MacHouse video tutorials for Mac search engine optimization Spam database Web Hosting providers Web Hosting review web hosting providers MacHouse Help

December 15, 2009

Internic Whois Database Hacked for Selective Domains?

Filed under: Internet security — Administrator @ 2:39 pm
Posted about 2 months and 3 weeks ago

anti spam






TOKYO (MacHouse) - Some 10 hours ago, we noticed that Internic’s Whois Server started showing odd results. If you use Mac OS, then launch Network Utility, switching the tab to Whois. If you run a search with a domain like google.com, you may get the result like the following.






GOOGLE.COM.ZZZZZ.GET.LAID.AT.WWW.SWINGINGCOMMUNITY.COM
GOOGLE.COM.ZZZZZ.DOWNLOAD.MOVIE.ONLINE.ZML2.COM
GOOGLE.COM.ZOMBIED.AND.HACKED.BY.WWW.WEB-HACK.COM
GOOGLE.COM.ZNAET.PRODOMEN.COM
GOOGLE.COM.WORDT.DOOR.VEEL.WHTERS.GEBRUIKT.SERVERTJE.NET
GOOGLE.COM.VN
GOOGLE.COM.UY
GOOGLE.COM.UA
GOOGLE.COM.TW
GOOGLE.COM.TR
GOOGLE.COM.SUCKS.FIND.CRACKZ.WITH.SEARCH.GULLI.COM
GOOGLE.COM.SPROSIUYANDEKSA.RU
GOOGLE.COM.SERVES.PR0N.FOR.ALLIYAH.NET
GOOGLE.COM.SA
GOOGLE.COM.MX
GOOGLE.COM.IS.SHIT.SQUAREBOARDS.COM
GOOGLE.COM.IS.NOT.HOSTED.BY.ACTIVEDOMAINDNS.NET
GOOGLE.COM.IS.HOSTED.ON.PROFITHOSTING.NET
GOOGLE.COM.IS.APPROVED.BY.NUMEA.COM
GOOGLE.COM.HAS.LESS.FREE.PORN.IN.ITS.SEARCH.ENGINE.THAN.SECZY.COM
GOOGLE.COM.DO
GOOGLE.COM.CO
GOOGLE.COM.CHIQUITASEXY.COM
GOOGLE.COM.BR
GOOGLE.COM.BEYONDWHOIS.COM
GOOGLE.COM.AU
GOOGLE.COM.AR
GOOGLE.COM   (more…)

June 19, 2009

Bobby Duebelbeis and Clever Agency Threaten to Suit MacHouse

Filed under: More — Administrator @ 4:51 am
Posted about 8 months and 3 weeks ago

web hosting solution






TOKYO (MacHouse) - In reference to our report of January 12, 2009, a legal representative of Duebelbeis and Clever Agency opened a support ticket at our website to indicate their intention of suiting MacHouse. They write






This law firm represents Bobby Duebelbeis, and we have been asked to write this letter to you. Many of your statements about Bobby Duebelbeis in your blog postings are untrue and defamatory. You made them maliciously to injure Bobby Duebelbeis in his trade, office and profession. As such, they are defamatory per se. Under O.C.G.A. 51-5-11, this letter constitutes a demand for immediate retraction in writing of these false and libelous statements. In accordance with MO Statute 509.210, Bobby Duebelbeis deamnds that your retraction and correction be accompanied by an editorial in which you specifically repudiated your libelous statements. (See Screenshot 01.)   (more…)

March 31, 2009

Active Phishing Website Targeting French PayPal Users - Part 2

Filed under: Internet security — Administrator @ 5:57 pm
Posted about 11 months and 2 weeks ago

anti spam






TOKYO (MacHouse) - Yesterday, we reported that an organized group of half-retarded cyber criminals sent at least four spam messages targeting French PayPal users. Sender’s address is specified as service@paypal.com in each case. Also, the return-path is shown as anonymous@ns24075.ovh.net in each message. This phishing campaign is organized so poorly that the URL underlying the phrase Cliquez Ici pour activer votre compte (Click here to activate your account.) is misconfigured. Nonetheless, three of the four messages imply that there is a phishing website hosted at http://paypail.netingame.net. Yesterday, there was. And the same PayPal phishing website is still active. (See Screenshots 01-2.)





