In the News Again - A Drive-by Download Dialer - Security and You: dgoslings Place

In the News Again - A Drive-by Download Dialer

Published Mon, Jun 26 2006 12:21

Despite efforts since 2002 to shut down this site originating in the UK, it still is actively installing a dialer when you visit the webpages at Coulomb.  Using an Active X control that automatically downlowds to your computer  when you visit their web pages,  it places a dialer component on your computer which forces it to Dial-Up to a high priced connection and deliver Porn to your computer.

Information about this dialer has been documented in the past, by Computer Associates http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453072512 and by Symantec http://www.symantec.com/avcenter/venc/data/dialer.pornpaq.html

The latest attempt to get this site that delivers Active Malware shut down, has been blogged by Security Expert Jose Nazario http://asert.arbornetworks.com/2006/06/long-lived-malware-distribution-sites/.

The fact that this site still exists, after being discovered back in 2002 , and still plants their malware on people's computers, is atrocious. What the public needs to do to help in the fight against this scourge, is  to ACT!  The way you can help, is to block the IP addresses that this company/person uses.  You can find this information at http://www.dnsstuff.com/tools/whois.ch?ip=217.73.66.0. On this WHOIS page you will find that the IP Address range is 217.73.64.0 to 217.73.66.20. Don't hesitate, block it now  so that any chance of this dialer being downloaded to your computer is removed!

Read the links I have given above and you will find that this site is BAD NEWS.  We fight against spyware, malware and adware on a daily basis, but the public needs to get involved in any way they can.  There are many sites like this one on the Internet that spread their nasties with Drive-By downloads and other methods of placing junk on your computer.. 

What is a Drive-By download?  It is a download that occurs, in most cases without your knowledge, when you visit a specific webpage.  It is an insidious attempt to hijack your computer by the people who make this junk.  Sometimes you may visit a bad webpage wilingly, when you either click a search engine link or click a link in an email, thinking it is legitimate.  Other methods they use are: compromising a legitimate Webpage and placing a link to the bad pge on it , or hijacking a legitimate webpage and building in hidden code to redirect you there, without your knowledge.  When you visit the bad webpage an automatic download of the malware, takes place.  This is why it is called 'Drive-By' download, because all an individual  has to do is visit the page, to have the download occur.  Once the file or program has downloaded, it is on your hard drive to wreak havoc. It can be filled with viruses, trojans, dialers, adware, spyware, malware or any amount of bad junk that  you don't want on your hard drive.

To prevent this happening to YOU, block any sites that have been found, by using the IP address of the WebSite, so that your computer browser is unable to visit the site.  By blocking sites like the one mentioned above, you are joining those who are involved daily, in the fight    If each individual with a computer blocks bad sites from accessing or downloading to their computer, then we can, and will  WIN THE FIGHT! 

Have a Great Day and STAY MALWARE FREE!

 

by Dorothy Gosling

Leave a Comment

(required) 
(required) 
(optional)
(required) 

Search

This Blog

Email Notifications

News


Microsoft - Offers You:

Protect Yourself:

Security Info

Free Anti-Virus Products

Free Firewalls

Free Anti-Spyware Products

Free Rootkit Scanners & Trojan Scanners

Free Security Tools

Online Scanners AV, AS, Firewall

Anti-Trojan Products

Security MVP's Speak: