Welcome Guest.   Make a donation to an author on the site April 17, 2014, 04:30:24 PM  *

Please login or register.
Or did you miss your validation email?


Login with username and password (forgot your password?)
Why not become a lifetime supporting member of the site with a one-time donation of any amount? Your donation entitles you to a ton of additional benefits, including access to exclusive discounts and downloads, the ability to enter monthly free software drawings, and a single non-expiring license key for all of our programs.


You must sign up here before you can post and access some areas of the site. Registration is totally free and confidential.
 
Check out and download the GOE 2007 Freeware Challenge productivity tools.
   
   Forum Home   Thread Marks Chat! Downloads Search Login Register  
Pages: [1]   Go Down
  Reply  |  New Topic  |  Print  
Author Topic: New scamsites!  (Read 6195 times)
scancode
Honorary Member
**
Posts: 634



I will eat Cody someday.

see users location on a map View Profile Read user's biography. Give some DonationCredits to this forum member
« on: January 30, 2009, 08:54:18 PM »

I found this scam company who is charging 4.50 euros to download free software/freeware/demoware... S C A M !

TOS (spanish only): hxxp://www.shareware.pro/terms.html ( http://www.teoriza.com/cache/1625 )

Quote
Sms Telecom LLC
City: Roseau
Province: St. George
Postal Code 00152
Dominica
TEl: +117674400530

This is the list of the .pro scamsites, with screenies!

Scamsite
Real Site

hxxp://ares.pro/

hxxp://avast.pro/

hxxp://emule.pro/

hxxp://limewire.pro/

hxxp://lphant.pro/

hxxp://messenger.pro/

hxxp://nero.pro/

hxxp://openoffice.pro/

hxxp://utorrent.pro/

hxxp://videolan.pro/

hxxp://winrar.pro/

They also own the following scamsites: adobe-reader-co.com adware-co.com amule-co.com ares-espaƱa.com ares-galaxi.com aresgratis.net avi-codec-co.com ccleaner-co.com clonecd-co.com codec-co.com divx-co.com divx-player-co.com dreamweaver-co.com emule-co.com emuleespaƱa.es emuleespaƱa.org emulefree.com emule-gratis.es emuleplus-co.com explorer-co.com firefox-co.com flash-player-co.com limewire-comp.com lite-codec-co.com lphant-co.com media-player-co.com messenger75-co.com messenger-comp.com messenger-plus-co.com messenger-plus-live-co.com mule-force-co.com office-co.com opera-co.com paint-net-co.com paint-shop-pro.com power-dvd-co.com realplayer-co.com regcleaner-co.com servicepack-co.com sin-espias.es tuneup-co.com virtualdj-co.com vuze-co.com winamp-co.com winrar-co.com xp-codecpack-co.com zattoo-co.com zone-alarm-co.com

Any way to stop them?
« Last Edit: January 31, 2009, 06:51:49 AM by scancode » Logged

Paul Keith
Member
**
Posts: 1,965


see users location on a map View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« Reply #1 on: January 30, 2009, 09:40:45 PM »

Nice find scancode! How long did it take you to create the table?

The best way to stop this is to alert the actual site themselves and let the rest of the community to handle it. It would also work if you know any blogger who would personally blog about this in their sites.
Logged

<reserve space for the day DC can auto-generate your signature from your personal PopUp Wisdom quotes>
scancode
Honorary Member
**
Posts: 634



I will eat Cody someday.

see users location on a map View Profile Read user's biography. Give some DonationCredits to this forum member
« Reply #2 on: January 30, 2009, 09:44:32 PM »

Nice find scancode! How long did it take you to create the table?

Anger gives me phpbb bbcode supahpowaz!

Hehehe, nah, perhaps an hour including finding all domains and such.

