Jahewi's Anti-MalwareInformatie
In short, forum-spammers are fake members, that often have a link in their profile to a particular site wich usually try to sell something or is a adult site.

Forum-spammers come from all corners of the internet. Some are relatively harmless -- some are just a pain in the back -- but some are just right-out dangerous!

Somehow, again, i have to go head to head with fake Codecs and and ZLob-installing software.

The last week, in an overall effort to shed some light on forum-spam in general, i reviewed about 60 spammers, wich became members of my information-forum in december and januari.
Twenty of those spamming members originated from EstDomains. That wasn't really surprizing, because EstDomains have it's business in all corners of malware-spreading and internet-fraude, but ...
what i didn't expect, are forum-spammers that have a website in their profile wich lead to fake, ZLob-installing websites like USE-PORN.COM and BIGVIDEOSONLINE.COM, wich show tripleX-pictures.
Clicking those pictures send you to a page on ONLYFREEXMOVIES.COM, wich seems to be a download-page for the video-clip of choice, however pictures on that site will give you the following oh so familiair message and, sometimes even without clicking any button, the download of the first of many trojans and other malware.
Forums-spam: Forum-spammers and ZLob-trojans
Let's not go into the installation of a fake codec, again. You can refresh your memory here.

But wait! It gets even worse.
I ran into another spam-member with a ZLob-installing site in it's profile. This time it is freemoviegroup.info
This link really sends you to the site ...
As you can see, this site doesn't fool around. As soon as you open it, it starts to download ZLob.FWR, the downloader for the rest of the ZLob-junk to come!

In my opinion this is as bad as they can possibly get!
However, the second surprise is the Sponsoring Registrar for the domain freemoviegroup.info. I was totally convinced it would be EstDomains ... but it isn't!
It's Direct Information Pvt. Ltd. d/b/a PublicDomainRegistry.com

I'm confused ... to say the least!


by jahewi - januari 14, 2007