PayPal phishing paypail.netingame.net
Screenshot 01 - Source:
paypail.netingame.net
  PayPal phishing paypail.netingame.net
Screenshot 02 - Source:
paypail.netingame.net
  PayPal phishing paypail.netingame.net
Screenshot 03 - Source:
MacHouse






Inspecting the HTML source code of each phishing message, it doesn’t take an IT security expert to conclude that the mail source is a web server at ovh.net. (See Screenshot 03.) OVH is a web hosting company. (Screenshot 04 shows the gate page of OVH’s web hosting website.) We don’t know exactly where their main office is located (Roubaix, France?). The web server whose IP address is 91.121.18.16 may be traced to France since the packet crosses the English Channel through Global Cross from the U.K. side.   (more…)

March 30, 2009

Active Phishing Website Targeting French PayPal Users - Part 1

Filed under: Internet security — Administrator @ 10:49 pm
Posted about 11 months and 2 weeks ago

anti spam






TOKYO (MacHouse) - An organized group of half-retarded cyber criminals sent out at least four spam messages in the past 12 hours or so to scam French PayPal users. The first spam message of this kind that we received is titled Update Your Account Information. It’s written in English. But the entire message is then written in French. People with a common sense would write both the subject line and the body with the same language. That’s why we say a group of half-retarded people is involved.






1st PayPal phishing message

Title: Update Your Account Information
Sender’s address: service@paypal.com
Return-path: anonymous@ns24075.ovh.net






2nd PayPal phishing message

Title: Chers utilisateurs PayPal:Attention! Votre Compte PayPal A ete limite!
Sender’s address: service@paypal.com
Return-path: anonymous@ns24075.ovh.net






3rd PayPal phishing message

Title: (none)
Sender’s address: service@paypal.com
Return-path: anonymous@ns24075.ovh.net






4th PayPal phishing message

Title: Chers utilisateur PayPal:Attention! Votre Compte PayPal A ete limite!
Sender’s address: service@paypal.com
Return-path: anonymous@ns24075.ovh.net






(See Screenshots 01-4.)   (more…)

March 23, 2009

Another PrivateTube Website Deploys at EXTREMETUBE09.COM

Filed under: Internet security — Administrator @ 5:09 pm
Posted about 11 months and 3 weeks ago

anti spam






TOKYO (MacHouse) - If you have never heard of USTREAM.TV (www.ustream.tv), you may not be alone. (Screenshot 01 shows the index page of USTREAM.TV’s website.) According to Quantcast, this website is quite popular. Quantcast says USTREAM.TV attracts 1.4 million visitors from the U.S. and 6.6 millions visitors globally each month. (See Screenshot 02.) This large amount of traffic possibly translates into tens of thousands of dollars. Perhaps, the webmaster doesn’t care whether or not they have spam profiles. Traffic is traffic, which brings money, right?





ustream.tv extremetube09.com PrivateTube
Screenshot 01 - Source:
USTREAM.TV
  ustream.tv extremetube09.com PrivateTube
Screenshot 02 - Source:
Quantcast
  ustream.tv extremetube09.com PrivateTube
Screenshot 03 - Source:
USTREAM.TV






One of the spam profiles created at USTREAM.TV is found at http://www.ustream.tv/channel/
free-zoo-sex-videos. (A continuous URL is divided into two lines.) If you are lucky, you will get to see a photo image of an attractive woman. (See Screenshot 03.) And you have one second or a little bit longer to escape. Or you will be redirected to a different website. The next destination is controlled by a junk website hosted at skypharmacist.com. You are most likely to then be forwarded to http://sextube.toplog.nl. This is not the final destination of your redirection journey. You will next be redirected to a fake codec website called PrivateTube. And it’s hosted at the domain of extremetube09.com. (See Screenshot 04.)





