Here is something else to think about as well, just occurred to me, that would be handy with such a list, is also trying to find out where permutations of a given domain are pointed to. Nothing more embarrassing than fat-fingering the link to a web site, and having it come up with some other web site that has inappropriate content, especially when at work. --Arthur ------------------------------------------------------ Arthur Strutzenberg Swan Island Networks Inc arthur.strutzenberg@private http://www.swanisland.net (503)-796-7926 (x20) ------------------------------------------------------ -----Original Message----- From: owner-crime@private [mailto:owner-crime@private] On Behalf Of Keith Proffitt Sent: Sunday, May 11, 2003 11:28 PM To: Crime List Subject: Re: CRIME An Interesting Spyware Scam to watch out for Shaun, After doing some searches on Joshuathan Investments, Inc, it seems this company is invloved in multiple scams. They buy and sell domain names. I would suggest staying away from all web sites that are registered to Joshuathan Investments, Inc. Here are a few URLs that either Joshuathan Investments owns or is written about. (Please do not go to this this URL from a company computer.) www.sexflick.com/privacypolicy.html Complaint was filed with CPR (Joshuathan Investments is the Respondent) http://www.cpradr.org/ICANNDecisionCPR0227-021209.htm Sunrise Challenges in .info http://arbiter.wipo.int/domains/decisions/2001/dinfo00200-00399.html Domain pirates (Shows several different people/companies doing the same thing) http://www.searchenginewatch.com/searchday/article.php/2160751 "Lcos.com This site looks remarkably like googl.com. It's registered to "(This Domain is For Sale) Joshuathan Investments, Inc., 62 Cleghorn Street, Belize City, Belize." Good post on the different domain and search engine pirates http://eng.cmu.ac.th/~pruet/mailarchives/searchday/msg00036.html Here is a question(s) to the group. Is there a way to obtain a listing that shows companies in select categories (porn sites, marketing sites, etc.) and are the companies required to identify themselves on the website? The reason I ask is it would be easier (cost & time) to register a new domain name than it is to start a new company or change the name of a company. With the list, IT Security should be able to block such sites from corporate users. Who knows, it might be possible to check the domain registery to see who owns a site before allowing a user to browse it. With the amount of domain names one company may have, I would think it would be easier to block the company than the domain. Keith Shaun Savage <savages@private> wrote: Good Analysis. How long now, until law enforcment shuts it down, or will it? Shaun Alan wrote: > I received an interesting spam in the mail. It contained a scam that > you might want to be aware of, especially if you have fairly gullible > users on your network. > > Here is the text of the spam: > > > >>From - >>Return-Path: >>Delivered-To: alan@ctrl-alt-del.com >>Received: from windowsupdatenow.com >> (adsl-68-120-92-123.dsl.irvnca.pacbell.net [68.120.92.123]) by >> clueserver.org (Postfix) with SMTP id 457062B6C3 for >> ; Sun, 11 May 2003 03:53:24 -0700 (PDT) >>Message-ID: <8d6d63abe320$003a31b0$c04fd773@private> >>From: >>To: >>Subject: Windows Update Notification >>Date: Mon, 12 May 2003 06:32:11 -1100 >>MIME-Version: 1.0 >>Content-Type: text/plain; charset="iso-8859-1" >>X-Priority: 1 >>X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2314.1300 >>X-MSMail-Priority: High >>X-Mailer: Microsoft Outlook Express 5.00.2314.1300 >>Content-Transfer-Encoding: quoted-printable >>X-Spam-Status: No, hits=1.4 required=5.0 >> tests=X_MSMAIL_PRIORITY_HIGH,X_PRIORITY_HIGH,NO_REAL_NAME,LINES_OF_YELLI NG >> version=2.20 >>X-Spam-Level: * >>Status: >> >>WINDOWS SECURITY WARNING!! >>=20 >>A VIRUS HAS BEEN DETECTED ON YOUR COMPUTER. IN ORDER FOR YOUR COMPUTER NOT = >>TO CRASH YOU WILL NEED TO GO TO: >>=20 >>http://WWW.WINDOWSUPDATENOW.COM >>=20 >>AND IT WILL AUTOMATICALLY UPDATE YOUR COMPUTERS! SECURITY PATCHES. >>=20 >>SIMPLY TYPE IN H! TTP://WWW.WINDOWSUPDATENOW.COM INTO YOUR BROWSER. OTHERWISE= >> YOU WILL KEEP RECEIVING THIS SECURITY ALERT EMAIL EVERY DAY. > > > Since I am running Linux, I was not too worried... > > I checked out the site and it redirects you to > http://www.quicklaunch.com/perl/detection.pl. > > The Linux unaware script attempts to download > http://download.quicklaunch.com/quicklaunch154.cab and install it. > > The program it tries to install is called "Quick Launch Toolbar". It is > a nasty little bit of Spyware/Adware. There is a good description on > removal at http://www.doxdesk.com/parasite/BrowserAid.html . > > The biggest concern is that it has an "update feature" that can install > arbitrary code on your machine. > > Both domains are registered to: > > This Domain Is For Sale joshuathaninvest@private > ( This Domain is For Sale ) Joshu! athan Investments, Inc. > 62 Cleghorn Street > Belize City, Belize none > US > Phone: 501-2-31244 > Fax: 501-2-34222 > > > www.windowsupdatenow.com is hosted on wfb.dnsvr.com (65.125.231.178) in > Florida. > > www.quicklaunch.com (66.117.19.206) hosted by nhicolo.com in LA, > California. > > _____ Do you Yahoo!? The New <http://us.rd.yahoo.com/search/mailsig/*http:/search.yahoo.com> Yahoo! Search - Faster. Easier. Bingo.
This archive was generated by hypermail 2b30 : Mon May 12 2003 - 09:59:44 PDT