ADULT.COM sponsoring trojan website.. - GoFuckYourself.com

SmokeyTheBear · 11-18-2004, 01:08 PM

They (adult.com) are likely not aware of this, but i would suggest contacting this affliate asap .

http://galleries.adult.com/reality/g...wm=MTgzMjo2OjU

I notice alot of other well know websites that are affiliated with www.tv69.com / sexdirectory.com

like sleazydream and madthumbs

Aliases Trojan.JS.NoClose.e
JS/NoClose.M
JS/Noclose
JS/NoClose.L

JS/NoClose-G hides the browser window and, after 10 minutes, opens a pop-up window.
The pop-up window will typically have a URL located at http://www.tv69.com/ and may contain sexual images or links to adult websites.
A cookie flag is set to prevent the pop-up from being shown more than once in a 24 hour period.
JS/NoClose-G typically arrives on the computer by browsing websites whose HTML pages contain the script.
JS/NoClose-G is not particularly malicious, but its behaviour can be regarded as undesirable.

Name JS/Fortnight-B
Type Worm

JS/Fortnight-B is a worm that attempts to spread by dropping a file that it sets as the signature file for Outlook Express 5.0. The file is dropped in the Windows folder and is called s.htm.
JS/Fortnight-B sets the following registries:
HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel\SecurityTab
HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel\AdvancedTab
to "1" and
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\URL
\DefaultPrefix\
to "http://www.pixpox.com/cgi-bin/click.pl?url="
JS/Fortnight-B also creates a file in the Windows folder called hosts. The hosts file has the effect of subverting access to the following websites:
*.mtree.com
ads.sexplanets.com
adultfriendfinder.com
adultmegacash.com
adv.sexcounter.com
amc2.adultmegacash.com
auto.search.msn.com
c.fsx.com
cart.penispill.com
cash.helmy.com
cgi.gammae.com
click.passiondollars.com
click.payserve.com
click.silvercash.com
clickcash.webpower.com
clicks.filthyclicks.com
clicks.nastydollars.com
clicks.oxcash.com
clicks.uni-cash.com
clicks2.oxcash.com
ctc.amateurpages.com
ctc.japanesegirls.com
cybererotica.com
db.fetishcash.com
db.smutcash.com
dollartraffic.com
gotd.stiffycash.com
home.vividvip.com
in.cybererotica.com
in.paycounter.com
join.pibcash.com
link.siccash.com
links.lifetimebucks.com
lobby.sexlist.com
media.fastclick.net
network.nocreditcard.com
network.nocreditcard.com
partner.globill-systems.com
partners.hotgold.com
penismedical.net
php.offshoreclicks.com
php.offshoreclicks.com
porndollar.com
potd.oxcash.com
programs.wegcash.com
rd1.hitbox.com
refer.ccbill.com
referral.topbucks.com
secure.2000charge.com
secure.dpbill.com
secure.dutchbilling.com
secure.ibill.com
secure.pswbilling.com
secure.visionbill.net
secure1.websitebilling.com
select.2000charge.com
stats.allliquid.com
stats1.pussypayments.com
the.sextracker.com
track.oxcash.com
traffic.acpay.com
vip.mtree.com
ww2.amateur-pages.com
ww2.amateur-pages.com
www.1shoppingcart.com
www.adultbucks.com
www.adultmovienetwork.com
www.adultrevenueservice.com
www.albionmedical.com
www.asacp.org
www.babylon-x.com
www.bigpay.com
www.big-penis.com
www.blacksonblondes.com
www.candidclicks.com
www.cashforlink.com
www.ccbill.com
www.clickcash.com
www.clubpix.com
www.cybererotica.com
www.cyberpatrol.com
www.cybersitter.com
www.danni.com
www.deluxepass.com
www.dibill.com
www.dollars4babes.com
www.dollartraffic.com
www.eazybucks.com
www.entertainmentcash.com
www.eroticacash.com
www.eroticcash.com
www.fatclicks.com
www.fatpockets.com
www.freeezinebucks.com
www.freeticketcash.com
www.hawgscash.com
www.herbalbucks.com
www.herbalo.com
www.hpic.com
www.icra.org
www.intergal.com
www.iteens.com
www.lightspeedcash.com
www.makingitpay.com
www.maturemoney.com
www.maximumcash.com
www.morepenis.com
www.mtreexxx.net
www.n69.com
www.nastydollars.com
www.netnanny.com
www.nocreditcard.com
www.oxcash.com
www.penilesecrets.com
www.penismedical.net
www.penispill.com
www.pillmedics.com
www.pillscash.com
www.pillsmoney.com
www.platinumbucks.com
www.pluspills1.com
www.porndollar.com
www.pornstardollars.com
www.rsac.org
www.safesurf.com
www.scoreland.com
www.sexfantasyzone.com
www.sexhit.com
www.signup.globill-systems.com
www.spyglass.com
www.stiffycash.com
www.surfwatch.com
www.thecashzone.com
www.totally4freecash.com
www.trueclicks.com
www.tv69.com
www.twistyscash.com
www.webmastersmakemoney.com
www.xpays.com
www.xxxesscash.com
www2.karupspc.com
www2.seductiveamateurs.com
JS/Fortnight-B exploits a vulnerability in the Microsoft VM ActiveX component.
If an affected web page is opened, a JScript embedded on the page attempts to use the vulnerability in order to drop files on a local drive, change registry keys without the user's knowledge or perform any other malicious action on the local computer.
For more details about the Microsoft VM ActiveX component exception vulnerability please see Microsoft Security Bulletin MS00-075.

