Spyware Warrior Spyware Warrior
Help with Spyware, Hijacking & Other Internet Nuisances
 
FAQ :: Search :: Memberlist :: Usergroups :: Register
Profile :: Log in to check your private messages :: Log in

websecuritybureau.com...?

 
Post new topic   Reply to topic    Spyware Warrior Forum Index -> Virus, Worm &Trojan Alerts
View previous topic :: View next topic  
Author Message
datababe
Warrior


Joined: 13 Dec 2004
Last Visit: 10 Oct 2012
Posts: 217
Location: Inside your head

PostPosted: Mon May 11, 2009 11:10 am    Post subject: websecuritybureau.com...? Reply with quote

Anyone else run across this one?

hXXp://websecuritybureau.com

Throws up a webpage that looks like a Windows Security Center warning. CA AV popped up with a deletion of w32/seekwel.A, filename axxk.atf, not a moment later, and no coincidence I'd say.

Incidentally, I just hit the above with Opera on my Macbook, and got a JavaScript message that goes like this:
Quote:

<websecuritybureau.com>

Warning!!! Your computer contains various signs of viruses and malware programs presence. Your system requires immediate anti viruses check! System Security will perform a quick and free scanning of your PC for viruses and malicious programs."

I didn't get the Windows Security Center facade, possibly because the script didn't execute fully/properly. I did check off "stop executing scripts on this page". Um, d'oh!

p.s. source code for the page is good for a chuckle. Off to do a whois search. Wink
_________________
- Datababe
Until you spread your wings, you'll have no idea how far you can walk.
http://redoakranch.x10hosting.com
http://datababe007.blogspot.com
Back to top
View user's profile Send private message Visit poster's website
MysteryFCM
Malware Expert


Joined: 28 Aug 2004
Last Visit: 20 Apr 2014
Posts: 850
Location: Tyne & Wear, UK

PostPosted: Mon May 11, 2009 1:24 pm    Post subject: Reply with quote

http://hosts-file.net/pest.asp?show=209.44.126.
_________________
Regards

Steven Burn
I.T. Mate / hpHosts
it-mate.co.uk / hosts-file.net
Back to top
View user's profile Send private message Visit poster's website
MysteryFCM
Malware Expert


Joined: 28 Aug 2004
Last Visit: 20 Apr 2014
Posts: 850
Location: Tyne & Wear, UK

PostPosted: Mon May 11, 2009 1:24 pm    Post subject: Reply with quote

[dupe]
_________________
Regards

Steven Burn
I.T. Mate / hpHosts
it-mate.co.uk / hosts-file.net
Back to top
View user's profile Send private message Visit poster's website
datababe
Warrior


Joined: 13 Dec 2004
Last Visit: 10 Oct 2012
Posts: 217
Location: Inside your head

PostPosted: Mon May 11, 2009 2:36 pm    Post subject: Reply with quote

Thankee sir. Smile
_________________
- Datababe
Until you spread your wings, you'll have no idea how far you can walk.
http://redoakranch.x10hosting.com
http://datababe007.blogspot.com
Back to top
View user's profile Send private message Visit poster's website
suzi
Site Admin


Joined: 27 Jul 2003
Last Visit: 20 Aug 2014
Posts: 10323
Location: sunny California

PostPosted: Mon May 11, 2009 7:15 pm    Post subject: Reply with quote

Interesting....
_________________
Former Microsoft MVP 2005-2009, Consumer Security
Please do not PM or Email me for personal support. Post in the Forums instead and we will all learn. Smile
Back to top
View user's profile Send private message Visit poster's website
datababe
Warrior


Joined: 13 Dec 2004
Last Visit: 10 Oct 2012
Posts: 217
Location: Inside your head

PostPosted: Mon May 11, 2009 7:43 pm    Post subject: Reply with quote

Yeppers...

http://ws.arin.net/whois/?queryinput=209.44.126.22

"Marica Jones" is a busy person, it seems.

http://whois.domaintools.com/websecuritybureau.com
_________________
- Datababe
Until you spread your wings, you'll have no idea how far you can walk.
http://redoakranch.x10hosting.com
http://datababe007.blogspot.com
Back to top
View user's profile Send private message Visit poster's website
mikey
Malware Expert


Joined: 12 Feb 2004
Last Visit: 14 Aug 2014
Posts: 1073
Location: CenTex

PostPosted: Tue May 12, 2009 8:47 am    Post subject: Reply with quote

This dedicated appliance has several name servers reged to it; http://www.robtex.com/ip/209.44.126.22.html The entire box appears to be supporting the same scam under various names.

MFCM, do you guys have all of them listed?
_________________
-

UbuntuStudio...community supported multi-media development optimization.

-
Back to top
View user's profile Send private message Visit poster's website
MysteryFCM
Malware Expert


Joined: 28 Aug 2004
Last Visit: 20 Apr 2014
Posts: 850
Location: Tyne & Wear, UK

PostPosted: Tue May 12, 2009 9:08 am    Post subject: Reply with quote

I believe so, yep Smile

Several of those listed at RobTex aren't resolving for me Sad

hosts-file.net/misc/hpObserver_-_209.44.126.22.html
_________________
Regards

Steven Burn
I.T. Mate / hpHosts
it-mate.co.uk / hosts-file.net
Back to top
View user's profile Send private message Visit poster's website
mikey
Malware Expert


Joined: 12 Feb 2004
Last Visit: 14 Aug 2014
Posts: 1073
Location: CenTex

PostPosted: Tue May 12, 2009 9:29 am    Post subject: Reply with quote

Cool!
_________________
-

UbuntuStudio...community supported multi-media development optimization.

-
Back to top
View user's profile Send private message Visit poster's website
suzi
Site Admin


Joined: 27 Jul 2003
Last Visit: 20 Aug 2014
Posts: 10323
Location: sunny California

PostPosted: Tue May 12, 2009 12:09 pm    Post subject: Reply with quote

Marcia Jones' address is fake.
Mapquest:
Quote:
We did not find an exact match for your search, but we found a similar location:


Not that I'm surprised however. Confused

Seems I recall some talk about Regtime being ESTDomains' replacement.
_________________
Former Microsoft MVP 2005-2009, Consumer Security
Please do not PM or Email me for personal support. Post in the Forums instead and we will all learn. Smile
Back to top
View user's profile Send private message Visit poster's website
Display posts from previous:   
Post new topic   Reply to topic    Spyware Warrior Forum Index -> Virus, Worm &Trojan Alerts All times are GMT - 8 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



smartBlue Style © 2002 Smartor
Powered by phpBB © 2001, 2002 phpBB Group