Re: block all popups [google knockoff]

[sh0rtie <this.is () gmail com>]

its spyware
a quick peek inside the installer reveals links to toolbarshopper.com
so definatly not google (although the toolbar does have links to use
google as well as the  usual affiliate links to other sites (using
linksynergy)

the site at ipaddress where the installer is located has links selling
an ebook ,following the money (purchase) leads to a site
called moreinfo4you.net a whois of this site reveals

domain:       moreinfo4you.net
status:       production
organization: CSI
owner:        James Real jackson
email:        domainalias () yahoo com
address:      23244 Avenida Pico
city:         San Clemente
state:        CA
postal-code:  92654
country:      US
admin-c:      domainalias () yahoo com#0
tech-c:       domainalias () yahoo com#0
billing-c:    domainalias () yahoo com#0
nserver:      ns.dnsfree.biz
nserver:      ns2.dnsfree.biz
registrar:    JORE-1
created:      2004-08-22 19:53:30 UTC JORE-1
modified:     2004-08-22 22:25:43 UTC JORE-1
expires:      2005-08-22 15:53:28 UTC
source:       joker.com
db-updated:   2004-08-26 20:40:16 UTC

fake details and joker.com is a public dns service often used by
scammers because they can change domain ipaddresses (where the domain
points to) quickly

the ipaddress where the exe is located is based in korea (probably a
compromised adsl machine)

inetnum:      61.248.0.0 - 61.255.255.255
netname:      KRNIC-KR
descr:        KRNIC
descr:        Korea Network Information Center
country:      KR
admin-c:      HM127-AP
tech-c:       HM127-AP
remarks:      ******************************************
remarks:      KRNIC is the National Internet Registry
remarks:      in Korea under APNIC. If you would like to
remarks:      find assignment information in detail
remarks:      please refer to the KRNIC Whois DB
remarks:      http://whois.nic.or.kr/english/index.html
remarks:      ******************************************
mnt-by:       APNIC-HM
mnt-lower:    MNT-KRNIC-AP
changed:      hostmaster () apnic net 20010321
changed:      hostmaster () apnic net 20010606
status:       ALLOCATED PORTABLE
source:       APNIC

person:       Host Master
address:      11F, KTF B/D, 1321-11, Seocho2-Dong, Seocho-Gu,
address:      Seoul, Korea, 137-857
country:      KR
phone:        +82-2-2186-4500
fax-no:       +82-2-2186-4496
e-mail:       hostmaster () nic or kr
nic-hdl:      HM127-AP
mnt-by:       MNT-KRNIC-AP
changed:      hostmaster () nic or kr 20020507
source:       APNIC


regards





On Tue, 24 Aug 2004 21:49:41 -0400, Jeremy Heslop <vector () ezy net> wrote:
> Not sure who this should go to, but I received an email the other day
> and it is advertising the google toolbar. It installs a toolbar, but not
> googles. Looks sketchy to me and similar to other phishing attempts. URL
> to valuebar_setup.exe was in email.
>
> Jeremy
>
> Html email here:  http://footon.jheslop.com/block%20all%20popups.html
> txt email here: http://footon.jheslop.com/block%20all%20popups.txt

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html