Manowar · 11-18-2004, 01:11 PM

tv69.com is a TCG domain.

SmokeyTheBear · 11-18-2004, 01:13 PM

pixpox is using steelecash and fleshlight

http://click.silvercash.com/b_count/b_t.cgi?id=1009

AlienQ - BANNED FOR LIFE · 11-18-2004, 01:14 PM

Or possibly swapping out Affiliate code?

SmokeyTheBear · 11-18-2004, 01:14 PM

Quote:

Originally posted by Manowar
tv69.com is a TCG domain.

hmm well i would wonder then why is tv69.com doing this ??

ElvisManson · 11-18-2004, 01:32 PM

Quote:

Originally posted by SmokeyTheBear
hmm well i would wonder then why is tv69.com doing this ??

pixpox.com is registered in Norway, but admin is in Armenia?..I think..the registrar looks a little wonky to me.

Basic_man · 11-18-2004, 01:34 PM

Weird.. Lens, check this out !

webair · 11-18-2004, 01:41 PM

probably be better served e-mail them directly than posting here first no?

Doctor Dre · 11-18-2004, 01:42 PM

There will be some major drama :P

SmokeyTheBear · 11-18-2004, 01:46 PM

Quote:

Originally posted by webair
probably be better served e-mail them directly than posting here first no?

when my money is being stolen , i go for the fastest way to get it back. besides lens takes ages to answer e-mail and there are a ton of people affected besides just lens.

Sarabi · 11-18-2004, 01:59 PM

Quote:

JS/NoClose-G hides the browser window and, after 10 minutes, opens a pop-up window.
The pop-up window will typically have a URL located at http://www.tv69.com/ and may contain sexual images or links to adult websites.
A cookie flag is set to prevent the pop-up from being shown more than once in a 24 hour period.
JS/NoClose-G typically arrives on the computer by browsing websites whose HTML pages contain the script.
JS/NoClose-G is not particularly malicious, but its behaviour can be regarded as undesirable.

This isn't a trojan that's doing anything harmful...it's just a timed blur that pops a console...what's the big deal? You have a choice to send to them console free.

It's the JS/Fortnight-B which is modifying registries and preventing access to that whole list of sites, tv69 included, and sending to http://www.pixpox.com/cgi-bin/click.pl?url= . It's whoever these pixpox people are that we should be worrying about

pradaboy · 11-18-2004, 02:00 PM

ooh that's def. not good

ElvisManson · 11-18-2004, 02:03 PM

Quote:

Originally posted by Sarabi
This isn't a trojan that's doing anything harmful...it's just a timed blur that pops a console...what's the big deal? You have a choice to send to them console free.

It's the JS/Fortnight-B which is modifying registries and preventing access to that whole list of sites, tv69 included, and sending to http://www.pixpox.com/cgi-bin/click.pl?url= . It's whoever these pixpox people are that we should be worrying about

Interesting disclaimer at the bottom of pixpox.com.

"The PIXPOX is in no way responsible for any damage as a result of linking to pages of other web sites, nor is The PIXPOX responsible for the content of the pages to which it links. "

corvette · 11-18-2004, 02:05 PM

smokey, whats a good way to get hold of you? i have been trying to for a while, preferably over phone

Dalai lama · 11-18-2004, 02:06 PM

Quote:

Originally posted by Basic_man
Weird.. Lens, check this out !

You are so fucking dumb

LauraLee · 11-18-2004, 02:09 PM

Quote:

Originally posted by Sarabi
This isn't a trojan that's doing anything harmful...it's just a timed blur that pops a console...what's the big deal? You have a choice to send to them console free.

It's the JS/Fortnight-B which is modifying registries and preventing access to that whole list of sites, tv69 included, and sending to http://www.pixpox.com/cgi-bin/click.pl?url= . It's whoever these pixpox people are that we should be worrying about

Thank you very much for clarifyiing that Sarabi.

KMR Stitch · 11-18-2004, 02:11 PM

SmokeyTheBear · 11-18-2004, 02:15 PM

Quote:

Originally posted by corvett
smokey, whats a good way to get hold of you? i have been trying to for a while, preferably over phone

post your icq i will leave my number for you

Rich · 11-18-2004, 02:15 PM

That's a TCG domain? That's impossible, they can do no wrong. Just ask all the guys who have TCG sigs.

corvette · 11-18-2004, 02:16 PM

45471840

SmokeyTheBear · 11-18-2004, 02:19 PM

Quote:

Originally posted by Sarabi
This isn't a trojan that's doing anything harmful...it's just a timed blur that pops a console...what's the big deal? You have a choice to send to them console free.

It's the JS/Fortnight-B which is modifying registries and preventing access to that whole list of sites, tv69 included, and sending to http://www.pixpox.com/cgi-bin/click.pl?url= . It's whoever these pixpox people are that we should be worrying about

Thanx sarabi , i jumped the gun thinking the two were related, they are not..

Manowar · 11-18-2004, 02:20 PM

Quote:

Originally posted by Rich
That's a TCG domain? That's impossible, they can do no wrong. Just ask all the guys who have TCG sigs.

Yeah, it was just a popup for a TCG domain. Nothing harmful

The second thing is

Diligent · 11-18-2004, 02:35 PM

SmokeyTheBear,

it's great You keep an eye on some of all this shit!

I get the feeling it's escalated quite much the last 6 months.

Anyway, like I've always believed.. It's not shady sponsors that are behind stuff like this,
it's a small number of shady webmasters & hackers.

I wonder if they're networking since the problem is growing or if they "work" independently...

I just hope some people with the right skills and knowledge can come up with
some way to at least detect things like these efficiently.

Otherwise it will probably not be pleasant for either us webmasters or the industry as a whole.

Sponsors are going to end up with mostly "hacker-affiliates" when real
webmasters leave them because, to them, it looks like the sites stop converting...

webmaster x · 11-18-2004, 02:41 PM

hmmm....

SexDirectory · 11-18-2004, 03:56 PM

Quote:

Originally posted by SmokeyTheBear
Thanx sarabi , i jumped the gun thinking the two were related, they are not..

Thanks for exonerating SexDirectory.com there Smokey.

SexDirectory.com has no spyware, no trojans and no worms.

On that note, even though the TGP is just starting off, anyone can feel free to submit some galleries. Just keep them quality, please.

