iframemoney.org: an affiliate drive-by trojan operation

Discussion in 'other security issues & news' started by spamislame, Jan 8, 2007.

Thread Status:
Not open for further replies.
  1. spamislame

    spamislame Registered Member

    Joined:
    Nov 9, 2006
    Posts:
    52
    I posted a link on Digg:

    http://digg.com/security/iframemoney_An_advertising_affiliate_program_that_endorses_virus_installs

    To a synopsis I wrote about an extremely malicious website called iframemoney.org.

    This site is operating illegally. I and several colleagues were able to get it shut down last year, but it's come back a couple times since then.

    In a nutshell: they pay you to "promote" their virus and trojan installs under the guise of an affiliate program (which itself is abusing, at last count, some 45 other pay to click services.)

    I'd appreciate you security types taking a peek into this story.

    I've reported the site (as have numerous others.) Hopefully someone will have the common sense to shut them down.

    Thanx for reading.

    SiL
     
  2. acr1965

    acr1965 Registered Member

    Joined:
    Oct 12, 2006
    Posts:
    4,954
    That is probably worse than what scenicreflections.com does. But they are really bad. Finally download.com took their screensavers off their site after numerous complaints of trojan dropper agents in their software. Although it took over a year of complaints and download.com actually had them rated very high from their editor's review. I actually contacted AVG Anti-Spyware and sent them a link to the download of one of scenic reflection's screensavers on download.com before they were taken down. AVG comfirmed the trojan. An email reply from scenicreflections.com claimed all the complaints were false positives. I guess that response did not work with download.com once they finally decided to take some action. Although the screensavers were taken down about 48 hours after I emailed download.com. That is somewhat promising. But it may show they don't monitor the available downloads very well...at least until they get an email.

    Softpedia still has them on their site. Actually it appears to be dozens upon dozens of scenic reflections screensavers on softpedia. I'd be real hesitant to download anything from any site like that. You really never know what you will be getting if it is coming from a questionable company. And that's nomatter whether the site advertises its downloads as spyware/malware free or not. Heck just take a look at one of their "forums" sometime to see how much monitoring they do...

    McAfee SiteAdvisor on Scenicreflections.com:

    "scenicreflections.com

    After entering our e-mail address on this site, we received 401 e-mails per week. They were very spammy."

    Also of 418 downloads, 417 were rated yellow. That is probably the best rating they have ever had as anything below red is a gift.
     
  3. spamislame

    spamislame Registered Member

    Joined:
    Nov 9, 2006
    Posts:
    52
    Holy. I'd never even heard of scenicreflections before. Yikes.

    As a quick followup, starting last night at approx. 9pm eastern time, both the web domain and dns domains were taken down. I'm not sure which of the dozens of complaints to their isp and dns registrar did the trick, but thank you to whoever else complained.

    SiL:thumb:
     
  4. TNT

    TNT Registered Member

    Joined:
    Sep 4, 2005
    Posts:
    948
    This is not really "news"... It's been going for a couple of years.

    They also hack sites and plant their cruddy iframes in them.
     
Loading...
Thread Status:
Not open for further replies.