Spyware Warrior

[supermarkio]

After reporting his domains to Intercage, and they took a bunch of them down,
this guy started to protest that his software wasn't malware.

I endeavored to set him straight on that point, and then challenged him to reply to my castlecops forum post,
along with a list of things he needs to do to make his software legitimate.

For your info this is the Zlob 'Video Activex Access/Object' people.
They may be different from the fake codec/dnschanger people.

The whole thread. (scroll down a bit for the discussion)

http://www.castlecops.com/postitle193662-15-0-.html

[suzi]

Wow! That is really intersting. Thanks for posting it here. I guess I have to wonder a little of that guy is really who he claims he is, but it could be.

I will be following that thread for sure.
_________________
Former Microsoft MVP 2005-2009, Consumer Security
Please do not PM or Email me for personal support. Post in the Forums instead and we will all learn.

[Nightmaretony]

Deluded or as crazy as Ashley? Speaking of which, was there any followup to that amazing idiocy? (was an absolutely FASCINATING read
_________________
For this is the place
where dreams
and nightmares
are birthed
and bred

Nightmare Park

[suzi]

We haven't heard from Ash1ey for a long time, but now that you've mentioned him, he might pop-up.

That is an entertaining read, isn't it?
_________________
Former Microsoft MVP 2005-2009, Consumer Security
Please do not PM or Email me for personal support. Post in the Forums instead and we will all learn.

[supermarkio]

[Nightmaretony]

I still love how his reply was protected by a confidentiality agreement claimed there (I was able to get around one legally and post threats, harassment and intimidation under fair use and education, long story there).

But anyhoo, yuppers, Ashley was a VERY fun read. One wonders how people walk around with those kind of ethics.

Also wanted to say thanks again for helping out with the spam wierdness at work. Least IT is mobilized and doing their thing. Made for a most interesting day all around...
_________________
For this is the place
where dreams
and nightmares
are birthed
and bred

Nightmare Park

[suzi]

supermarkio,

In that case, he probably is then. Most interesting. We ought to get this on the bloggers circuit -- get some attention to it. I'll see what I can do about that, even though I'm not blogging now.

Nightmaretony,

Glad we could help. Olliver (a notepet) posted some very good information and he is very well versed on the subject.
_________________
Former Microsoft MVP 2005-2009, Consumer Security
Please do not PM or Email me for personal support. Post in the Forums instead and we will all learn.

[suzi]

You know, Anthony must be taking lessons from adware companies, like Zango comes to mind when he says:

[supermarkio]

Yeah Suzi, thats what I thought as well.

There's alot of things he needs to answer for which he hasn't yet.
You're welcome to jump in there yourself if you like.

[suzi]

Let's see if he comes back first, then I'll post in the thread. I sent the link to a few people, mabye it will get blogged.
_________________
Former Microsoft MVP 2005-2009, Consumer Security
Please do not PM or Email me for personal support. Post in the Forums instead and we will all learn.

[AndyAtHull]

Interesting that. And certainly something that I will keep on my radar since I blog about alot of rogues and codecs etc.

I still am suspicious about all of this due to the fact we had a similar comment last year when I blogged about a rogue. I kind of slamdunked them and they never replied again ... oh well.

Take everything 'they' say with a pinch of salt.
_________________
Andrew Kleijn
Securitycadets' Owner

Follow me on: Twitter | Follow Securitycadets' on: Twitter | Become a fan on: Facebook

[MysteryFCM]

Someone might want to get the live links here munged;

http://www.castlecops.com/p965479-Live_Trojan_Zlob_Dnschanger_hosting_sites_takedown.html#965479
_________________
Regards

Steven Burn
I.T. Mate / hpHosts
it-mate.co.uk / hosts-file.net

[JeanInMontana]

[paperghost]

[suzi]

Yep, blogged here.

http://sunbeltblog.blogspot.com/2007/07/bizarre-zlob-guy-posts-on-public-forum.html

It looks like someone cleaned up that post.
_________________
Former Microsoft MVP 2005-2009, Consumer Security
Please do not PM or Email me for personal support. Post in the Forums instead and we will all learn.

[supermarkio]

He responded to my post:

http://www.castlecops.com/p965620-Live_Trojan_Zlob_Dnschanger_hosting_sites_takedown.html#965620

Partial quote.

[suzi]

Hmmm.. all of his posts are from the same IP address.

http://www.dnsstuff.com/tools/ipall.ch?ip=69.57.167.90

It sure looks like they are in the US. Savvis is in New York.

http://www.dnsstuff.com/tools/tracert.ch?ip=69.57.167.90

I wouldn't necessarily believe everything he says either. The bit about not being a business entity sound bogus to me. There has to be a money trail, whether they call themselves a business entity or not. The affiiliates have to be paid and their installations tracked, etc.
_________________
Former Microsoft MVP 2005-2009, Consumer Security
Please do not PM or Email me for personal support. Post in the Forums instead and we will all learn.

[supermarkio]

The IP says its from Fortressitx.
http://fortressitx.com/
Not sure what to make of that though.

[suzi]

Yes, I mean to say Savvis is their upstream. It's hard to say. I don't see anything to indicate that Fortressitx is a provider of internet access services, like a typical ISP, like Comcast, Verizon and such. He may be connected through a VPN with a US IP address and be physically located elsewhere. Or something like that.
_________________
Former Microsoft MVP 2005-2009, Consumer Security
Please do not PM or Email me for personal support. Post in the Forums instead and we will all learn.

