Invasion of the Computer Snatchers

Discussion in 'other security issues & news' started by Bubba, Feb 16, 2006.

Thread Status:
Not open for further replies.
  1. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    Story
     
  2. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,790
    Location:
    Texas
    Great read Bubba. :thumb:
     
  3. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    If that was a book....it would be the longest one I have ever read except for Carrie :D
     
  4. rdsu

    rdsu Registered Member

    Joined:
    Jun 28, 2003
    Posts:
    4,456
  5. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,046
    Location:
    The Netherlands
    Looks like an interesting article, thanks. ;)

    @ VaMPiRiC_CRoW, this happens only in FF and Opera, but not in IE. :)
     
  6. rdsu

    rdsu Registered Member

    Joined:
    Jun 28, 2003
    Posts:
    4,456
    On my system it doesn't work on IE or Opera... :(
     
  7. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    Initially it worked great on IE....now it ain't working on it and takes me to the main page. I'll look for it again :doubt:
     
  8. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,790
    Location:
    Texas
    Brian Krebs
     
  9. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
  10. rdsu

    rdsu Registered Member

    Joined:
    Jun 28, 2003
    Posts:
    4,456
    Thanks ;)
     
  11. FRug

    FRug Registered Member

    Joined:
    Feb 7, 2006
    Posts:
    309
    Interview with a Botmaster

    http://www.washingtonpost.com/wp-dyn/content/article/2006/02/14/AR2006021401342.html

    Interesting read by itself, however I wanna push on one funny thing:


    "The young hacker, who has agreed to be interviewed only if he isn't identified by name or home town.."

    Now, what we do is look at the image in the article, and look at it's JPEG Meta Tags :)
    SLUG: mag/hacker DATE: 12/20/2005 PHOTOGRAPHER: Sarah L. Voisin/TWP id#: LOCATION: Roland, OK

    Roland Oklahoma:
    Population (year 2000): 2,842, Est. population in July 2004: 3,053 (+7.4% change)
    Males: 1,347 (47.4%), Females: 1,495 (52.6%)

    From the article again:
    "The nearest businesses are a used-car lot, a gas station/convenience store and a strip club"

    Ok now, how hard is it to trace the bastard down for the gov? You can probably do it yourself with google maps or something ;)
     
  12. zapjb

    zapjb Registered Member

    Joined:
    Nov 15, 2005
    Posts:
    3,522
    Location:
    USA - Back in a real State in time for a real Pres
    Re: Interview with a Botmaster

    Your sleuthing made me smile. Thanks.

    Edit: From the article. How about this to further ID him.
     
  13. IBK

    IBK AV Expert

    Joined:
    Dec 22, 2003
    Posts:
    1,819
    Location:
    Innsbruck (Austria)
    Re: Interview with a Botmaster

    TopConverting, Gamma-Cash, Loudcash, 180solutions,... that are some of the companies he works for...
    I suppose he will get caught soon..., media attention is always good to find those
     
  14. BlueZannetti

    BlueZannetti Administrator

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    Re: Interview with a Botmaster

    Well, if you go to the Cheyenne Gentlemen's Club, you might be just down the street...., of course that assumes the location provided by the tag is the appropriate one and not something somewhat unrelated but meaningful to the photographer or newspaper (for example, a nearby town which served as a base for the interview/photo shoot trip or is a proxy location to maintain confidentiality). Maybe not, but you never know.

    Blue
     
  15. Longboard

    Longboard Registered Member

    Joined:
    Oct 2, 2004
    Posts:
    3,187
    Location:
    Sydney, Australia
    Interesting thread and good Sherlock Holmesing

    As you probably know, Australia is now the home of Dale Begg Smith who has won an Olympic Gold in Turin last week.

    He is allegedly one of the originators of CPM Media, allegedly one of the worst malware purveyors on the web

    some links
    http://spamkings.oreilly.com/archives/2006/02/asterisk_on_popup_moguls_gold.html

    http://lukewelling.com/2006/02/17/dale-begg-smith-spam-man-wins-gold/

    http://www.dslreports.com/forum/remark,15508219

    http://www.theage.com.au/news/sport...-a-spam-fortune/2006/02/13/1139679533728.html

    http://www.stopscum.com/archives/ad...butor_and_olympic_gold_medal_winner.html#more

    http://www.stopscum.com/


    http://sw.freedom.net/portal/swport...omponent=spyware&spyware=free_scratch_and_win

    that link explains how some of the unasked for software. A
    keylogger/trojan/rootkit is one of the most feared and reviled applications
    on the net you can see why! If it loaded onto your computer just from
    visiting a site and without permission then that is a crime




    More details:

    Originally Posted by Czar
    As such, it may not be too long until a savvy reporter stumbles across
    this thread and performs a search for the term "AdsCPM" on Geek/Talk, which
    will reveal a huge backlog of publisher complaints, reports of non-payment
    and claims of the network being friendly towards spyware players.


    AdsCPM actually ran and hosted hxxp://www3.adscpm.com/FreeMP3Music.exe which
    apparently a good deal of his pops called via a prompted download.
    FreeMP3Music.exe comes loaded with one of the nastier AdWares (LOP) which is
    difficult to remove http://www.spywareinfoforum.com/articles/lop/.

    FreeScratchAndWin also installed lop/rnd and in it's earlier iteration dealt
    with xzoomy. It has it's own parasite designation
    (http://research.sunbelt-software.com...hreatid =5475) and eadgbe appears to
    be correct that it is affiliated with adscpm somehow. Here is an old domain
    registration for scratchandwin.com :
    http://www.shoalhaven.net.au/sis/tec...ages/8279.html.

    Xzoomy.com, which is actively running also has the contact info (Mike Cass)
    domains@adscpm.com. Xzoomy.com was apparently involved in some autodownload
    via exploit activity (no prompt download). Here is a nice article explaining
    what they did : http://www.xeromag.com/vx2.html.
    __________________
    Scott Ashman - CTO Jaspin Interactive, Inc. est 1997

    http://www.spamdailynews.com/publish/Spam_Man_wins_Olympic_gold.asp

    http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453073903

    Another link to describe the CPM media scumware, this source is recognised
    across the web.

    http://blogs.smh.com.au/mashup/archives/003629.html Good links

    http://spywarewarrior.com/viewtopic.php?p=115065#115065


    If any of these allegations are true, how much more high profile and Visible can you get??
     
    Last edited by a moderator: Feb 24, 2006
Loading...
Thread Status:
Not open for further replies.