|
scancode
|
 |
« on: January 30, 2009, 08:54:18 PM » |
|
I found this scam company who is charging 4.50 euros to download free software/freeware/demoware... S C A M ! TOS (spanish only): hxxp://www.shareware.pro/terms.html ( http://www.teoriza.com/cache/1625 ) Sms Telecom LLC
City: Roseau
Province: St. George
Postal Code 00152
Dominica
TEl: +117674400530 This is the list of the .pro scamsites, with screenies! Scamsite | Real Site |  hxxp://ares.pro/ | |  hxxp://avast.pro/ | |  hxxp://emule.pro/ | |  hxxp://limewire.pro/ | |  hxxp://lphant.pro/ | |  hxxp://messenger.pro/ | |  hxxp://nero.pro/ | |  hxxp://openoffice.pro/ | |  hxxp://utorrent.pro/ | |  hxxp://videolan.pro/ | |  hxxp://winrar.pro/ | |
They also own the following scamsites: adobe-reader-co.com adware-co.com amule-co.com ares-espaƱa.com ares-galaxi.com aresgratis.net avi-codec-co.com ccleaner-co.com clonecd-co.com codec-co.com divx-co.com divx-player-co.com dreamweaver-co.com emule-co.com emuleespaƱa.es emuleespaƱa.org emulefree.com emule-gratis.es emuleplus-co.com explorer-co.com firefox-co.com flash-player-co.com limewire-comp.com lite-codec-co.com lphant-co.com media-player-co.com messenger75-co.com messenger-comp.com messenger-plus-co.com messenger-plus-live-co.com mule-force-co.com office-co.com opera-co.com paint-net-co.com paint-shop-pro.com power-dvd-co.com realplayer-co.com regcleaner-co.com servicepack-co.com sin-espias.es tuneup-co.com virtualdj-co.com vuze-co.com winamp-co.com winrar-co.com xp-codecpack-co.com zattoo-co.com zone-alarm-co.comAny way to stop them? |
|
|
|
« Last Edit: January 31, 2009, 06:51:49 AM by scancode »
|
Logged
|
|
|
|
|
Paul Keith
|
|
« Reply #1 on: January 30, 2009, 09:40:45 PM » |
|
Nice find scancode! How long did it take you to create the table?
The best way to stop this is to alert the actual site themselves and let the rest of the community to handle it. It would also work if you know any blogger who would personally blog about this in their sites.
|
|
|
|
|
Logged
|
<reserve space for the day DC can auto-generate your signature from your personal PopUp Wisdom quotes>
|
|
|
|
scancode
|
|
« Reply #2 on: January 30, 2009, 09:44:32 PM » |
|
Nice find scancode! How long did it take you to create the table?
Anger gives me phpbb bbcode supahpowaz! Hehehe, nah, perhaps an hour including finding all domains and such. There _MUST_ be a way to stop this kinda scams. (Google banning them from AdWords, as a first step) |
|
|
|
« Last Edit: January 31, 2009, 06:52:31 AM by scancode »
|
Logged
|
|
|
|
|
|
gexecuter
|
|
« Reply #3 on: January 30, 2009, 10:03:42 PM » |
|
Avast gives me a warning when trying to visit the fake sites, be careful guys!
|
|
|
|
|
Logged
|
Mouser is made of win and awesome!
|
|
|
|
Ehtyar
|
|
« Reply #4 on: January 30, 2009, 10:10:03 PM » |
|
What an utterly pathetic joke. ICANN really needs to get a hard kick in the arse for this  Ehtyar. |
|
|
|
|
Logged
|
|
|
|
|
Paul Keith
|
|
« Reply #5 on: January 30, 2009, 10:44:27 PM » |
|
Nice find scancode! How long did it take you to create the table?
Anger gives me phpbb supahpowaz! Hehehe, nah, perhaps an hour including finding all domains and such. There _MUST_ be a way to stop this kinda scams. (Google banning them from AdWords, as a first step) Wow. Kudos for the dedication. Yeah, there's a sort of cheap way to do this. Google has recently released a feature where you can comment and downvote a search result. The problem is that you still need mass amounts of advertising and community behind you to truly beat this process. It's like an AHK being labelled a false positive by AV companies or an employee being treated unfairly by a large company. Lots of times you need exposure. |
|
|
|
|
Logged
|
<reserve space for the day DC can auto-generate your signature from your personal PopUp Wisdom quotes>
|
|
|
|
nite_monkey
|
|
« Reply #6 on: January 30, 2009, 10:47:21 PM » |
|
Avast gives me a warning when trying to visit the fake sites, be careful guys!
avast flipped out when I just visited this forum topic. |
|
|
|
|
Logged
|
[Insert really cool signature here]
|
|
|
|
f0dder
|
|
« Reply #7 on: January 31, 2009, 04:57:56 AM » |
|
I wonder how many people actually fall for those scam sites?
