topbanner_forum
  *

avatar image

Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
  • Monday March 18, 2024, 9:47 pm
  • Proudly celebrating 15+ years online.
  • Donate now to become a lifetime supporting member of the site and get a non-expiring license key for all of our programs.
  • donate

Author Topic: New scamsites!  (Read 16937 times)

scancode

  • Honorary Member
  • Joined in 2007
  • **
  • Posts: 641
  • I will eat Cody someday.
    • View Profile
    • Read more about this member.
    • Donate to Member
New scamsites!
« on: January 30, 2009, 08:54 PM »
I found this scam company who is charging 4.50 euros to download free software/freeware/demoware... S C A M !

TOS (spanish only): hxxp://www.shareware.pro/terms.html ( http://www.teoriza.com/cache/1625 )

Sms Telecom LLC
City: Roseau
Province: St. George
Postal Code 00152
Dominica
TEl: +117674400530

This is the list of the .pro scamsites, with screenies!

Scamsite
Real Site
ares.pro.png
hxxp://ares.pro/
avast.pro.png
hxxp://avast.pro/
emule.pro.png
hxxp://emule.pro/
limewire.pro.png
hxxp://limewire.pro/
lphant.pro.png
hxxp://lphant.pro/
messenger.pro.png
hxxp://messenger.pro/
nero.pro.png
hxxp://nero.pro/
openoffice.pro.png
hxxp://openoffice.pro/
utorrent.pro.png
hxxp://utorrent.pro/
videolan.pro.png
hxxp://videolan.pro/
winrar.pro.png
hxxp://winrar.pro/

They also own the following scamsites: adobe-reader-co.com adware-co.com amule-co.com ares-españa.com ares-galaxi.com aresgratis.net avi-codec-co.com ccleaner-co.com clonecd-co.com codec-co.com divx-co.com divx-player-co.com dreamweaver-co.com emule-co.com emuleespaña.es emuleespaña.org emulefree.com emule-gratis.es emuleplus-co.com explorer-co.com firefox-co.com flash-player-co.com limewire-comp.com lite-codec-co.com lphant-co.com media-player-co.com messenger75-co.com messenger-comp.com messenger-plus-co.com messenger-plus-live-co.com mule-force-co.com office-co.com opera-co.com paint-net-co.com paint-shop-pro.com power-dvd-co.com realplayer-co.com regcleaner-co.com servicepack-co.com sin-espias.es tuneup-co.com virtualdj-co.com vuze-co.com winamp-co.com winrar-co.com xp-codecpack-co.com zattoo-co.com zone-alarm-co.com

Any way to stop them?
« Last Edit: January 31, 2009, 06:51 AM by scancode »

Paul Keith

  • Member
  • Joined in 2008
  • **
  • Posts: 1,989
    • View Profile
    • Donate to Member
Re: New scamsites!
« Reply #1 on: January 30, 2009, 09:40 PM »
Nice find scancode! How long did it take you to create the table?

The best way to stop this is to alert the actual site themselves and let the rest of the community to handle it. It would also work if you know any blogger who would personally blog about this in their sites.

scancode

  • Honorary Member
  • Joined in 2007
  • **
  • Posts: 641
  • I will eat Cody someday.
    • View Profile
    • Read more about this member.
    • Donate to Member
Re: New scamsites!
« Reply #2 on: January 30, 2009, 09:44 PM »
Nice find scancode! How long did it take you to create the table?

Anger gives me phpbb bbcode supahpowaz!

Hehehe, nah, perhaps an hour including finding all domains and such.

There _MUST_ be a way to stop this kinda scams. (Google banning them from AdWords, as a first step)
« Last Edit: January 31, 2009, 06:52 AM by scancode »

gexecuter

  • Supporting Member
  • Joined in 2008
  • **
  • Posts: 252
  • Move over and give us some room...
    • View Profile
    • Elite Freeware
    • Donate to Member
Re: New scamsites!
« Reply #3 on: January 30, 2009, 10:03 PM »
Avast gives me a warning when trying to visit the fake sites, be careful guys!
Mouser is made of win and awesome!

