Re: CRIME An Interesting Spyware Scam to watch out for

From: Keith Proffitt (keith_proffitt@private)
Date: Sun May 11 2003 - 23:28:22 PDT

  • Next message: Arthur Strutzenberg: "RE: CRIME An Interesting Spyware Scam to watch out for"

    Shaun, After doing some searches on Joshuathan Investments, Inc, it seems this company is invloved in multiple scams.  They buy and sell domain names.  I would suggest staying away from all web sites that are registered to Joshuathan Investments, Inc. Here are a few URLs that either Joshuathan Investments owns or is written about. (Please do not go to this this URL from a company computer.)www.sexflick.com/privacypolicy.html  Complaint was filed with CPR (Joshuathan Investments is the Respondent)http://www.cpradr.org/ICANNDecisionCPR0227-021209.htm Sunrise Challenges in .infohttp://arbiter.wipo.int/domains/decisions/2001/dinfo00200-00399.html Domain pirates (Shows several different people/companies doing the same thing)http://www.searchenginewatch.com/searchday/article.php/2160751"Lcos.com
    This site looks remarkably like googl.com. It's registered to "(This Domain is For Sale) Joshuathan Investments, Inc., 62 Cleghorn Street, Belize City, Belize."  Good post on the different domain and search engine pirateshttp://eng.cmu.ac.th/~pruet/mailarchives/searchday/msg00036.html Here is a question(s) to the group.  Is there a way to obtain a listing that shows companies in select categories (porn sites, marketing sites, etc.) and are the companies required to identify themselves on the website? The reason I ask is it would be easier (cost & time) to register a new domain name than it is to start a new company or change the name of a company.   With the list, IT Security should be able to block such sites from corporate users.  Who knows, it might be possible to check the domain registery to see who owns a site before allowing a user to browse it.  With the amount of domain names one company may have, I would think it would be easier to block the company than the domain!
    . Keith  Shaun Savage <savages@private> wrote:Good Analysis.
    How long now, until law enforcment shuts it down, or will it?
    
    Shaun
    
    Alan wrote:
    > I received an interesting spam in the mail. It contained a scam that
    > you might want to be aware of, especially if you have fairly gullible
    > users on your network.
    > 
    > Here is the text of the spam:
    > 
    > 
    > 
    >>From - 
    >>Return-Path: 
    >>Delivered-To: alan@ctrl-alt-del.com
    >>Received: from windowsupdatenow.com
    >> (adsl-68-120-92-123.dsl.irvnca.pacbell.net [68.120.92.123]) by
    >> clueserver.org (Postfix) with SMTP id 457062B6C3 for
    >> ; Sun, 11 May 2003 03:53:24 -0700 (PDT)
    >>Message-ID: <8d6d63abe320$003a31b0$c04fd773@private>
    >>From: 
    >>To: 
    >>Subject: Windows Update Notification
    >>Date: Mon, 12 May 2003 06:32:11 -1100
    >>MIME-Version: 1.0
    >>Content-Type: text/plain; charset="iso-8859-1"
    >>X-Priority: 1
    >>X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2314.1300
    >>X-MSMail-Priority: High
    >>X-Mailer: Microsoft Outlook Express 5.00.2314.1300
    >>Content-Transfer-Encoding: quoted-printable
    >>X-Spam-Status: No, hits=1.4 required=5.0
    >> tests=X_MSMAIL_PRIORITY_HIGH,X_PRIORITY_HIGH,NO_REAL_NAME,LINES_OF_YELLING
    >> version=2.20
    >>X-Spam-Level: *
    >>Status: 
    >>
    >>WINDOWS SECURITY WARNING!!
    >>=20
    >>A VIRUS HAS BEEN DETECTED ON YOUR COMPUTER. IN ORDER FOR YOUR COMPUTER NOT =
    >>TO CRASH YOU WILL NEED TO GO TO:
    >>=20
    >>http://WWW.WINDOWSUPDATENOW.COM
    >>=20
    >>AND IT WILL AUTOMATICALLY UPDATE YOUR COMPUTERS SECURITY PATCHES.
    >>=20
    >>SIMPLY TYPE IN http://WWW.WINDOWSUPDATENOW.COM INTO YOUR BROWSER. OTHERWISE=
    >> YOU WILL KEEP RECEIVING THIS SECURITY ALERT EMAIL EVERY DAY.
    > 
    > 
    > Since I am running Linux, I was not too worried...
    > 
    > I checked out the site and it redirects you to
    > http://www.quicklaunch.com/perl/detection.pl.
    > 
    > The Linux unaware script attempts to download
    > http://download.quicklaunch.com/quicklaunch154.cab and install it. 
    > 
    > The program it tries to install is called "Quick Launch Toolbar". It is
    > a nasty little bit of Spyware/Adware. There is a good description on
    > removal at http://www.doxdesk.com/parasite/BrowserAid.html . 
    > 
    > The biggest concern is that it has an "update feature" that can install
    > arbitrary code on your machine.
    > 
    > Both domains are registered to:
    > 
    > This Domain Is For Sale joshuathaninvest@private
    > ( This Domain is For Sale ) Joshuathan Investments, Inc.
    > 62 Cleghorn Street
    > Belize City, Belize none
    > US
    > Phone: 501-2-31244
    > Fax: 501-2-34222
    > 
    > 
    > www.windowsupdatenow.com is hosted on wfb.dnsvr.com (65.125.231.178) in
    > Florida.
    > 
    > www.quicklaunch.com (66.117.19.206) hosted by nhicolo.com in LA,
    > California.
    > 
    > 
    
    
    
    ---------------------------------
    Do you Yahoo!?
    The New Yahoo! Search - Faster. Easier. Bingo.
    



    This archive was generated by hypermail 2b30 : Mon May 12 2003 - 00:19:00 PDT