Spyware Warrior Spyware Warrior
Help with Spyware, Hijacking & Other Internet Nuisances
 
FAQ :: Search :: Memberlist :: Usergroups :: Register
Profile :: Log in to check your private messages :: Log in

New rogue

 
Post new topic   Reply to topic    Spyware Warrior Forum Index -> Anti-Spyware and Security Software Discussion
View previous topic :: View next topic  
Author Message
nosirrah
Warrior


Joined: 30 Aug 2006
Last Visit: 16 Jul 2007
Posts: 160
PostPosted: Thu Mar 01, 2007 4:21 am    Post subject: New rogue Reply with quote
hxxp://www.neospacelab.com/

This one exploits Adaware , is advertised through a new trojan (installed through an exploit) and finds false positives before asking for money to remove them .

If anyone wants the malware samples or site involved with the exploit please PM me .
Back to top
View user's profile Send private message
AndyAtHull
SWW Honors Graduate


Joined: 27 Oct 2005
Last Visit: 07 Jan 2010
Posts: 438
PostPosted: Fri Mar 02, 2007 11:14 am    Post subject: Reply with quote
Whois: http://whois.domaintools.com/neospacelab.com

E-mail isnt from the UK anyway. And probably fake.

Quote:
Registrant:
Richard Fowler
37 Store Street
Apt. 500
London, Bloomsbury WC1E 7QF
United Kingdom

Registered through: Domains Priced Right
Domain Name: NEOSPACELAB.COM
Created on: 10-Jan-07
Expires on: 10-Jan-08
Last Updated on:

Administrative Contact:
Fowler, Richard
37 Store Street
Apt. 500
London, Bloomsbury WC1E 7QF
United Kingdom
+44.2084369201

Technical Contact:
Fowler, Richard
37 Store Street
Apt. 500
London, Bloomsbury WC1E 7QF
United Kingdom
+44.2084369201

Domain servers in listed order:
NS.VIVAHOSTER.COM
NS2.VIVAHOSTER.COM

_________________
MRU Master at MalwareRemoval/ASAP member since '06

SecurityCadets is proud to be an ASAP member since 2006
Back to top
View user's profile Send private message Visit poster's website
suzi
Site Admin


Joined: 27 Jul 2003
Last Visit: 29 Jul 2010
Posts: 10702
Location: sunny California
PostPosted: Fri Mar 02, 2007 11:59 am    Post subject: Reply with quote
neospacelab.com is on an IP address right next to a site known for exploits... porcosnet.com

The exploit URL has the word "neosploit" in it, so that makes me thing the company itself is involved in the exploit...

First they exploit you, then they try to sell you some rip-off software. Rolling Eyes
_________________
Former Microsoft MVP 2005-2009, Consumer Security
Please do not PM or Email me for personal support. Post in the Forums instead and we will all learn. Smile
Back to top
View user's profile Send private message Visit poster's website
AndyAtHull
SWW Honors Graduate


Joined: 27 Oct 2005
Last Visit: 07 Jan 2010
Posts: 438
PostPosted: Sat Mar 03, 2007 1:49 pm    Post subject: Reply with quote
Usefull info about "porcosnet.com" there Suzi, I never knew. I found it on the mvp hosts file etc.

I had a say about it and added it to Digg. Hope it saves some poor users.

Andy
_________________
MRU Master at MalwareRemoval/ASAP member since '06

SecurityCadets is proud to be an ASAP member since 2006
Back to top
View user's profile Send private message Visit poster's website
Display posts from previous:   
Post new topic   Reply to topic    Spyware Warrior Forum Index -> Anti-Spyware and Security Software Discussion All times are GMT - 8 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



smartBlue Style © 2002 Smartor
Powered by phpBB © 2001, 2002 phpBB Group