(Probably a lot. I don't have much faith in human intelligence.)
|
|
|
|
|
Logged
|
 - carpe noctem |
|
|
|
mahesh2k
|
|
« Reply #8 on: January 31, 2009, 05:43:26 AM » |
|
Such scraper sites with adsense/adbrite/adigy on them are even featured on google results, i don't understand how can google give us results of such sites.  I think services mentioned below can be used to take these sites down. # Phishtank (another opendns sister project) # Web of Trust (Firefox plugin available) BTW good job for pointing it out, Scannie  |
|
|
|
|
Logged
|
|
|
|
|
scancode
|
|
« Reply #9 on: January 31, 2009, 06:56:30 AM » |
|
Such scraper sites with adsense/adbrite/adigy on them are even featured on google results, i don't understand how can google give us results of such sites. They're ADVERTISED on google, and they're ad-free.
Also, changed the links, I just realized I was accidentally giving them google luv. |
|
|
|
|
Logged
|
|
|
|
|
Paul Keith
|
|
« Reply #10 on: January 31, 2009, 07:08:40 AM » |
|
Such scraper sites with adsense/adbrite/adigy on them are even featured on google results, i don't understand how can google give us results of such sites. I think services mentioned below can be used to take these sites down. # Phishtank (another opendns sister project) # Web of Trust (Firefox plugin available) BTW good job for pointing it out, Scannie Doubt it. These sites are often designed for those who already know enough to avoid these security problems. |
|
|
|
|
Logged
|
<reserve space for the day DC can auto-generate your signature from your personal PopUp Wisdom quotes>
|
|
|
|
mahesh2k
|
|
« Reply #11 on: January 31, 2009, 07:56:43 AM » |
|
|
|
|
|
|
Logged
|
|
|
|
|
Paul Keith
|
|
« Reply #12 on: January 31, 2009, 08:47:39 AM » |
|
 Well, I'm not saying they don't help. Just that 99% of the time, if you have a PC with these things enabled, you already have a user that can easily be informed of this problem because they already have Firefox or Opera installed. The audience for these systems are primarily casual users migrating to casual tech level users. Not really the audience of these kinds of scam sites. More for those people who might not be aware of phishing and fake sites. (fake as in drive by downloads malware)
|
|
|
|
|
Logged
|
<reserve space for the day DC can auto-generate your signature from your personal PopUp Wisdom quotes>
|
|
|
|
scancode
|
|
« Reply #13 on: November 30, 2009, 03:38:17 AM » |
|
New ones. The Vuze, Adobe Reader and IE ones look BETTER than the real sites, ffs. Scamsite | Real Site |  hxxp://codec.pro/ | none |  hxxp://clamwin.pro/ | |  hxxp://firefox3.pro/ | |  hxxp://alcohol120.pro/ | |  hxxp://youtubedownloader.pro/ | |  hxxp://bittorrent.pro/ | |  hxxp://vuze.pro/ | |  hxxp://klite.pro/ | |  hxxp://zattoo.pro/ | |  hxxp://adobereader.pro/ | |  hxxp://internet-explorer.pro/ | |
Any way to stop them? |
|
|
|
« Last Edit: November 30, 2009, 03:40:35 AM by scancode »
|
Logged
|
|
|
|
|
Carol Haynes
|
|
« Reply #14 on: November 30, 2009, 06:58:13 AM » |
|
Depends where the scammers are based - if the site are simply registered in the Dominican Republic (presumably nothing to do with ICANN) and the people who registered them are in the US or elsewhere then they can be taken to court for identity theft, copyright and patent infringement etc. and get cease and desist orders made against them.
If on the other hand they are based in countries that don't honour these international agreements it is difficult to see what can be done short of a boycott of the nations until they agree to enforce international treaties.
|
|
|
|
|
Logged
|
|
|
|
|
mediaguycouk
|
|
« Reply #15 on: November 30, 2009, 08:39:59 AM » |
|
Going to take the other side for a second here (note I don't speak Spanish) but the ones I checked (adobe reader and firefox) link directly to the original sites download links, so is there really a problem if they aren't charging or injecting spyware?
|
|
|
|
|
Logged
|
|
|
|
|
scancode
|
|
« Reply #16 on: November 30, 2009, 11:50:36 AM » |
|
Going to take the other side for a second here (note I don't speak Spanish) but the ones I checked (adobe reader and firefox) link directly to the original sites download links, so is there really a problem if they aren't charging or injecting spyware?