ustream.tv extremetube09.com PrivateTube
Screenshot 04 - Source:
extremetube09.com
  ustream.tv extremetube09.com PrivateTube
Screenshot 05 - Source:
extremetube09.com
  ustream.tv extremetube09.com PrivateTube
Screenshot 06 - Source:
extremetube09.com






A fake codec website at extremetube09.com is pretty much the same as the one at myprivatetube09.com. Clicking on any of the gross images, one will be asked to install a video codec update. (See Screenshot 05.) Eventually, they will be forced to download a file called wmcodec_update.exe, which is expected to contain a package of computer viruses including Trojan.Dropper, Downloader, Trojan Horse variants, Tracking Cookie, Suspicious.MH690 and more.   (more…)

Beware of a Phishing Website Targeting Halifax Online Banking Customers - Part 2

Filed under: Internet security — Administrator @ 2:36 pm
Posted about 11 months and 3 weeks ago

anti spam






TOKYO (MacHouse) - As we reported yesterday, an organized cyber criminal group runs an active phishing website that targets Halifax Online Banking customers. A spam message with the subject line of *IMPORTANT *Update Your Halifax Online Banking* is designed to send Internet users to a phishing website hosted at the domain of uplink411.com. (See Screenshots 01-2.)





Halifax Personal Banking phishing uplink411.com
Screenshot 01 - Source:
MacHouse
  Halifax Personal Banking phishing uplink411.com
Screenshot 02 - Source:
uplink411.com
  Halifax Personal Banking phishing uplink411.com
Screenshot 03 - Source:
uplink411.com






There is something odd and interesting about a website at uplink411.com. A URL in the spam message points to a phishing package installed at http://uplink411.com/okcjournal/shopping/
www.halifax-online.co.uk. (Note that a continuous URL is divided into two lines.) If you access a URL two levels up, then you will run across an index page that says Team-Hackers-Black Scorpion - Hackers By - www.r3d-crew.com…! (See Screenshot 03.)   (more…)

March 22, 2009

Beware of a Phishing Website Targeting Halifax Online Banking Customers - Part 1

Filed under: Internet security — Administrator @ 4:57 pm
Posted about 11 months and 3 weeks ago

anti spam






TOKYO (MacHouse) - According to the website at http://www.halifax.co.uk, Halifax is a division of Bank of Scotland. (Screenshot 01 shows the gate page of Halifax’s website.) And it’s this Halifax that has become the latest target of a phishing campaign.





Halifax Personal Banking phishing uplink411.com
Screenshot 01 - Source:
Halifax
  Halifax Personal Banking phishing uplink411.com
Screenshot 02 - Source:
MacHouse
  Halifax Personal Banking phishing uplink411.com
Screenshot 03 - Source:
uplink411.com






An organized cyber criminal group circulated a spam message about two hours implicating Halifax Online Banking. Sender’s e-mail address is shown as online@halifax.co.uk. And the title of the message is *IMPORTANT *Update Your Halifax Online Banking*. The phishing message says







Halifax PLC. has been receiving complaints from our customers for
unauthorised use of the Halifax Online accounts.

We’ve introduced some additional security measures to our Online
Banking service to help keep you secure.
As a result we are making an extra security check on all of our Customers
account in order to protect their information from theft and fraud.

Due to this, you are requested to follow the provided steps and confirm your
Online Banking details for the safety of your Accounts.

We take online security very seriously. Here are just some of the measures we’re
taking to protect you and your data..

We recommend you to confirm your Online Banking details

Click Here.






(See Screenshot 02.) The URL underlying ‘Click Here’ is http://uplink411.com/okcjournal/
shopping/www.halifax-online.co.uk. (A continuous URL is divided into two lines.) And that’s where a phishing website is currently hosted. (See Screenshot 03.)   (more…)

March 18, 2009

Boring Nigerian Scam Campaign: Pepsi Promotions 2009

Filed under: Internet security — Administrator @ 5:26 pm
Posted about 11 months and 4 weeks ago

anti spam






TOKYO (MacHouse) - An organized African scam group circulated a trivial spam message more than one hour ago. It goes






We are pleased to inform you of the result of the just concluded annual final draws held on FEBRUARY 27th, 2009, 2008 PEPSI Company Worldwide Promotion, your email was among the 9 Lucky winners who won £250.000.00POUNDS each on the PEPSI Company.

