be careful if you use this site.

looks like everyone who has sun java installed is getting hit, or my antivirus is kaput.




I've been on this case all day trying to get infected , all I've got to show for it so far is this..

I also dont have that sun java crap installed either lol , so I'm probably not going to have much luck picking something up...

So far these may be the trojan droppers , but there could also be others, I'm still looking.

www.findthewebsiteyouneed.com
findthewebsiteyouneed.com
www.findthewebsiteyouneed.com = 213.222.11.4 213.222.11.5 213.222.11.7 213.222.11.8
mail 4 www.findthewebsiteyouneed.com = mail.findthewebsiteyouneed.com (5) 212.72.51.166

www.paypopup.com(66.98.208.60)
www2.paypopup.com(207.44.156.26)
www.dotcomtoolbar.com(213.222.11.12)

Some of the popups are supposedly supporting the suprnova site with advertising revenue , looks to me like they should all be blacklisted on our lists.

funny, maybe these are indeed trojan ranges cos I recognise the 213.blah blah blah and the 207 blah blah blah from my lists, also the 66 blah blah blah I have had ALOT of 60 / 69 blah blah blah hits also trojan, so maybe these are some of the ranges they use?

Ok here we go..

lol, actually I left out the one that was actually doing all the damage

This was the source of suprnovas paying advertiser, the byte verify trojan/virus popups are all from the realtracker.

QUOTE

A plea to webmasters; be carefull!   
Guspaz @ 15-02-2004 02:37
Don't let what happened to me happen to you. Before you put any javascript on your page that you didn't write, like a stats tracker, test it out!

A few days ago I put RealTracker on novasearch to replace nedstat, as nedstat had removed NovaSearch from their service. This was the biggest mistake I ever made. It turns out that RealTracker was putting popups and viruses into their tracker code, and the recent slew of viruses and popups from NovaSearch are all due to this tracker.
I've removed it now that I know what it is, but it's too late; because of this incident SuprNova has decided to stop supporting NovaSearch on March 14th. It's been a good time running NovaSearch, but come March, you guys are on your own. Good luck.

!-- Begin RealHomepageTools .. script type= text/javascript
src= hxxp://11.rtcode.com/netpoll/ifreev3.asp?id=229974&to=-360
alt="RealTracker" .. noscript ..
!-- End RealHomepageTools --

send all abuse letters to :
arjan@realtracker.com


Registrant:
Media Highway International BV (RTCODE-DOM)
Nieuwpoortstraat 98a
Amsterdam, Noord-Holland 1055 RZ
NL

Domain Name: RTCODE.COM

Administrative Contact, Technical Contact:
Media Highway International BV (S16931-OR) arjan@realtracker.com
Nieuwpoortstraat 98a
Amsterdam, Noord-Holland 1055 RZ
NL
31 20 6826158 fax: 31 20 5241530

Record expires on 02-May-2008.
Record created on 02-May-2001.
Database last updated on 16-Feb-2004 01:57:48 EST.

Domain servers in listed order:

NS1.MEDIAHIGHWAY.NET 212.72.51.188
NS2.MEDIAHIGHWAY.NET 213.222.11.6

RTCODE.COM resolves to 212.206.159.42

www.RTCODE.COM resolves to 212.72.51.165

Mail for RTCODE.COM is handled by mail.RTCODE.COM (5) 212.206.159.42 smtp.pins.nl (10) 217.194.97.2


talkcity.realtracker.com - 212.72.51.167
11.rtcode.com - 212.72.51.167 - 212.179.35.118

-----------------------------------------------------------------------------------

I'll be checking to see how many more scum IPs are out there and they'll all be blocked too.


Also some extra ones to block with your blocklists and HOSTS File.
www.easywww.info - 212.72.51.188
mail.easywww.info - 212.72.51.166

More IP ranges here for Real Networks as well :
http://www.bluetack.co.uk/forums/index.php?showtopic=889&hl=