IPB

Welcome Guest ( Log In | Register )

 
Reply to this topicStart new topic
> SECURITY WARNING, Numerous WMF Code Exec Attack Blocked
Ben
post Apr 23 2006, 12:37 AM
Post #1


Maximum Perth Enthusiast
*******

Group: Admin
Posts: 857
Joined: 17-May 04
From: Perth
Member No.: 2



Make Sure Your Anti Virus Patterns are up-to-date.

If you have firewall software here is an IP address to block: 85.249.23.119
Also block:
http://traffall.biz
http;//2-extreme.biz]

This URL too: http://traffsale1.biz/dl/loadadv748.exe which is contained in a bogus email purportedly from myself, received at my mother's home while I was there.

If you did get this malware here's what to do:

This spyware is hard to remove because it comes in two parts.

"spywareremover" - to pragram you see
"WinFixer" - you dont see

Delete 'spywareremover' and 'WinFixer' Reinstalls it.
So delete both to remove this pain on scam application.

The main program you see is called 'spywareremover', red dot in the task bar always pops up a window saying you have spyware, pay their fee to remove. You cant uninstall 'spywareremover'. I deleted the entries in the registry for both apps and then delete the program files of both applications.
Backup your registry before your begin, just in case!

Install Spybot Search and Destroy http://www.spybot.com/ to help protect your system as well as remove spyware. Make sure you use the teatimer feature to always watch your system and warn your if something is trying to update your registry.



Copy of email sent to abuse@valuedot.net:

Repeated attacks on my PC and users of the www.perth.perthperth.com forum are coming via server in the USA hosting http://traffsale1.biz/dl/loadadv748.exe (maybe without them knowing) I'm highly suspicious of a Latvian IP address which resolves to your server. I am blocking them but am concerned that others in Perth, Australia are not.

Please investigate, and arrange for prosecution of the perpetrator of international cyber crime originating from your IP address.

Also registered users of the PerthPerth forum have been sent bogus emails (Mule Scam) purporting to come from me, inviting recipients to download VERY suspicious exe files.

FYI:

Registrant Name:Sergey Shishkin
Registrant Organization:Sergedjus Vlasovas
Registrant Street1:Zardininku 1 19
Registrant Street2:Zardininku 1 19
Registrant City:Klaipeda
Registrant State/Province:XX
Registrant Postal Code:65032
Registrant Country:LT
Registrant Phone:+1.8003239465
Registrant FAX:+1.8003239466
Registrant Email:sergedjus@eexhost.com
Admin City:Klaipeda
Admin State/Province:XX
Admin Postal Code:65032
Admin Country:LT


--------------------
Ben, Skype "Perth-", Western Australia
Go to the top of the page
 
+Quote Post
Ben
post Jun 3 2006, 06:41 PM
Post #2


Maximum Perth Enthusiast
*******

Group: Admin
Posts: 857
Joined: 17-May 04
From: Perth
Member No.: 2



Copy of email and reply:

Good Melissa,
I'm glad you checked. Never open any exe file. Dutch / Ukranian mafia pretending to be me are sending a virus to many people in Perth. They hacked the www.perthperth.com forum. I employed a security firm to fix the problem weeks ago but they "dropped the ball" so now a professional is upgrading security ASAP.

I've reported this problem to the Australian cyber cops http://acma.gov.au and they've reported to the Australian High Tech Crime Centre http://www.ahtcc.gov.au/onlinereporting.aspx
I encourage you to complain to them.

Here's what another victim forum ( http://www.excelcia.org/modules.php?name=N...=article&sid=27 ) wrote:
The spammer's IP resolved to an IP on netcathost.com's domain. If you want to see an interesting domain, check them out. Russian web site owned by Australians physically hosted (as far as I can tell) in New York. I'm betting it's a company that makes its money hosting for spammers and worse. My guess is that the web site is in Russian to discourage spam complaints. Gotta love professional vultures.

Regards
The Real Ben

-----Original Message-----
From: Melissa Vann [mailto:melissa****@optusnet.com.au]
Sent: Friday, 2 June 2006 9:46 AM
To: 'Perth Perth'
Subject: [SPAM] RE: Perth Perth! ( From Perth Perth )

Ben

What is this stuff you keep sending me, I am little unsure about opening it .exe file, what are you trying to run ?

Cheers


-----Original Message-----
From: Perth Perth [mailto:ben@4webmarketing.biz]
Sent: Thursday, June 01, 2006 11:04 PM
To: ben@4webmarketing.biz
Subject: Perth Perth! ( From Perth Perth )

WARNING DO NOT GO TO THIS LINK:

http;//traffweb1.biz/dl/loadadv759.exe


--------------------
Ben, Skype "Perth-", Western Australia
Go to the top of the page
 
+Quote Post

Reply to this topicStart new topic
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:

 



RSS Lo-Fi Version Time is now: 17th September 2019 - 05:44 PM