Author Topic: BitRoad.net  (Read 6942 times)

0 Members and 1 Guest are viewing this topic.

June 11, 2008, 04:45:18 am
Read 6942 times

sowhat-x

  • Guest
...wanted to download an e-book today,and the original poster,
instead of using the pretty much widely known Rapidshare/MediaFire services,
he/she had chosen to upload it via a file-storage service called "BitRoad.net":
hxxp://bitroad.net/index.php

Now,these BitRoad guys require from the end-users to install a firefox extension,
in order to continue to the direct download link...yeah,sure...
At the time being,direct link to the ff extension is:
hxxp://files.firebit.net/files/firebit_26266.xpi

Firefox's .xpi extensions are nothing more than .zip archives,
so simply rename the above accordingly and extract it...it contains a firebit.dll,
currently detected as AdWare.Kitsune,with a result of 13/32 (40.63%) over at VirusTotal.
What I found somewhat funny/interesting about it,was the castlecops.com string in it...  :)

June 12, 2008, 09:10:18 am
Reply #1

sowhat-x

  • Guest
From the same guys...
they seem to maintain another similar online file-storage service:
hxxp://friendlyfiles.net

No Firefox extension/support this time though...
they explicity ask the end-user to use Internet Explorer instead,
and then install the following nsis executable..."ADSTechnologyInstall.exe":
hxxp://friendlyfiles.net/install.php?pin=20140&submit=DOWNLOAD

Most AVs call it AdWare.ADSTechno or so,
not exactly the greatest detection rates at the moment though...

June 14, 2008, 04:00:56 am
Reply #2

MysteryFCM

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 1693
  • Personal Text
    Phishing Phanatic
    • I.T. Mate
Surprise surprise;

Code: [Select]
Domain Name: FRIENDLYFILES.NET
Registrar: ESTDOMAINS, INC.
Whois Server: whois.estdomains.com
Referral URL: http://www.estdomains.com
Name Server: NS5.PUBLIC-NS.COM
Name Server: NS6.PUBLIC-NS.COM
Status: ok
Updated Date: 12-oct-2007
Creation Date: 31-jul-2007
Expiration Date: 31-jul-2009
Regards

Steven Burn
I.T. Mate / hpHosts
it-mate.co.uk / hosts-file.net

June 14, 2008, 04:02:46 am
Reply #3

MysteryFCM

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 1693
  • Personal Text
    Phishing Phanatic
    • I.T. Mate
Code: [Select]
Domain Name: FIREBIT.NET
Registrar: ESTDOMAINS, INC.
Whois Server: whois.estdomains.com
Referral URL: http://www.estdomains.com
Name Server: MANAGEDNS1.ESTBOXES.COM
Name Server: MANAGEDNS2.ESTBOXES.COM
Name Server: MANAGEDNS3.ESTBOXES.COM
Name Server: MANAGEDNS4.ESTBOXES.COM
Status: ok
Updated Date: 08-mar-2008
Creation Date: 08-jan-2008
Expiration Date: 08-jan-2009
Regards

Steven Burn
I.T. Mate / hpHosts
it-mate.co.uk / hosts-file.net

June 14, 2008, 04:04:19 am
Reply #4

MysteryFCM

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 1693
  • Personal Text
    Phishing Phanatic
    • I.T. Mate
Also on the same IP as files.firebit.net;

installs.ads-technology.net
installs.bitacc.com
installs.rupass.com
Regards

Steven Burn
I.T. Mate / hpHosts
it-mate.co.uk / hosts-file.net