Author Topic: EstDomains clearing up the shit  (Read 57214 times)

0 Members and 2 Guests are viewing this topic.

September 12, 2008, 12:39:43 pm
Reply #60

sowhat-x

  • Guest
Quote
About SiteAdvisor, http://www.siteadvisor.com/sites/yahoo.com - spam, phishing, malware - all at once!

Lol,I agree with that - automated systems are always prone to these kind of errors,
which are rather amusing sometimes,like the Yahoo mentioned above...
It's the manual reviews listed there (and in every other similar service) that is of main interest...
And that's also the very exact reason that all sites are always being manually verified here...

September 12, 2008, 01:12:58 pm
Reply #61

kokach

  • Jr. Member

  • Offline
  • **

  • 10
Thank you for all your help.
We'll review the lists you gave and get rid of the problematic domains.
However, in case you'll have anything more to report - kindly get in touch with me directly, kokach@estdomains.com.
Thanks again.

September 12, 2008, 01:28:57 pm
Reply #62

sowhat-x

  • Guest
Glad we were able to be of some help to the community.

To legitimate web-admins registered via EstDomains...
(in order to avoid any possible future misconceptions):

From what we all read over in WashingtonPost,
Directi suspended 21.000 sites at once in less than 2 days.
Ie.it pretty much appears like they've chosen to take down at once,
every single site where there had been some kind of suspicious activity reported.
This action certainly cuts off most of the crap at once,
and is obviously more than welcomed from a security perspective.
But that's just up to the registrar's choice...no member around here ever claimed,
that all of the malware-connected sites identified here through time should be taken offline "in blind".

To EstDomains representatives:

Hopefully the data we've supplied will be examined in detail,
so that both legitimate admins get notified and clean up their 'hijacked' webpages from nasties,
and obviously,for the directly malware-involved domains to be suspended.

September 12, 2008, 01:35:50 pm
Reply #63

kokach

  • Jr. Member

  • Offline
  • **

  • 10
Yes, we'll do our best!

September 12, 2008, 04:41:26 pm
Reply #64

JohnC

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1964
So you don't mind if we unsuspend the favourlinks.com?
We took the information about it from your links.txt
Also, there are some domain names, which owners claim their domains are legit.
For example these are:
levetra.net
buycheaplevitra.net
cheapest-cialis.com
alivegirls.com
check-affiliate-program.com
As these domains were in your report, could you tell me if this is correct?

We have also had domain owners emailing me, telling me their site is legitimate and there is no malware. Yet when I have checked a lot of them, they have not been changed and were still directing users to malware. Though I'm not speaking for the domains you listed above as I haven't checked them.

September 13, 2008, 09:19:44 am
Reply #65

gimcnuk

  • Newbie

  • Offline
  • *

  • 7
many webmasters with "white" projects, has problems with estdomains, because them suspend domains without notifications and checking

September 13, 2008, 10:45:17 am
Reply #66

SysAdMini

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 3335
@kokach:

Some domains from our list are now unreachable. I think you have suspended them.
But the domain status from your whois database is ACTIVE. Why ?

Examples :

antivirus2008x.com
aolcounter.com
 
Ruining the bad guy's day

September 13, 2008, 01:15:41 pm
Reply #67

Ilya Klein

  • Newbie

  • Offline
  • *

  • 4
Because they have not suspended them (yet?), but it does not make sense - they are anyway offline.

September 13, 2008, 02:34:49 pm
Reply #68

sowhat-x

  • Guest
Quote
many webmasters with "white" projects, has problems with estdomains,
because them suspend domains without notifications and checking

According to a statement made by an EstDomains representative in a well-known security forum,
about 15000 domains were suspended during latest week:
http://www.malwarebytes.org/forums/index.php?showtopic=6159&st=40&p=27572&#entry27572

Since a complete list of the suspended sites hasn't been provided to the public,
it's obviously not possible to verify the above numbers.
Then again...the whole clean-up process hasn't yet been completed,
as there are still lots of stuff to be checked there...
all sides should be patient in the meanwhile - just found these ones yesterday:

ferrychi445677.com
my-socks.info
de-my-page.info
rivatos.net
onlinececk.com
guidetosuccess.name

If anyone was actually curious for the direct malware links in these...
http://www.malwaredomainlist.com/forums/index.php?topic=2207.msg5549#msg5549

September 14, 2008, 04:02:22 pm
Reply #69

SysAdMini

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 3335
EstDomains, Inc: Global Struggle Against Malware Distribution

http://www.prweb.com/releases/2008/9/prweb1325214.htm
Ruining the bad guy's day

September 15, 2008, 09:27:17 am
Reply #70

kokach

  • Jr. Member

  • Offline
  • **

  • 10
Thanks.
Put these last domains to the suspend queue.
And yes, the whole clean-up process is still in action, and it will take some time in order to complete it...
Your help is greatly appreciated.

September 15, 2008, 07:27:04 pm
Reply #71

JohnC

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1964
http://www.klikforum.com/viewtopic.php?p=96443

Quote
В свете последних событий, предлагаем свои услуги по регистрации и сопровождению абузостойких доменов с гарантией в следующих зонах: com/net/biz/info

Домены гарантировано держат:
- Любые виды и объёмы web-спама (абузы от uribl и ему подобных, включая печально известный malwaredomainlist.com)
- Кодеки и любой другой low-sercurity софт
- Контент (дорвеи и т.д.), кроме контента указаного ниже

English translation:

Quote
In light of recent events, offer their services to register and escort abuzostoykih domains with a guarantee in the following areas: com / net / biz / info

Domains guaranteed hold:
-- All types and amounts of web-spam (abuzy uribl from him and such, including the notorious malwaredomainlist.com)
-- Codecs and any other low-sercurity software
-- Content (dorvei, etc.), besides indicating the content below

Interesting.


September 15, 2008, 07:34:56 pm
Reply #72

MysteryFCM

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 1693
  • Personal Text
    Phishing Phanatic
    • I.T. Mate
Quote
including the notorious malwaredomainlist.com

LMFAO! I love it!
Regards

Steven Burn
I.T. Mate / hpHosts
it-mate.co.uk / hosts-file.net

September 16, 2008, 03:16:51 am
Reply #73

sowhat-x

  • Guest
...And I surely hope that ICANN people also reads the above.

Because pretty much the only "notorious" thing in this whole story throughout the years,
is their obvious lack of will to take the appropriate legal action against proven criminal activities.
Instead,they left it as an exercise to AV/security companies and individual non-paid volunteers.
Law of the jungle:with malware creatures caught in the wild,ending up in our zoos to say so...

Whatever - at least it got proved,for once more,that the community spirit is alive and kicking.

September 16, 2008, 07:18:42 am
Reply #74

sowhat-x

  • Guest
And more of..."notorious" exploit packs and associated malware...

3hosts.info
beliveme.net
bestguideinc.net
bigtopband.net
carrentalhelp.org
catchmoneynow.com
e.pepato.org
entiremedianet.com
f1visa.info
fastmediaservice.com
getanews.info
gicia.info
google-analyticks.net
googlebotdirect.com
inetppui.com
insurance-all.net
internet-telecom.info
jet3.rtds.biz
jungleconn.com
littlesoring.com
lucky-traffic.com
mazafaka.biz
mortgage88.org
mxlinx.info
myceck.com
naship.info
ns1.initialinfo.com
ns2.funfuckporn.com
odory.com
oldsoftupd.net
p0llo.com
plusney.com
razvlekalovo.net
rtrbenews.com
safenavweb.com
scanner-xpertantivirus.com
service-porn.com
smart-security.biz
statadd.com
sypercasino.com
totalsecuredownload.com
traff.justcount.net
trffc.org
uptdaterav.com
xpsys.net