Cheers

hive · 11-18-2004, 09:15 PM

Any news on this yet? Someone has to know someone that can get info on this guy.

xclusive · 11-18-2004, 11:30 PM

Not good and it's amazing a lot of the people that put this shit out would do a lot better financially if they did everything on the up and up...

SmokeyTheBear · 11-18-2004, 11:32 PM

Quote:

Originally posted by hive
Any news on this yet? Someone has to know someone that can get info on this guy.

silvercash is sponsoring him

Theo · 11-18-2004, 11:37 PM

trjoans, the cancer of internet

btw,how can i develop one?

Major (Tom) · 11-18-2004, 11:40 PM

Smokey, u rock!

Duke

SmokeyTheBear · 11-18-2004, 11:43 PM

Quote:

Originally posted by DukeSkywalker
Smokey, u rock!

Duke

I didnt track this one down , but thanks..

The pixpox site is the roadmap to theft in the highest degree, and i wouldn't be suprised if they get a little visit..

11-18-2004, 01:08 PM	#1
SmokeyTheBear ►SouthOfHeaven Join Date: Jun 2004 Location: PlanetEarth MyBoardRank: GerbilMaster My-Penis-Size: extralarge MyWeapon: Computer Posts: 28,609	ADULT.COM sponsoring trojan website.. They (adult.com) are likely not aware of this, but i would suggest contacting this affliate asap . http://galleries.adult.com/reality/g...wm=MTgzMjo2OjU I notice alot of other well know websites that are affiliated with www.tv69.com / sexdirectory.com like sleazydream and madthumbs Aliases Trojan.JS.NoClose.e JS/NoClose.M JS/Noclose JS/NoClose.L JS/NoClose-G hides the browser window and, after 10 minutes, opens a pop-up window. The pop-up window will typically have a URL located at http://www.tv69.com/ and may contain sexual images or links to adult websites. A cookie flag is set to prevent the pop-up from being shown more than once in a 24 hour period. JS/NoClose-G typically arrives on the computer by browsing websites whose HTML pages contain the script. JS/NoClose-G is not particularly malicious, but its behaviour can be regarded as undesirable. Name JS/Fortnight-B Type Worm JS/Fortnight-B is a worm that attempts to spread by dropping a file that it sets as the signature file for Outlook Express 5.0. The file is dropped in the Windows folder and is called s.htm. JS/Fortnight-B sets the following registries: HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel\SecurityTab HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel\AdvancedTab to "1" and HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\URL \DefaultPrefix\ to "http://www.pixpox.com/cgi-bin/click.pl?url=" JS/Fortnight-B also creates a file in the Windows folder called hosts. The hosts file has the effect of subverting access to the following websites: *.mtree.com ads.sexplanets.com adultfriendfinder.com adultmegacash.com adv.sexcounter.com amc2.adultmegacash.com auto.search.msn.com c.fsx.com cart.penispill.com cash.helmy.com cgi.gammae.com click.passiondollars.com click.payserve.com click.silvercash.com clickcash.webpower.com clicks.filthyclicks.com clicks.nastydollars.com clicks.oxcash.com clicks.uni-cash.com clicks2.oxcash.com ctc.amateurpages.com ctc.japanesegirls.com cybererotica.com db.fetishcash.com db.smutcash.com dollartraffic.com gotd.stiffycash.com home.vividvip.com in.cybererotica.com in.paycounter.com join.pibcash.com link.siccash.com links.lifetimebucks.com lobby.sexlist.com media.fastclick.net network.nocreditcard.com network.nocreditcard.com partner.globill-systems.com partners.hotgold.com penismedical.net php.offshoreclicks.com php.offshoreclicks.com porndollar.com potd.oxcash.com programs.wegcash.com rd1.hitbox.com refer.ccbill.com referral.topbucks.com secure.2000charge.com secure.dpbill.com secure.dutchbilling.com secure.ibill.com secure.pswbilling.com secure.visionbill.net secure1.websitebilling.com select.2000charge.com stats.allliquid.com stats1.pussypayments.com the.sextracker.com track.oxcash.com traffic.acpay.com vip.mtree.com ww2.amateur-pages.com ww2.amateur-pages.com www.1shoppingcart.com www.adultbucks.com www.adultmovienetwork.com www.adultrevenueservice.com www.albionmedical.com www.asacp.org www.babylon-x.com www.bigpay.com www.big-penis.com www.blacksonblondes.com www.candidclicks.com www.cashforlink.com www.ccbill.com www.clickcash.com www.clubpix.com www.cybererotica.com www.cyberpatrol.com www.cybersitter.com www.danni.com www.deluxepass.com www.dibill.com www.dollars4babes.com www.dollartraffic.com www.eazybucks.com www.entertainmentcash.com www.eroticacash.com www.eroticcash.com www.fatclicks.com www.fatpockets.com www.freeezinebucks.com www.freeticketcash.com www.hawgscash.com www.herbalbucks.com www.herbalo.com www.hpic.com www.icra.org www.intergal.com www.iteens.com www.lightspeedcash.com www.makingitpay.com www.maturemoney.com www.maximumcash.com www.morepenis.com www.mtreexxx.net www.n69.com www.nastydollars.com www.netnanny.com www.nocreditcard.com www.oxcash.com www.penilesecrets.com www.penismedical.net www.penispill.com www.pillmedics.com www.pillscash.com www.pillsmoney.com www.platinumbucks.com www.pluspills1.com www.porndollar.com www.pornstardollars.com www.rsac.org www.safesurf.com www.scoreland.com www.sexfantasyzone.com www.sexhit.com www.signup.globill-systems.com www.spyglass.com www.stiffycash.com www.surfwatch.com www.thecashzone.com www.totally4freecash.com www.trueclicks.com www.tv69.com www.twistyscash.com www.webmastersmakemoney.com www.xpays.com www.xxxesscash.com www2.karupspc.com www2.seductiveamateurs.com JS/Fortnight-B exploits a vulnerability in the Microsoft VM ActiveX component. If an affected web page is opened, a JScript embedded on the page attempts to use the vulnerability in order to drop files on a local drive, change registry keys without the user's knowledge or perform any other malicious action on the local computer. For more details about the Microsoft VM ActiveX component exception vulnerability please see Microsoft Security Bulletin MS00-075. __________________ hatisblack at yahoo.com

