Hosts News

Oh how embarrassing

Imagine that! ... from Google Diagnostic ... I wonder what malicious software was being distributed on the 15th?

So let's click on over to trustlogo.com from the Google Diagnostic report ...

 The really embarrassing part is that the site mentioned sagunnyu.com appears to use a Comodo certificate ... ouch!

== Server Certificate ==========
[Subject]
  CN=sslsecurity.kr, OU=Comodo InstantSSL, OU=Hosted by Jungbonet inc., OU=SSLSECURITY_TEAM, O=JUNGBONET, STREET=Nonhyeon-dong, L=Nonhyun-Dong, S=SEOUL, PostalCode=135-010, C=KR

[Issuer]
  CN=UTN-USERFirst-Hardware, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, S=UT, C=US

[Serial Number]
  2677FD02915826F36B72BDC69DBA9BC9

 Maybe a certain CEO should spend a little more time making sure things like the above don't happen rather than spewing out one-sided spin in an effort to deflect the real problem = failure to address an ongoing (since 2007) problem:

Criminals using Comodo to attempt legitimacy

Bombarded with Comment Spam

Update 07/29/09: I've heard from the powers-to-be and it seems the Spam Filters were set wrong after the latest blog update? Go figure ... I'll reset (allow) the Comments and see if I can restore them ...

I guess I've been lucky that the Bot spammers have not been a serious issue ... well until now ... seems like the last few days I have been bombarded with "comment spam" ... hundreds and hundreds a day [ugh!] So I've disabled the comments until things calm down ...

MVPS HOSTS File Update July-27-2009

The MVPS HOSTS file was recently updated [July-27-2009]
http://www.mvps.org/winhelp2002/hosts.htm

Download: hosts.zip (144 kb)
http://www.mvps.org/winhelp2002/hosts.zip

How To: Download and Extract the HOSTS file
http://www.mvps.org/winhelp2002/hosts2.htm

HOSTS File - Frequently Asked Questions
http://www.mvps.org/winhelp2002/hostsfaq.htm

Note: the "text" version makes a great resource for determining possible culprits ...
http://www.mvps.org/winhelp2002/hosts.txt (597 kb)

Comodo continues to ignore Malware warnings

Yet again we find the same group "ISystem Inc" scamming the public with their bogus products ... with a little more help from Comodo. Now I ask you ... how many times do I have to report the same group being issued a certificate from Comodo, before they take the necessary steps to prevent the general public from being ripped-off by these bad actors?

If the page looks familiar ... it is ... the same template as I previously reported ... from the same people "ISystem Inc"

As you can see I pasted the certificate details into the Fiddler report ... below you can see there is no doubt that "ISystem" is the owner ... same as previously reported several times! ...

It not hard to find the bad actors and the connection between "ISystem and SoftDialog" ... hey Comodo ever heard of Google? ...

"WindowsSecuritySuite" is hosted at the same location as before ... just how many red flags does it take?

"pay-secure" is also hosted on a previously reported location ...

# [Netdirekt][95.168.163.0 - 95.168.164.255]
127.0.0.1  aquabilling.com
127.0.0.1  secure.aquabilling.com
127.0.0.1  secure.bestbillingpro.com
127.0.0.1  secure.payment-cc24.com
127.0.0.1  pay-secure.net #[ISystem]
127.0.0.1  safe-pay-vault.com
127.0.0.1  webexpressbill.com
127.0.0.1  secure.webexpressbill.com

"Comodo - creating trust online" ... makes you wonder doesn't it ... I've been reporting on Comodo's lack of concern since
LimeLight Networks and connecting the dots (12-07-07) all we get is excuses and spin on how everyone else is doing it (issuing certificates) ... what ever happened to being a responsible part of the Internet community?

Comodo continues to damage it's reputation

Here again we find another bogus Antispyware program that does nothing but take your money ... with a little help from Comodo

If the page looks familiar ... it is ... the same template as I previously reported ... from the same people "ISystem Inc"

I pasted the Comodo certificate into the Fiddler output ... seems Comodo still does not check out anyone prior to issuing a certificate ... even if it comes from the same people it revoked previously ... duh!

Comodo continues to issue certificates to known Malware
Anyway ... I went back and checked the sites I last reported and it seems Comodo has decided to ignore my report ...

rapid-antivir-2009. com
rapid-antivir2009. com
rapid-antivirus2009. com = all redirect to:
secure.xsoftstore. com

 [Google link here]

Even a simple Google search as I suggested previously would have revealed the connection to ISystem ...

"malwaresdestructor. com" is hosted at Rcp.net along with quite a few other related Fraudware programs

"safe-pay-vault. com" is hosted at Netdirek - a known malware haven

# [Netdirekt][95.168.163.0 - 95.168.164.255]
127.0.0.1  aquabilling.com
127.0.0.1  secure.aquabilling.com
127.0.0.1  secure.bestbillingpro.com
127.0.0.1  safe-pay-vault.com
127.0.0.1  webexpressbill.com
127.0.0.1  secure.webexpressbill.com

Surely you would think Comodo with all it's resources can keep a lid on dealing with these malware frauds ... especially when they have already dealt with the same culprits before ... is anybody awake over there!! Trust is everything in the security business ... seems Comodo can no longer be trusted, as these type reports keep surfacing ... time after time ...