There _MUST_ be a way to stop this kinda scams. (Google banning them from AdWords, as a first step)
« Last Edit: January 31, 2009, 06:52:31 AM by scancode » Logged

gexecuter
Supporting Member
**
Posts: 252


Move over and give us some room...

see users location on a map View Profile WWW Give some DonationCredits to this forum member
« Reply #3 on: January 30, 2009, 10:03:42 PM »

Avast gives me a warning when trying to visit the fake sites, be careful guys!
Logged

Mouser is made of win and awesome!
Ehtyar
Supporting Member
**
Posts: 1,236



That News Guy

see users location on a map View Profile Read user's biography. Give some DonationCredits to this forum member
« Reply #4 on: January 30, 2009, 10:10:03 PM »

What an utterly pathetic joke. ICANN really needs to get a hard kick in the arse for this Angry

Ehtyar.
Logged
Paul Keith
Member
**
Posts: 1,965


see users location on a map View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« Reply #5 on: January 30, 2009, 10:44:27 PM »

Nice find scancode! How long did it take you to create the table?

Anger gives me phpbb supahpowaz!

Hehehe, nah, perhaps an hour including finding all domains and such.

There _MUST_ be a way to stop this kinda scams. (Google banning them from AdWords, as a first step)

Wow. Kudos for the dedication.

Yeah, there's a sort of cheap way to do this. Google has recently released a feature where you can comment and downvote a search result. The problem is that you still need mass amounts of advertising and community behind you to truly beat this process.

It's like an AHK being labelled a false positive by AV companies or an employee being treated unfairly by a large company. Lots of times you need exposure.
Logged

<reserve space for the day DC can auto-generate your signature from your personal PopUp Wisdom quotes>
nite_monkey
Member
**
Posts: 674


see users location on a map View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« Reply #6 on: January 30, 2009, 10:47:21 PM »

Avast gives me a warning when trying to visit the fake sites, be careful guys!
avast flipped out when I just visited this forum topic.
Logged

[Insert really cool signature here]
f0dder
Charter Honorary Member
***
Posts: 8,774



[Well, THAT escalated quickly!]

see users location on a map View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« Reply #7 on: January 31, 2009, 04:57:56 AM »

I wonder how many people actually fall for those scam sites?

(Probably a lot. I don't have much faith in human intelligence.)
Logged

- carpe noctem
mahesh2k
Supporting Member
**
Posts: 1,406



see users location on a map View Profile WWW Give some DonationCredits to this forum member
« Reply #8 on: January 31, 2009, 05:43:26 AM »

Such scraper sites with adsense/adbrite/adigy on them are even featured on google results, i don't understand how can google give us results of such sites. mad

I think services mentioned below can be used to take these sites down.

# Phishtank (another opendns sister project)
# Web of Trust (Firefox plugin available)

BTW good job for pointing it out, Scannie  thumbs up

Logged
scancode
Honorary Member
**
Posts: 634



I will eat Cody someday.

see users location on a map View Profile Read user's biography. Give some DonationCredits to this forum member
« Reply #9 on: January 31, 2009, 06:56:30 AM »

Such scraper sites with adsense/adbrite/adigy on them are even featured on google results, i don't understand how can google give us results of such sites. mad
They're ADVERTISED on google, and they're ad-free.

Also, changed the links, I just realized I was accidentally giving them google luv.
Logged

Paul Keith
Member
**
Posts: 1,965


see users location on a map View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« Reply #10 on: January 31, 2009, 07:08:40 AM »

Such scraper sites with adsense/adbrite/adigy on them are even featured on google results, i don't understand how can google give us results of such sites. mad

I think services mentioned below can be used to take these sites down.

# Phishtank (another opendns sister project)
# Web of Trust (Firefox plugin available)

BTW good job for pointing it out, Scannie  thumbs up

Doubt it. These sites are often designed for those who already know enough to avoid these security problems.
Logged

<reserve space for the day DC can auto-generate your signature from your personal PopUp Wisdom quotes>
mahesh2k
Supporting Member
**
Posts: 1,406



see users location on a map View Profile WWW Give some DonationCredits to this forum member
« Reply #11 on: January 31, 2009, 07:56:43 AM »

Quote
Doubt it. These sites are often designed for those who already know enough to avoid these security problems.