Maybe they link directly to the original DL because you're not in a supported country. I am. [ copy or print] <div id="downloadarea1" class="downloadarea"><a href="AdobeReader9a.exe" class="downloadbutton">Descargar<br /> Adobe Reader 9</a> </div>  I didn't know Adobe used NSIS  Warning: toolbars ahead.  | Adobe Reader 9 | HELP US OUT
We only ask you to text AREAD to 27777 to receive an install code.
Once you have it, put it in the box to continue installing the program.
THANKS FOR YOUR HELP!!
Code: [ ]
2 messages are required to get the code. Cost of each SMS: 1 USD. Only valid for cellphones in Argentina.
If you have any trouble visit hxxp://shareware.pro/support/
|
|
|
|
|
|
Logged
|
|
|
|
|
scancode
|
|
« Reply #17 on: November 30, 2009, 12:06:25 PM » |
|
Update: I used a proxy to access the site. [ copy or print] <div id="downloadarea1" class="downloadarea"><a href="http://ardownload.adobe.com/pub/adobe/reader/win/9.x/9.0/esp/AdbeRdr90_es_ES.exe" class="downloadbutton">Descargar<br /> Adobe Reader 9</a> </div> MOTHERF  KERS!  |
|
|
|
|
Logged
|
|
|
|
|
mouser
|
|
« Reply #18 on: November 30, 2009, 12:18:45 PM » |
|
can you explain a little bit more about what you have discovered they are doing scancode?
|
|
|
|
|
Logged
|
|
|
|
|
app103
|
|
« Reply #19 on: November 30, 2009, 12:52:01 PM » |
|
I think services mentioned below can be used to take these sites down.
# Phishtank (another opendns sister project)
# Web of Trust (Firefox plugin available)
WOT would not have protected anyone from most of these scam sites until today. More than half of them didn't have any bad reputation marks. (I just changed that, though  ) By the way, WOT is also available for IE, so if you know anyone that would be dumb enough to get themselves in trouble, install it on their PC, for both IE and Firefox (if they have that, too) Scannie, if you discover any more of them, be sure to let me know. I got buckets of red paint ready for their reputation pages on WOT. If you get a big enough list together I can post it on the WOT forum and get a lot more people behind flagging them, too. |
|
|
|
|
Logged
|
|
|
|
|
MilesAhead
|
|
« Reply #20 on: November 30, 2009, 01:31:43 PM » |
|
I wonder how many people actually fall for those scam sites?
(Probably a lot. I don't have much faith in human intelligence.)
I think dolphins were smart enough to see what evolution was up to, and stayed in the water.  |
|
|
|
|
Logged
|
"I can't speak to anyone anywhere because I flunked Esperanto."
-- MilesAhead
|
|
|
|
scancode
|
|
« Reply #21 on: November 30, 2009, 03:43:13 PM » |
|
can you explain a little bit more about what you have discovered they are doing scancode?
I'd be glad to, mousey. Take freeware/FOSS and they write their custom installer for it, and design a website. Make said installer ask for a download token, which should be BOUGHT via SMS. Then it installs a browser toolbar and other assorted naughties. If the website is visited from a country they're not interested in scamming, redirect downloads to the real site. ... Profit! Fucking evil. |
|
|
|
« Last Edit: November 30, 2009, 03:44:47 PM by scancode »
|
Logged
|
|
|
|
|
Innuendo
|
|
« Reply #22 on: November 30, 2009, 03:47:36 PM » |
|
can you explain a little bit more about what you have discovered they are doing scancode?
Just going by scancode's Adobe Reader example it'd cost him US$2 just to install it. Then it looks like it runs a suspicious file called Peer2Peer.exe and installs a Firefox extension called Peer2Peer as well. EDIT: scancode beat me to the punch. |
|
|
|
|
Logged
|
|
|
|
|
mouser
|
|
« Reply #23 on: November 30, 2009, 03:57:56 PM » |
|
that is very evil. |
|
|
|
|
Logged
|
|
|
|
|
scancode
|
|
« Reply #24 on: November 30, 2009, 04:18:28 PM » |
|
The SMS validation service is provided by a server who also hosts smgj://russian.ircfast.com/, a download site that ALSO does the SMS thing. Are all the fuckware companies related?
|
|
|
|
|
Logged
|
|
|
|
|