Ehtyar

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 1,237
    • View Profile
    • Donate to Member
Re: New scamsites!
« Reply #4 on: January 30, 2009, 10:10 PM »
What an utterly pathetic joke. ICANN really needs to get a hard kick in the arse for this >:(

Ehtyar.

Paul Keith

  • Member
  • Joined in 2008
  • **
  • Posts: 1,989
    • View Profile
    • Donate to Member
Re: New scamsites!
« Reply #5 on: January 30, 2009, 10:44 PM »
Nice find scancode! How long did it take you to create the table?

Anger gives me phpbb supahpowaz!

Hehehe, nah, perhaps an hour including finding all domains and such.

There _MUST_ be a way to stop this kinda scams. (Google banning them from AdWords, as a first step)

Wow. Kudos for the dedication.

Yeah, there's a sort of cheap way to do this. Google has recently released a feature where you can comment and downvote a search result. The problem is that you still need mass amounts of advertising and community behind you to truly beat this process.

It's like an AHK being labelled a false positive by AV companies or an employee being treated unfairly by a large company. Lots of times you need exposure.

nite_monkey

  • Member
  • Joined in 2006
  • **
  • Posts: 753
    • View Profile
    • Just Plain Super
    • Read more about this member.
    • Donate to Member
Re: New scamsites!
« Reply #6 on: January 30, 2009, 10:47 PM »
Avast gives me a warning when trying to visit the fake sites, be careful guys!
avast flipped out when I just visited this forum topic.
[Insert really cool signature here]

f0dder

  • Charter Honorary Member
  • Joined in 2005
  • ***
  • Posts: 9,153
  • [Well, THAT escalated quickly!]
    • View Profile
    • f0dder's place
    • Read more about this member.
    • Donate to Member
Re: New scamsites!
« Reply #7 on: January 31, 2009, 04:57 AM »
I wonder how many people actually fall for those scam sites?

(Probably a lot. I don't have much faith in human intelligence.)
- carpe noctem

mahesh2k

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 1,426
    • View Profile
    • Donate to Member
Re: New scamsites!
« Reply #8 on: January 31, 2009, 05:43 AM »
Such scraper sites with adsense/adbrite/adigy on them are even featured on google results, i don't understand how can google give us results of such sites. :mad:

I think services mentioned below can be used to take these sites down.

# Phishtank (another opendns sister project)
# Web of Trust (Firefox plugin available)

BTW good job for pointing it out, Scannie  :up:


scancode

  • Honorary Member
  • Joined in 2007
  • **
  • Posts: 641
  • I will eat Cody someday.
    • View Profile
    • Read more about this member.
    • Donate to Member
Re: New scamsites!
« Reply #9 on: January 31, 2009, 06:56 AM »
Such scraper sites with adsense/adbrite/adigy on them are even featured on google results, i don't understand how can google give us results of such sites. :mad:
They're ADVERTISED on google, and they're ad-free.

Also, changed the links, I just realized I was accidentally giving them google luv.

Paul Keith

  • Member
  • Joined in 2008
  • **
  • Posts: 1,989
    • View Profile
    • Donate to Member
Re: New scamsites!
« Reply #10 on: January 31, 2009, 07:08 AM »
Such scraper sites with adsense/adbrite/adigy on them are even featured on google results, i don't understand how can google give us results of such sites. :mad:

I think services mentioned below can be used to take these sites down.

# Phishtank (another opendns sister project)
# Web of Trust (Firefox plugin available)

BTW good job for pointing it out, Scannie  :up:

Doubt it. These sites are often designed for those who already know enough to avoid these security problems.

mahesh2k

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 1,426
    • View Profile
    • Donate to Member
Re: New scamsites!
« Reply #11 on: January 31, 2009, 07:56 AM »
Doubt it. These sites are often designed for those who already know enough to avoid these security problems.


 >:(  :(  :(  :o

Paul Keith

  • Member
  • Joined in 2008
  • **
  • Posts: 1,989
    • View Profile
    • Donate to Member
Re: New scamsites!
« Reply #12 on: January 31, 2009, 08:47 AM »
 ;D Well, I'm not saying they don't help. Just that 99% of the time, if you have a PC with these things enabled, you already have a user that can easily be informed of this problem because they already have Firefox or Opera installed.

