SAME SITE. WHen I closed THAT one, ANOTHER one openned, an ad of "Sponsored links". This is definetly bad.
I copied the site's source code, but this BISS site wont let me use the HTML tags in it, so you will have to go there yourself to get it.
The site is http://www.dumbcrimes.com/
Sites it links to that are NOT blocked currently that the above site links to:
(Please review each and every one of these sites- one is on my restricted sites list but the others may be phising/frauds, I am not certain. Don't just add these, do some digging. I think they are a little suspicous but not 100 percent sure.
http://www.criminal-defense-lawyer-attorney.com/
http://www.usimmigrationsupport.org/ (this is the one on my restricted sites list)but again im not sure if its 100 percent bad).
the immigration site links to http://www.usgreencardlottery.org/ which seems legit but again Im not sure. (whats a green card anyways?)
http://www.litigation-lawyer.com/
http://www.fredcoutts.com/indexlawsuit.htm
http300.edge.ru4.com/ tried to open an add on the weather.com page that a popup from the main dumbcrimes site opened. (its already on blocklist)
http://www.osrllg.com/
http://www.attorneyjobs.com/
http://www.taxact.com/offers/free_taxact.a...searchengine=12
http://www.lightyourfire.com/
http://www.ocdivorcelaw.com/
Each time I click on a category on the left, more open. It's seemingly tons of links...I think there are the same few bad sites over and over again and all the ones im posting seem legit...still, the fact that every time I click the close button it opens another site upmakes it suspicious (the origional site). Well check it out and let me know what u think- maybe its a mix of legit and dodgy with 5/10 bad and 5/10 good results. I think its a mix of legit and bad..to try to be convincin and infect more ppl...IMO it should be blocked.
I copied the site's source code, but this BISS site wont let me use the HTML tags in it, so you will have to go there yourself to get it.
The site is http://www.dumbcrimes.com/
Sites it links to that are NOT blocked currently that the above site links to:
(Please review each and every one of these sites- one is on my restricted sites list but the others may be phising/frauds, I am not certain. Don't just add these, do some digging. I think they are a little suspicous but not 100 percent sure.
http://www.criminal-defense-lawyer-attorney.com/
http://www.usimmigrationsupport.org/ (this is the one on my restricted sites list)but again im not sure if its 100 percent bad).
the immigration site links to http://www.usgreencardlottery.org/ which seems legit but again Im not sure. (whats a green card anyways?)
http://www.litigation-lawyer.com/
http://www.fredcoutts.com/indexlawsuit.htm
http300.edge.ru4.com/ tried to open an add on the weather.com page that a popup from the main dumbcrimes site opened. (its already on blocklist)
http://www.osrllg.com/
http://www.attorneyjobs.com/
http://www.taxact.com/offers/free_taxact.a...searchengine=12
http://www.lightyourfire.com/
http://www.ocdivorcelaw.com/
Each time I click on a category on the left, more open. It's seemingly tons of links...I think there are the same few bad sites over and over again and all the ones im posting seem legit...still, the fact that every time I click the close button it opens another site upmakes it suspicious (the origional site). Well check it out and let me know what u think- maybe its a mix of legit and dodgy with 5/10 bad and 5/10 good results. I think its a mix of legit and bad..to try to be convincin and infect more ppl...IMO it should be blocked.
| QUOTE (Anti_Spyware @ Nov 26 2005, 05:34 AM) |
| Ah thanks Samurai =) How on earth do you find so many sites? What exactly do you search for on google, Pharmacy/add servers? What do you google or how do U research? I could find a lot more sites if I knew probably. |
You're welcome, Anti-Spyware. I use the Bluetack Hosts file along with Firefox and a custom Adblock filter. Because of my aggressive ad blocking with Adblock wildcards, I see very few banners or popups, but whenever I find an ad banner or discover a tracking cookie that wasn't blocked, I add it to my copy of Hosts and report it here. I also report malicious sites that I see discussed at security sites like isc.sans.org or antivirus vendor sites, though I don't actually search for bad sites to add.
Since you describe having been bombarded with multiple windows opening at that "criminals" site, I assume that you're still using Internet Explorer, a browser that suffers from dangerous unpatched security flaws. The free Firefox or Opera browsers both have built-in popup blockers and are far more secure than IE, and Firefox can be easily configured to block banner ads with Adblock. (Opera can be manually configured to block banner ads but it isn't easy.) Once Firefox 1.5 is released (coming soon), I suggest that you try it along with Adblock Plus.
Sites involved in my 180 test install:
www.bardownload.com
bardownload.com
www.download.bardownload.com
download.bardownload.com
One I picked up at their site:
downloads.180searchassistant.com
Installed 180, 2search, and attempted to download Websearch but couldn't grab the installer.
www.bardownload.com
bardownload.com
www.download.bardownload.com
download.bardownload.com
One I picked up at their site:
downloads.180searchassistant.com
Installed 180, 2search, and attempted to download Websearch but couldn't grab the installer.
Browsing the SWI site, found some nasties that hijacked people and popped up ads:
www.warningmessage.com
ilead.itrack.it
www.cool-discount.com
www.your-deal.com
64.192.130.141 (this may resolve to a certain site when WHOISED; i know the hosts file cant block IP Addresses
www.ez-cheap.com
www.mega-cheap.com
www.shop-savings.com
www.virtual-free.com
www.warningmessage.com
ilead.itrack.it
www.cool-discount.com
www.your-deal.com
64.192.130.141 (this may resolve to a certain site when WHOISED; i know the hosts file cant block IP Addresses
www.ez-cheap.com
www.mega-cheap.com
www.shop-savings.com
www.virtual-free.com
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.