11-18-2004, 01:13 PM	#3
SmokeyTheBear ►SouthOfHeaven Join Date: Jun 2004 Location: PlanetEarth MyBoardRank: GerbilMaster My-Penis-Size: extralarge MyWeapon: Computer Posts: 28,609	pixpox is using steelecash and fleshlight http://click.silvercash.com/b_count/b_t.cgi?id=1009 __________________ hatisblack at yahoo.com

11-18-2004, 01:14 PM	#4
AlienQ - BANNED FOR LIFE best designer on GFY Join Date: Mar 2003 Location: IALIEN.COM - High Definition Video and Photographic Productions -ICQ 78943384 Posts: 30,307	Or possibly swapping out Affiliate code? __________________ NAKED HOSTING FTW!11 I'm On The INSANE PLAN $9.95/mo! \| The Alien Blog Adult News Worth Reading Updated Daily \| Content For Sale! 641 PICS 216 MINUTES OF VIDEO $350.00 \|ICQ: 78943384 \|

11-18-2004, 01:34 PM	#7
Basic_man Programming King Pin Industry Role: Join Date: Oct 2003 Location: Montreal Posts: 27,360	Weird.. Lens, check this out ! __________________ UUGallery Builder - automated photo/video gallery plugin for Wordpress! Stop looking! Checkout Naked Hosting, online since 1999 !