 Angry  Sad  Sad  ohmy
Logged
Paul Keith
Member
**
Posts: 1,965


see users location on a map View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« Reply #12 on: January 31, 2009, 08:47:39 AM »

 Grin Well, I'm not saying they don't help. Just that 99% of the time, if you have a PC with these things enabled, you already have a user that can easily be informed of this problem because they already have Firefox or Opera installed.

The audience for these systems are primarily casual users migrating to casual tech level users. Not really the audience of these kinds of scam sites. More for those people who might not be aware of phishing and fake sites. (fake as in drive by downloads malware)
Logged

<reserve space for the day DC can auto-generate your signature from your personal PopUp Wisdom quotes>
scancode
Honorary Member
**
Posts: 634



I will eat Cody someday.

see users location on a map View Profile Read user's biography. Give some DonationCredits to this forum member
« Reply #13 on: November 30, 2009, 03:38:17 AM »

New ones.
The Vuze, Adobe Reader and IE ones look BETTER than the real sites, ffs.

Scamsite
Real Site

hxxp://codec.pro/
none

hxxp://clamwin.pro/

hxxp://firefox3.pro/

hxxp://alcohol120.pro/

hxxp://youtubedownloader.pro/

hxxp://bittorrent.pro/

hxxp://vuze.pro/

hxxp://klite.pro/

hxxp://zattoo.pro/

hxxp://adobereader.pro/

hxxp://internet-explorer.pro/

Any way to stop them?
« Last Edit: November 30, 2009, 03:40:35 AM by scancode » Logged

Carol Haynes
Waffles for England (patent pending)
Global Moderator
*****
Posts: 7,918



see users location on a map View Profile WWW Give some DonationCredits to this forum member
« Reply #14 on: November 30, 2009, 06:58:13 AM »

Depends where the scammers are based - if the site are simply registered in the Dominican Republic (presumably nothing to do with ICANN) and the people who registered them are in the US or elsewhere then they can be taken to court for identity theft, copyright and patent infringement etc. and get cease and desist orders made against them.

If on the other hand they are based in countries that don't honour these international agreements it is difficult to see what can be done short of a boycott of the nations until they agree to enforce international treaties.
Logged

mediaguycouk
Supporting Member
**
Posts: 244


see users location on a map View Profile WWW Give some DonationCredits to this forum member
« Reply #15 on: November 30, 2009, 08:39:59 AM »

Going to take the other side for a second here (note I don't speak Spanish) but the ones I checked (adobe reader and firefox) link directly to the original sites download links, so is there really a problem if they aren't charging or injecting spyware?
Logged

Learning C# - Graham Robinson
scancode
Honorary Member
**
Posts: 634



I will eat Cody someday.

see users location on a map View Profile Read user's biography. Give some DonationCredits to this forum member
« Reply #16 on: November 30, 2009, 11:50:36 AM »

Going to take the other side for a second here (note I don't speak Spanish) but the ones I checked (adobe reader and firefox) link directly to the original sites download links, so is there really a problem if they aren't charging or injecting spyware?
Maybe they link directly to the original DL because you're not in a supported country. I am.

[copy or print]
   <div id="downloadarea1" class="downloadarea"><a href="AdobeReader9a.exe" class="downloadbutton">Descargar<br />
      Adobe Reader 9</a>    </div>


I didn't know Adobe used NSIS


Warning: toolbars ahead.


Adobe Reader 9
HELP US OUT
We only ask you to text AREAD to 27777 to receive an install code.
Once you have it, put it in the box to continue installing the program.

THANKS FOR YOUR HELP!!

Code: [                                 ]

2 messages are required to get the code. Cost of each SMS: 1 USD. Only valid for cellphones in Argentina.
If you have any trouble visit hxxp://shareware.pro/support/

Logged

scancode
Honorary Member
**
Posts: 634



I will eat Cody someday.

see users location on a map View Profile Read user's biography. Give some DonationCredits to this forum member
« Reply #17 on: November 30, 2009, 12:06:25 PM »

Update: I used a proxy to access the site.
[copy or print]
    <div id="downloadarea1" class="downloadarea"><a href="http://ardownload.adobe.com/pub/adobe/reader/win/9.x/9.0/esp/AdbeRdr90_es_ES.exe" class="downloadbutton">Descargar<br />
      Adobe Reader 9</a>    </div>

MOTHERFKERS!