The audience for these systems are primarily casual users migrating to casual tech level users. Not really the audience of these kinds of scam sites. More for those people who might not be aware of phishing and fake sites. (fake as in drive by downloads malware)

scancode

  • Honorary Member
  • Joined in 2007
  • **
  • Posts: 641
  • I will eat Cody someday.
    • View Profile
    • Read more about this member.
    • Donate to Member
Yet More New scamsites!
« Reply #13 on: November 30, 2009, 03:38 AM »
New ones.
The Vuze, Adobe Reader and IE ones look BETTER than the real sites, ffs.

Scamsite
Real Site
codec.pro_.png
hxxp://codec.pro/
none
clamwin.pro_.png
hxxp://clamwin.pro/
firefox3.pro_.png
hxxp://firefox3.pro/
alcohol120.pro_.png
hxxp://alcohol120.pro/
youtubedownloader.pro_.png
hxxp://youtubedownloader.pro/
bittorrent.pro_.png
hxxp://bittorrent.pro/
vuze.pro_.png
hxxp://vuze.pro/
klite.pro_.png
hxxp://klite.pro/
zattoo.pro_.png
hxxp://zattoo.pro/
adobereader.pro_.png
hxxp://adobereader.pro/
internet-explorer.pro_.png
hxxp://internet-explorer.pro/

Any way to stop them?
« Last Edit: November 30, 2009, 03:40 AM by scancode »

Carol Haynes

  • Waffles for England (patent pending)
  • Global Moderator
  • Joined in 2005
  • *****
  • Posts: 8,066
    • View Profile
    • Donate to Member
Re: New scamsites!
« Reply #14 on: November 30, 2009, 06:58 AM »
Depends where the scammers are based - if the site are simply registered in the Dominican Republic (presumably nothing to do with ICANN) and the people who registered them are in the US or elsewhere then they can be taken to court for identity theft, copyright and patent infringement etc. and get cease and desist orders made against them.

If on the other hand they are based in countries that don't honour these international agreements it is difficult to see what can be done short of a boycott of the nations until they agree to enforce international treaties.

mediaguycouk

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 247
    • View Profile
    • Mediaguy
    • Donate to Member
Re: New scamsites!
« Reply #15 on: November 30, 2009, 08:39 AM »
Going to take the other side for a second here (note I don't speak Spanish) but the ones I checked (adobe reader and firefox) link directly to the original sites download links, so is there really a problem if they aren't charging or injecting spyware?
Learning C# - Graham Robinson

scancode

  • Honorary Member
  • Joined in 2007
  • **
  • Posts: 641
  • I will eat Cody someday.
    • View Profile
    • Read more about this member.
    • Donate to Member
Re: New scamsites!
« Reply #16 on: November 30, 2009, 11:50 AM »
Going to take the other side for a second here (note I don't speak Spanish) but the ones I checked (adobe reader and firefox) link directly to the original sites download links, so is there really a problem if they aren't charging or injecting spyware?
Maybe they link directly to the original DL because you're not in a supported country. I am.

   <div id="downloadarea1" class="downloadarea"><a href="AdobeReader9a.exe" class="downloadbutton">Descargar<br />
      Adobe Reader 9</a>    </div>


I didn't know Adobe used NSIS


Warning: toolbars ahead.


Adobe Reader 9
HELP US OUT
We only ask you to text AREAD to 27777 to receive an install code.
Once you have it, put it in the box to continue installing the program.

THANKS FOR YOUR HELP!!