However the results were released on MARCH 18th, 2009 and your email was attached to ticket number (PSPPR2008) and ballot number (BN:225182008/20) The online draws was conducted by a random selection of email addresses from an exclusive list of 29,031 E-mail addresses of individuals and corporate bodies picked by an advanced automated random computer search from the internet. However, no tickets were sold but all email addresses were assigned to different ticket numbers for representation and privacy.

The selection process was carried out through random selection in ourcomputerized email selection machine (TOPAZ) from a database of over 290,000 email addresses drawn from all the continents of the world.

This Lottery is approved by the British Gaming Board and also Licensed by the The International Association of Gaming Regulators (IAGR).This lottery is the 3rd of its kind and we intend to sensitize the public.

In other to claim your £250,000.00POUNDS prize winning, which has been deposited in a designated bank. However,you will have to fill the form below and send it to the Promotion manager of The PEPSI Company for verification and then you will be directed to the bank where a cheque of£250,000.00POUNDS has already been deposited in your favour.

(See Screenshot 01.) It’s another boring spam campaign run by a group of half-retarded monkeys in Africa.   (more…)

YouTube’s Open Fake Animal Sex Video Codec Campaign

Filed under: Internet security — Administrator @ 4:30 pm
Posted about 11 months and 4 weeks ago

anti spam






TOKYO (MacHouse) - Career spammers often use YouTube, a popular video-sharing website, to send Internet users to their sponsors’ websites. Yesterday, we reported that an organized cyber criminal group circulated at least one spam comment around blogs and forums worldwide to send Internet users to a particular spam profile created YouTube.





YouTube animal sex myprivatetube09.com PrivateTube
Screenshot 01 - Source:
YouTube
  YouTube animal sex myprivatetube09.com PrivateTube
Screenshot 02 - Source:
YouTube
  YouTube animal sex myprivatetube09.com PrivateTube
Screenshot 03 - Source:
YouTube






Shown in Screenshot 01-3 are spam profiles found at YouTube. All three spam profiles and more contain a link to the exactly same URL, which is http://myprivatetube09.com/zoo/19/1635/. Clicking on it, Internet users will be directed to the same fake codec website we introduced yesterday. It’s the same website that distributes a file named wmcodec_update.exe. And even the Mac version of Norton AntiVirus detects a computer virus, which Symantec calls Trojan.Dropper. (See Screenshots 04-6.)   (more…)

March 17, 2009

High Security Alert: Beware of Fake Animal Sex Website at MYPRIVATETUBE09.COM - Part 2

Filed under: Internet security — Administrator @ 6:18 pm
Posted about 11 months and 4 weeks ago

anti spam






TOKYO (MacHouse) - As we reported earlier, an organized cyber criminal group circulates a suspicious Windows file with help of YouTube. They’ve created a spam profile at the popular video-sharing website, hoping YouTube visitors will click on the link that points to http://animalxx.toplog.nl. (See Screenshot 01.) Clicking on the link, internet users will be immediately redirected to a fake codec website hosted at the domain of myprivatetube09.com. (See Screenshot 02.)





PrivateTube Home of Porn myprivatetube09.com
Screenshot 01 - Source:
YouTube
  PrivateTube Home of Porn myprivatetube09.com
Screenshot 02 - Source:
PrivateTube
  PrivateTube Home of Porn myprivatetube09.com
Screenshot 03 - Source:
PrivateTube






This disgusting website with a number of animal sex images has been installed to distribute a malicious file. Clicking on any of the images, one will be eventually forced to download a file titled wmcodec_update.exe. (See Screenshot 03.)   (more…)