Logged

mouser
First Author
Administrator
*****
Posts: 32,657



see users location on a map View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« Reply #18 on: November 30, 2009, 12:18:45 PM »

can you explain a little bit more about what you have discovered they are doing scancode?
Logged
app103
That scary taskbar girl
Global Moderator
*****
Posts: 5,018



see users location on a map View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« Reply #19 on: November 30, 2009, 12:52:01 PM »


I think services mentioned below can be used to take these sites down.

# Phishtank (another opendns sister project)
# Web of Trust (Firefox plugin available)



WOT would not have protected anyone from most of these scam sites until today. More than half of them didn't have any bad reputation marks. (I just changed that, though  Wink )

By the way, WOT is also available for IE, so if you know anyone that would be dumb enough to get themselves in trouble, install it on their PC, for both IE and Firefox (if they have that, too)

Scannie, if you discover any more of them, be sure to let me know. I got buckets of red paint ready for their reputation pages on WOT. If you get a big enough list together I can post it on the WOT forum and get a lot more people behind flagging them, too.
Logged

MilesAhead
Member
**
Posts: 4,447



View Profile Give some DonationCredits to this forum member
« Reply #20 on: November 30, 2009, 01:31:43 PM »

I wonder how many people actually fall for those scam sites?

(Probably a lot. I don't have much faith in human intelligence.)

I think dolphins were smart enough to see what evolution was up to, and stayed in the water.  smiley
Logged

"I donā€™t want to belong to any club that would have me as a member."
 - Groucho Marx

scancode
Honorary Member
**
Posts: 634



I will eat Cody someday.

see users location on a map View Profile Read user's biography. Give some DonationCredits to this forum member
« Reply #21 on: November 30, 2009, 03:43:13 PM »

can you explain a little bit more about what you have discovered they are doing scancode?

I'd be glad to, mousey.

Take freeware/FOSS and they write their custom installer for it, and design a website.
Make said installer ask for a download token, which should be BOUGHT via SMS.
Then it installs a browser toolbar and other assorted naughties.
If the website is visited from a country they're not interested in scamming, redirect downloads to the real site.
...
Profit!

Fucking evil.
« Last Edit: November 30, 2009, 03:44:47 PM by scancode » Logged

Innuendo
Charter Member
***
Posts: 1,847

View Profile Give some DonationCredits to this forum member
« Reply #22 on: November 30, 2009, 03:47:36 PM »

can you explain a little bit more about what you have discovered they are doing scancode?

Just going by scancode's Adobe Reader example it'd cost him US$2 just to install it. Then it looks like it runs a suspicious file called Peer2Peer.exe and installs a Firefox extension called Peer2Peer as well.

EDIT: scancode beat me to the punch.
Logged
mouser
First Author
Administrator
*****
Posts: 32,657



see users location on a map View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« Reply #23 on: November 30, 2009, 03:57:56 PM »

that is very evil.  Angry
Logged
scancode
Honorary Member
**
Posts: 634



I will eat Cody someday.

see users location on a map View Profile Read user's biography. Give some DonationCredits to this forum member
« Reply #24 on: November 30, 2009, 04:18:28 PM »

The SMS validation service is provided by a server who also hosts smgj://russian.ircfast.com/, a download site that ALSO does the SMS thing. Are all the fuckware companies related?
Logged

Pages: [1]   Go Up
  Reply  |  New Topic  |  Print  
 
Jump to:  
   Forum Home   Thread Marks Chat! Downloads Search Login Register  

DonationCoder.com | About Us
DonationCoder.com Forum | Powered by SMF
[ Page time: 0.074s | Server load: 0.08 ]