[ShadowPuterDude]

Savvis is a service provider.

This is from the descritption meta tag:
"SAVVIS, Inc. (NASDAQ: SVVS) is a global IT utility services provider that leads the industry in delivering secure, reliable, and scalable hosting, network, and application services. SAVVIS' strategic approach combines the use of virtualization technology, a utility services model, and automated software management and provisioning systems. SAVVIS solutions enable customers to focus on their core business while SAVVIS ensures the quality of their IT infrastructure. With an IT services platform that extends to 45 countries, SAVVIS is one of the world's largest providers of IP computing services."

From their Network Services page:
"SAVVIS operates an integrated global IP and transport network that delivers IP VPN and Internet solutions for enterprises and carriers alike. The SAVVIS IP network spans 105 cities in 47 countries, encompassing the U.S., Canada, Latin America, Europe, The Middle East, Asia and the Pacific Rim."

It is possible he is in the Ukraine, and is utilizing a VPN provided by Savvis with a US based server.
_________________
"Only those who fail greatly can ever achieve greatly" - Robert F. Kennedy

Microsoft Most Valuable Professional Consumer Security (2007-2008)
Member - Alliance of Security Analysis Professionals Since 2006

[suzi]

Ok, I posted there.
_________________
Former Microsoft MVP 2005-2009, Consumer Security
Please do not PM or Email me for personal support. Post in the Forums instead and we will all learn.

[supermarkio]

I feel like I'm banging my head into a wall.

I just spent a couple hours going over the software again and taking screenshots for a new post.
Nothing has changed except a little more info was buried into the license agreement.
I doubt anything will ever change with it in any meaningful way.

[suzi]

Unfortunately you are probably correct. They are probably making too much $$ to change their ways. When the sites are registered to enties in lawless countries and hosted in lawless countries, there is not much that can be done except to educate and warn the internet public. And get all their files into the AV and anti-spyware definitions so they can be detected.
_________________
Former Microsoft MVP 2005-2009, Consumer Security
Please do not PM or Email me for personal support. Post in the Forums instead and we will all learn.

[JeanInMontana]

I wonder what he was thinking even making a showing. Like he thought he could just bluff his way through any accusations and move on.
_________________

Hoax~Slayer * hpHosts * T.I.C. * Malwarebytes

[suzi]

[JeanInMontana]

I think they all drink the same Kool-Aid. Every rogue vendor and malware pusher all have the same song and dance.

The same smug attitude that they are so much more clever than those of us that deal with the end results.

If this guy comes back to make a statement, I bet he says he had to spend time with his family! Or some other lame excuse for why he hasn't made a reply to the solid evidence being posted against him. Maybe he is getting his child porn sites moved around again so no one can bust them for that.
_________________

Hoax~Slayer * hpHosts * T.I.C. * Malwarebytes

[tripkill201]

[JeanInMontana]

Well, I see I'm being censored here too. That's special.
_________________

Hoax~Slayer * hpHosts * T.I.C. * Malwarebytes

[suzi]

[JeanInMontana]

[JeanInMontana]

Oh and again....someone has altered the word filter so p-o-r-n comes out as spam.

Edit for typo
_________________

Hoax~Slayer * hpHosts * T.I.C. * Malwarebytes

[suzi]

We do have some word filters in place. They apply to all posts, you are not being singled out.

The word filters we have are either swear words (like the f-word) or words that spammers like to use. Spammers were posting stuff advertsing p o r n videos, (that were actually links to zlob trojans). The word filters make it appear as "spam videos", which makes it apparent to anyone who might read it before we could delete it that it is what it is... spam.

I hope you don't take offense to that. It's our attempt to keep the forum family friendly and warn users of spam posts.
_________________
Former Microsoft MVP 2005-2009, Consumer Security
Please do not PM or Email me for personal support. Post in the Forums instead and we will all learn.

[JeanInMontana]

I understand Suzi, it was just a big shock to see what I was sure I had said, changed and fresh after the other incident.

You know what they say, just because your paranoid, doesn't mean they aren't out to get you.
_________________

Hoax~Slayer * hpHosts * T.I.C. * Malwarebytes

[Corrine]

[suzi]

Please, no forum politics from other sites here.
_________________
Former Microsoft MVP 2005-2009, Consumer Security
Please do not PM or Email me for personal support. Post in the Forums instead and we will all learn.

[Oldfrog]

[supermarkio]

AnthW replied again.
Looks like he finally made that website he said he would.
But the software itself remains the same.

[suzi]

I have found that in most cases guys like him aren't interested in changing. It doesn't take long for dialogue with them to become a waste of time. If someone is sincere about making changes, you will know it right away.
_________________
Former Microsoft MVP 2005-2009, Consumer Security
Please do not PM or Email me for personal support. Post in the Forums instead and we will all learn.

[tripkill201]

[JeanInMontana]

Heh I went there, reported it to SiteAdvisor, SiteHound and added it to the hpHosts list for inclusion next update. It will join the 69 other entries from that IP!
_________________

Hoax~Slayer * hpHosts * T.I.C. * Malwarebytes