I’ve just got some links from my friends through yahoo messenger, most of them ’sez something like this.
Do you realize who is in this image: http://thecoolpics.net/who.jpg . Just think for a moment and tell me soon
Not just that, her/his yahoo messenger status also had something like that.
Somehow I had a bad feeling about this but I encourage myself to click the link. It will redirect the file to http://survey-sales.com/ipn/transactions/index2.html, and this is the result :
High security alert!!!
You are not permitted to download the file “index2.html” because it is infected with the virus “JS/Inor.A!tr.dldr”.
URL = http://survey-sales.com/ipn/transactions/index2.html
File quarantined as: .
http://www.fortinet.com/VirusEncyclopedia/search/encyclopediaSearch.do?method=quickSearchDirectly&virusName=JS%2FInor.A%21tr.dldr
Well, fortigate has done a great job.
A friend of mine wrote on the mailing list about this virus, he click the link and all his IE preferences ruined, and somehow his yahoo account automagicly send links to all his YM friend list. To all of you, please aware to this kind of virus.
But how to clean the virus ? I still haven’t got any clue about this. Just make sure not to click on something suspicious. For example:
Mostly, your friend talks in Bahasa Indonesia, Sunda, or perhaps Jawa Ngoko. But suddenly he/she speaks English. That’s strange right ? :p
Based on dnsstuff.com, I found that domain survey-sales.com are registered on behalf this company :
Registrant:
Survey and Construction Supply Co., Inc.
930 W. Byers Pl.
Denver, CO 80223
USDomain name: SURVEY-SALES.COM
Administrative Contact:
Aregood, Brian surveysales@comcast.net
930 W. Byers Pl.
Denver, CO 80223
US
303-282-8900 Fax: 303-698-4899Technical Contact:
Manager, Domain hostmaster@startlogic.com
919 E Jefferson St.
Suite 100
Phoenix, AZ 85034
US
+1.8007258064Registration Service Provider:
StartLogic, Inc., hostmaster@startlogic.com
1-800-725-8064
http://www.startlogic.comRegistrar of Record: TUCOWS, INC.
Record last updated on 26-Sep-2006.
Record expires on 08-Jan-2007.
Record created on 08-Jan-2005.Domain servers in listed order:
NS1.STARTLOGIC.COM 216.207.124.77
NS2.STARTLOGIC.COM 66.235.217.210Domain status: clientDeleteProhibited
clientTransferProhibited
clientUpdateProhibited
Meanwhile, domain thecoolpics.net are registered through godaddy and it was under supervision of domainsbyproxy.com. On their website, domainsbyproxy.com said that :
Domains By Proxy® will not do business with you,
nor protect your identity, if you:
• Transmit spam, viruses or harmful computer programs;
• Violate the law or infringe a third party’s trademark or copyright;
• Engage in morally objectionable activities, including but not limited to those which are child pornographic, defamatory, abusive, harassing, obscene, racist, or otherwise objectionable.
So, if any of you have any objections about that virus-contained-page, please report at abuse@domainsbyproxy.com and/or email ebove.
November 18th, 2006 at 2:38 am
A very good friend of mine experiences this kinda wierd things on yahoo messenger.
1. she is getting disconected with the message “You have conected somewhere else”, or something similar, so she is offline.
2. she sends, as offline messages to all her friends in her list.This is the message she sends “My pics http://thecoolpics.net/mypics.jpg b-(
November 29th, 2006 at 9:35 am
hm.. good article
by the way, i found your blog from raja homok fahmi, he call you king of salah sambung
**Yahoooo….. akhirnya berani nunggEng : )**
-=gretong bilang:budayakan berkomentar:=-
February 14th, 2007 at 3:19 pm
StartLogic host is very good. You can find a lot of reviews about StartLogic on the website http://www.hothosting.info/en. Also, StartLogic is trusted by many of its customers. Obviously, there can not be a very perfect host, since these hosts are of many different features.
The clients should buy a host which meets their needs perfectly. For example, if a person has some experiences with Linux, he or she may choose the host which supports ssh so that it can achieve its perfect performances. Moreover, the e-shop host users can choose a kind production which could provides more after-services.
Go to http://www.hothosting.info/en and have a look, there must be some suitable methods for you in choosing the right hosts. You will know more about the web hosting!Enjoy!
February 14th, 2007 at 3:47 pm
Hi Barbie,
Well, IMO startlogic doesn’t have any faulty ’cause they’re just act as a domain registration service provider. The one need to be concern is the registrant. In this case is :
Survey and Construction Supply Co., Inc.
930 W. Byers Pl.
Denver, CO 80223
US
Anyway, thanks for the info.
February 23rd, 2007 at 7:45 pm
[…] I’ve already post this virus quite a long time ago here, and just now somebody from of my YM list sent me another one. The only difference is the site domain. […]