Main Area and Open Discussion > Living Room
ALERT! FreewareBB shutting down. And with a warning from Marko?
40hz:
I've actually seen something similar to this go down with a former client. She wanted to get out of a line of business she was in. So she sold her website to somebody else who promised (with the best of intentions) to continue in her stead. About a year later, the new owner was approached by a buyer who offered a very substantial amount of money (I understand it was something like $10k) for the domain name. And the new owner took it.
Shortly after that, the new buyer started playing games and trading on the goodwill the site had built up over the years. My client said she'd be just as inclined as anybody to forget about it since it's no longer her site. But she still sees her name occasionally being blasted by somebody for what's going on six years after she sold the domain. And because she has other online businesses, she feels she needs to politely respond to those posters. "It's a reputation management issue. You can't just let that take care of itself." as she put it.
So just because a site is no longer yours doesn't mean your name and what you originally built up is no longer associated with it.
TaoPhoenix:
Well, in the name of "Security Research", I decided to try getting us some more to work with.
And in the spirit of the Gemini twins of Confusion and Fair Game, the only "fair" Facebook address I could decide upon ... was themselves! (For varying definitions of "themselves".) Colored pills and rabbit holes, here we come!
(My numbering is a little arbitrary, I just think better when I can partition off stages of a project.)
Set 1
1a. Top level site:
http://www.freewarebb.com/
Formerly honorable site, now host to ... "stuff". This is a first attempt to look at what "stuff" is.
1b.
Then there's "this" graphic again. I have added a couple of notes.
Notice that in the instructional address to copy, Ms M's name is mis-spelled ... in that classic conundrum "who is smart enough to get the "you're" abbreviation right, then mis-spell a name in an instructional graphic?
Also, the graphic calls for "http://" and facebook pages run (sorta?) secure at https://
1c. So we decide to "click here to start hacking". Like I mentioned cross category about the archive.org new game libraries, we have an "emblazon" problem. This isn't some weird site like hackfacebookpass.net, is it? Oh wait, sorry for the spoiler, yes it is.
But the front end is a "quietly" famous site. So what owner is either going to leave that there for more than a week, or maybe our law enforcement types don't care about open source software, but maybe with a memo from the RIAA, since the *signature example the scammer could think of was a musician*, you'd think they'd like to at least have a beat officer call Ms. Minogue and ask her to have coffee and check if things are okay. It's where you don't know which of three things to do a double-facepalm over.
1d. So clicking on that gives you the following excerpt of a page:
1e. So now we see that FreewareBB is now nothing but a 3-screen "jump page", likely to be discarded like a snake skin later. The "real" scam page is for now at http://www.hackfacebookpass.net/. So let's go over there.
Set 2. So what are the guts of this op?
2a. Putting in "themselves", we get this:
2b. Okay, so now it's squawking about an Auth code. The first time you try to go get one, it yells at you for having Adblock on. So I turned it off for this.
2c. "Click here to get an Auth code" leads you to this:
http://href.li/?http://ossdonate.org/donate.html
.li is Lichtenstein. A somewhat newer player in the "country code for sale" business.
It resolves to this:
http://ossdonate.org/donate.html
2d. It brings up "complete an offer to get your code".
I don't need gift cards. But I feel so sad and left out I have not played the authentic (maybe?!) Angry Birds more than three times. So I will try to do that offer. And I'll resume next post, because by now we see this rabbit hole has a few warrens (but not Diane Warren) and at least a couple of rabbits in it! (But not Eddie Rabbitt.)
TaoPhoenix:
Set 3
So going for Angry Birds goes here.
http://www.downloadpilot.com/en/angrybirds?transaction_id=102eb8d7c8913d5cad80b7e3f360a9&offer_id=637&affiliate_id=2445&source=&aff_sub=102e8dfdef04cfbc926a584c5cf934&aff_sub2=1186&aff_sub3=&aff_sub4=&aff_sub5=
I'm not sure what downloadpilot is, but it sounds "more legit" as a software tracked downloader, rather than anything this guy churned up himself. More pics:
Okay, now we get this:
So now we have a bit of a poker game going on. Is it a virus, or a tracked downloader?
On the theory that anything short of Cryptowall won't kill me, I have to push just a little further!
Next we get this. So okay, it's looking to install a bunch of junkware, but they look quasi familiar. Clicking "custom" doesn't always do everything, but let's try it.
Okay, the next section is stuff you gang already know (sort of? Aka presuming it actually did X and not Y!). It tries to install stuff, I just clicked "skip". (Sometime later I'll have to check to see if it shadow installed, but let's just say for now.)
Here's a completion screen of some kind (with another type of shaky ad!)
TaoPhoenix:
So something with a big Y on it but labeled Angry Birds appears.
Now we visit France!
YappyZ seems to be one of those encapsulating Flash game sites.
ALERT! FreewareBB shutting down. And with a warning from Marko?
And somewhere under here is something at at least looks like Angry Birds:
A portion of AngryBirds / DecentLookingClone
So I played a game of Angry Birds. I have now played it four times in my life. No sign of a code though - it says "offer not completed".
So that's as far as I can take it. But at least y'all have the next steps of what all it wants to do. It's def sneaky, but still seems to be playing "by slippery rules" like accepting a Platypus as both a mammal and an egg laying animal.
40hz:
If the domain has not been re-pointed, then though he doesn't have control of the domain, he does still have control of what the domain is pointed to. He didn't sell them his servers, he sold a domain name.
-wraith808 (January 09, 2015, 08:22 AM)
--- End quote ---
Huh? :huh: When you own the domain name you get to select where DNS sends it. And when somebody buys an existing website, they often will purchase the existing host site as well since the original owner may still be obligated to continue paying on it until the end of their contract with the host provider. This is common in those "under new management" situations where the buyer has an understanding with the seller that they intend to continue the site pretty much as is. It worked out well for Tux Machines when Sue Linton sold her popular FOSS news site to the owners of TechRights.
Navigation
[0] Message Index
[#] Next page
[*] Previous page
Go to full version