Code: [                                 ]

2 messages are required to get the code. Cost of each SMS: 1 USD. Only valid for cellphones in Argentina.
If you have any trouble visit hxxp://shareware.pro/support/


scancode

  • Honorary Member
  • Joined in 2007
  • **
  • Posts: 641
  • I will eat Cody someday.
    • View Profile
    • Read more about this member.
    • Donate to Member
Re: New scamsites!
« Reply #17 on: November 30, 2009, 12:06 PM »
Update: I used a proxy to access the site.
    <div id="downloadarea1" class="downloadarea"><a href="http://ardownload.adobe.com/pub/adobe/reader/win/9.x/9.0/esp/AdbeRdr90_es_ES.exe" class="downloadbutton">Descargar<br />
      Adobe Reader 9</a>    </div>

MOTHERFKERS!


mouser

  • First Author
  • Administrator
  • Joined in 2005
  • *****
  • Posts: 40,896
    • View Profile
    • Mouser's Software Zone on DonationCoder.com
    • Read more about this member.
    • Donate to Member
Re: New scamsites!
« Reply #18 on: November 30, 2009, 12:18 PM »
can you explain a little bit more about what you have discovered they are doing scancode?

app103

  • That scary taskbar girl
  • Global Moderator
  • Joined in 2006
  • *****
  • Posts: 5,884
    • View Profile
    • Donate to Member
Re: New scamsites!
« Reply #19 on: November 30, 2009, 12:52 PM »

I think services mentioned below can be used to take these sites down.

# Phishtank (another opendns sister project)
# Web of Trust (Firefox plugin available)



WOT would not have protected anyone from most of these scam sites until today. More than half of them didn't have any bad reputation marks. (I just changed that, though  ;) )

By the way, WOT is also available for IE, so if you know anyone that would be dumb enough to get themselves in trouble, install it on their PC, for both IE and Firefox (if they have that, too)

Scannie, if you discover any more of them, be sure to let me know. I got buckets of red paint ready for their reputation pages on WOT. If you get a big enough list together I can post it on the WOT forum and get a lot more people behind flagging them, too.

MilesAhead

  • Supporting Member
  • Joined in 2009
  • **
  • Posts: 7,736
    • View Profile
    • Donate to Member
Re: New scamsites!
« Reply #20 on: November 30, 2009, 01:31 PM »
I wonder how many people actually fall for those scam sites?

(Probably a lot. I don't have much faith in human intelligence.)

I think dolphins were smart enough to see what evolution was up to, and stayed in the water.  :)

scancode

  • Honorary Member
  • Joined in 2007
  • **
  • Posts: 641
  • I will eat Cody someday.
    • View Profile
    • Read more about this member.
    • Donate to Member
Re: New scamsites!
« Reply #21 on: November 30, 2009, 03:43 PM »
can you explain a little bit more about what you have discovered they are doing scancode?

I'd be glad to, mousey.

Take freeware/FOSS and they write their custom installer for it, and design a website.
Make said installer ask for a download token, which should be BOUGHT via SMS.
Then it installs a browser toolbar and other assorted naughties.
If the website is visited from a country they're not interested in scamming, redirect downloads to the real site.
...
Profit!

Fucking evil.
« Last Edit: November 30, 2009, 03:44 PM by scancode »

Innuendo

  • Charter Member
  • Joined in 2005
  • ***
  • default avatar
  • Posts: 2,266
    • View Profile
    • Donate to Member
Re: New scamsites!
« Reply #22 on: November 30, 2009, 03:47 PM »
can you explain a little bit more about what you have discovered they are doing scancode?

Just going by scancode's Adobe Reader example it'd cost him US$2 just to install it. Then it looks like it runs a suspicious file called Peer2Peer.exe and installs a Firefox extension called Peer2Peer as well.

EDIT: scancode beat me to the punch.

mouser

  • First Author
  • Administrator
  • Joined in 2005
  • *****
  • Posts: 40,896
    • View Profile
    • Mouser's Software Zone on DonationCoder.com
    • Read more about this member.
    • Donate to Member
Re: New scamsites!
« Reply #23 on: November 30, 2009, 03:57 PM »
that is very evil.  >:(

scancode

  • Honorary Member
  • Joined in 2007
  • **
  • Posts: 641
  • I will eat Cody someday.
    • View Profile
    • Read more about this member.
    • Donate to Member
Re: New scamsites!
« Reply #24 on: November 30, 2009, 04:18 PM »
The SMS validation service is provided by a server who also hosts smgj://russian.ircfast.com/, a download site that ALSO does the SMS thing. Are all the fuckware companies related?