Update:
We’ve been getting reports from a lot of people about this fake email from Vimeo. Some received more than 10 fake Vimeo emails for 24 hours.
More fake emails going around today. This time they are pretending from Vimeo.
Seems Legit: Dropbox Edition
Yet another reminder not to blindly click/tap on links in emails. This time it is brought to you by fake Dropbox email.
WordPress 3.4
WordPress 3.4 is released.
If you’re running a self-install WordPress Site, first check if all your plugins are compatible.
You’ll thank yourself later.
Add the followings to your host file and you’ll thank yourself later.
127.0.0.1 gizmodo.com
127.0.0.1 www.gizmodo.com
127.0.0.1 api.gawker.com
127.0.0.1 cache.gawkerassets.com
127.0.0.1 cache.gizmodo.com
127.0.0.1 fonts.gawker.com
127.0.0.1 ganja.gawkerassets.com
127.0.0.1 img.gawkerassets.com
Header for the host file:
##
# Host Database
#
# localhost is used to configure the loopback interface
# when the system is booting. Do not change this entry.
##
127.0.0.1 localhost
255.255.255.255 broadcasthost
::1 localhost
fe80::1%lo0 localhostfe80::1%lo0 localhost
Dont know what a hosts file is?
Wikipedia has a page for it.
No more accidentally clicking on links to garbage posts on this particular site.
TDSS Rootkit
A client called me because one of the office computer “was not working.”
Well, the problem was much severe than described. It suffered from multiple malware infections. As usual, I used numbers of applications to detect and remove the malware. I also noted that this computer is unable to download any Windows Update.
- Microsoft’s Malicious Software Removal Tool
- Microsoft’s Safety Scanner
- Malwarebytes AntiMalware
- Combofix
- Spybot – Search & Destroy
- Hitman Pro
So, the system is infected with TDSS Rootkit.
The next step is to download Kaspersky Anti-rootkit utility TDSSKiller.
I made sure to “Change parameters” and select the option to detect TDSS file system.
After a reboot, Windows is able to download and install updates.
Spammer Alert: margretriverhosting.com
This is the continuation to milkcheesedns.com spammer.
properlymysteriouslyupbeat.com
Registration Service Provided By: Namecheap.com
Contact: support@namecheap.com
Visit: http://namecheap.comDomain name: properlymysteriouslyupbeat.com
Registrant Contact:
margretriverhosting
Domain Management ()Fax:
PO Box 66738
Saint Louis, MO 63166-6738
USAdministrative Contact:
margretriverhosting
Domain Management (domains@margretriverhosting.com)
+1.3147146057
Fax: +1.3147146057
PO Box 66738
Saint Louis, MO 63166-6738
USTechnical Contact:
margretriverhosting
Domain Management (domains@margretriverhosting.com)
+1.3147146057
Fax: +1.3147146057
PO Box 66738
Saint Louis, MO 63166-6738
USStatus: Locked
Name Servers:
ns1.safetyorangeblazeorangemule.com
ns2.safetyorangeblazeorangemule.comCreation date: 30 May 2012 07:20:00
Expiration date: 29 May 2013 23:20:00
margretriverhosting.com
The Registry database contains ONLY .COM, .NET, .EDU domains and
Registrars.
Registration Service Provided By: PLANET ONLINE
Contact: +1.8887654932
Website: http://www.planetonline.netDomain Name: MARGRETRIVERHOSTING.COM
Registrant:
Margret River Hosting
Margret River Hosting (webmaster@margretriverhosting.com)
PO Box 105603
#88657
Atlanta
Georgia,30348
US
Tel. +404.6719366Creation Date: 20-Aug-2010
Expiration Date: 20-Aug-2012Domain servers in listed order:
ns1.planetonline.net
ns2.planetonline.net
ns3.planetonline.net
ns4.planetonline.netAdministrative Contact:
Margret River Hosting
Margret River Hosting (webmaster@margretriverhosting.com)
PO Box 105603
#88657
Atlanta
Georgia,30348
US
Tel. +404.6719366Technical Contact:
Margret River Hosting
Margret River Hosting (webmaster@margretriverhosting.com)
PO Box 105603
#88657
Atlanta
Georgia,30348
US
Tel. +404.6719366Billing Contact:
Margret River Hosting
Margret River Hosting (webmaster@margretriverhosting.com)
PO Box 105603
#88657
Atlanta
Georgia,30348
US
Tel. +404.6719366
From contact page, which most likely useless:
(314) 714-6057
PO Box 66738 Saint Louis, MO 63166-6738
The information provided in the contact page can be used to chart the spammer’s pattern.
Note the Name server: safetyorangeblazeorangemule.com
Registration Service Provided By: Namecheap.com
Contact: support@namecheap.com
Visit: http://namecheap.comDomain name: safetyorangeblazeorangemule.com
Registrant Contact:
Technical Support ()
Fax:
PO Box 29502
Las Vegas, NV 89126
USAdministrative Contact:
Technical Support (domains@newbrandhosting.net)
+1.7026660363
Fax: +1.5555555555
PO Box 29502
Las Vegas, NV 89126
USTechnical Contact:
Technical Support (domains@newbrandhosting.net)
+1.7026660363
Fax: +1.5555555555
PO Box 29502
Las Vegas, NV 89126
USStatus: Locked
Name Servers:
dns1.registrar-servers.com
dns2.registrar-servers.com
dns3.registrar-servers.com
dns4.registrar-servers.com
dns5.registrar-servers.com
The problem is that domain name registrars such as eNom and NameCheap would not take pro-active stance in fighting against these type of spammer. It is pretty obvious that the same individuals are responsible for these domain names. They keep registering new domain names and the domain name registrars did not do a thing to stop them from doing so.
Diagram of a Spammer
Diagram of a spammer.
Fake hosting company:
- strongcloudhosting.com
- 3rdcloudhosting.com
- coomahosting.com
- newbrandhosting.net
- 5thavehost.com
- blackshosting.com
- 1stilinehosting.com
- railsonhosting.com
Spammer’s Name Servers:
- mobilegroble.com
- milkcheesedns.com
- grandfatherdns.com
- professdns.com
- safetyorangeblazeorangemule.com
Samples of spammer’s domain names:
- nimbleloaf.com
- hallcow.com
- questionableoverthrow.com
- cameraspadetoad.net
- answerloveonline.com
- spadesunmeasure.org (not listed in the diagram)
- boundarychannelbeam.net (not listed in the diagram)
Click on the image below to view the diagram.