11-18-2004, 01:41 PM	#8
webair Confirmed User Industry Role: Join Date: Feb 2002 Location: NYC, NY Posts: 8,531	probably be better served e-mail them directly than posting here first no? __________________ ~ Webair Dedicated Cloud Servers™ ~ WEBAIR VSYS™ Virtual Hosting Platform ~ Superior CDN Network ~ ~ Managed Dedicated hosting Specialists ~ DISCOUNT DOMAIN NAMES! ~ WEBAIR FUSION IO MANAGED CLOUD SERVERS! ~ *ICQ:* 243116321 - *TWITTER* - @WEBAIRINC - E-Mail: [email protected]

11-18-2004, 01:11 PM	#2
Manowar jellyfish Join Date: Dec 2003 Posts: 71,528	tv69.com is a TCG domain.

11-18-2004, 02:00 PM	#12
pradaboy sell me your banners Industry Role: Join Date: Dec 2003 Location: on the tubes Posts: 12,931	ooh that's def. not good __________________ Media Buyer - Sell me your traffic! FREE to register domains... Better than 99% of the crap sold here!

11-18-2004, 02:05 PM	#14
corvette Confirmed User Join Date: Oct 2001 Location: scottsdale Posts: 7,880	smokey, whats a good way to get hold of you? i have been trying to for a while, preferably over phone __________________ If you need a good company for check writing services, then check out checkissuing, and for webhosting, check out Phoenix NAP

11-18-2004, 02:11 PM	#17
KMR Stitch I am cool Join Date: Jul 2003 Posts: 14,494	hmmm

11-18-2004, 02:15 PM	#19
Rich So Fucking Banned Join Date: Jan 2003 Posts: 11,486	That's a TCG domain? That's impossible, they can do no wrong. Just ask all the guys who have TCG sigs.

11-18-2004, 02:16 PM	#20
corvette Confirmed User Join Date: Oct 2001 Location: scottsdale Posts: 7,880	45471840 __________________ If you need a good company for check writing services, then check out checkissuing, and for webhosting, check out Phoenix NAP

11-18-2004, 02:35 PM	#23
Diligent Confirmed User Join Date: Aug 2003 Location: Hoy Suecia, mañana Nirvana Posts: 1,594	SmokeyTheBear, it's great You keep an eye on some of all this shit! I get the feeling it's escalated quite much the last 6 months. Anyway, like I've always believed.. It's not shady sponsors that are behind stuff like this, it's a small number of shady webmasters & hackers. I wonder if they're networking since the problem is growing or if they "work" independently... I just hope some people with the right skills and knowledge can come up with some way to at least detect things like these efficiently. Otherwise it will probably not be pleasant for either us webmasters or the industry as a whole. Sponsors are going to end up with mostly "hacker-affiliates" when real webmasters leave them because, to them, it looks like the sites stop converting... __________________ ~¤~ MORE MONEY ~¤~ VOD? XoD! ~¤~ ~¤~ ICQ# 9828 2461 ~¤~

11-18-2004, 02:41 PM	#24
webmaster x Confirmed User Join Date: Mar 2004 Posts: 4,400	hmmm.... __________________ Click 9500 FHG Text Descriptions--Only $89!

11-18-2004, 09:15 PM	#26
hive Worker Bee Join Date: Apr 2003 Posts: 90	Any news on this yet? Someone has to know someone that can get info on this guy.

11-18-2004, 11:30 PM	#27
xclusive Too lazy to set a custom title Join Date: Apr 2004 Location: Buffalo, NY Posts: 35,218	Not good and it's amazing a lot of the people that put this shit out would do a lot better financially if they did everything on the up and up... __________________ I support MediumPimpin.com / Shemp's Outlawtgp.com /

11-18-2004, 11:37 PM	#29
Theo HAL 9000 Industry Role: Join Date: May 2001 Posts: 34,515	trjoans, the cancer of internet btw,how can i develop one?

11-18-2004, 11:40 PM	#30
Major (Tom) Noticing Industry Role: Join Date: Nov 2003 Location: Null Posts: 29,987	Smokey, u rock! Duke __________________ My mother said, to get things done You'd better not mess with Major Tom