Sponsored by..

Tuesday 23 October 2007

Yourmusic.com ad banners sering up malware

For at least a week, Virgin Media (and probably other sites) have been serving up compromised ads for Yourmusic.com that direct their users to a fake anti-spyware site called MalwareAlarm.com (via malware-scan.com) - which is actually a trojan designed to scare people into parting with their cash, while infecting their machines at the same time.

How the banners got compromised is a mystery, but it's clearly the work of a third party. More here.

Tuesday 2 October 2007

Yet more dating scam sites

Another set of dating scam domains related to these and these. The email follows a similar pattern to:
Hello! I am tired tonight. I am nice girl that would like to chat with you. Email me
at np@SuperOnset.info only, because I am writing not from my personal email. Don't
miss some of my naughty pictures.

See this post for more information on how the scam works. This batch of bogus domains are:

  • Closecallusa.info
  • Closecallworld.info
  • Closemorehomes.info
  • Closemoreplus.info
  • Closeopenwave.info
  • Greatnear.info
  • Mailvisionworld.info
  • Nearencounters.info
  • Onsetcombat.info
  • Quickclosepa.info
  • Superonset.info
  • Youclosemore.info
  • Youronset.info
For techies, the nameservers for all these domains are DNSREAL.COM which appears to be used exclusively for this type of scam. This is registered to what is almost definitely a bogus name and address, but does use the email dnzmazter@yahoo.com.