gfxgfx
 
Please login or register.

Login with username, password and session length
 
gfx gfx
gfx
75400 Posts in 13198 Topics by 2641 Members - Latest Member: lokta October 17, 2017, 01:20:26 pm
*
gfx*gfx
gfx
WinMX World :: Forum  |  Discussion  |  WinMx World News  |  Fake infringement Notices - A Tale Of Stupidity
gfx
gfxgfx
 

Author Topic: Fake infringement Notices - A Tale Of Stupidity  (Read 1027 times)

0 Members and 1 Guest are viewing this topic.

Offline GhostShip

  • Ret. WinMX Special Forces
  • WMW Team
  • *****
Fake infringement Notices - A Tale Of Stupidity
« on: September 18, 2014, 11:42:59 pm »
Yesterday I was poking around the web and all of a sudden a nasty pop-up window appeared making all sorts of silly claims and pretending to have the backing of the police and the NSA  :shocked:

Well I was rather surprised that simply looking at a torrent link could turn me into an international big time wanted criminal, did they have the right man ???

Being the sort of chap who feels that honesty is the best policy I thought maybe I should turn myself in for looking at such obviously criminal links  ;), but unfortunately my accusers had not left any information on where I could contact them and there was most certainly not any attack helicopter hovering outside the window waiting to bundle me into a waiting cell, this wasn't going to be easy , and to make matters worse all my files where being encrypted and I saw a timer on the right side of the window so it must all be true  :yes:  I also saw an advert for some kind of paycard like paypal but obviously  a different organisation as its pretty clear that even the police and the NSA cant beat paypal for a smooth transaction :-D

I tried to close the browser window, but wait  :!: it wouldn't close and a new window opened up, this must be the real thing folks eh   :o :o :o

After closing down this self styled and semi literate page of bull using the rather simple taskmanger I repeated the operation to ensure the same specific site was the cause of all this nonsense, it most certainly was and so I firstly took a screen shot and made a note of the address.

I looked at the root domain and saw that it was parked by godaddy, strange but when adding the additional subdomain data I was able to get some response, it redirected me to msn.com, this was truly malware then, no one should have to suffer such a fate  :nerd:

All jokes aside folks the site to add to your hostfile to block is the following yder.lakewalesmazda.com/board-of-justices/      this addy normally has a long string of data following it to let the server operator know what link sent you to their nonsense generator, but rest assured that's exactly what it is, no files where encrypted and I didn't have to buy any dubious paycard funds to get anything back, this is pure and simple scare ware and not even decently researched scare ware, referencing as it does non existent laws, we should take pity on such chumps but I thought you might all enjoy a good laugh too  :-D :-D :-D

 

Offline White Stripes

  • Core
  • *****
  • ***
  • Je suis aimé
Re: Fake infringement Notices - A Tale Of Stupidity
« Reply #1 on: September 20, 2014, 03:21:11 am »
that url just takes me to msn.com ... how do you stumble across this stuff? you need an addon called 'ghostery' and of course adblock plus.... most of the crap gets stopped by those two

Offline GhostShip

  • Ret. WinMX Special Forces
  • WMW Team
  • *****
Re: Fake infringement Notices - A Tale Of Stupidity
« Reply #2 on: September 20, 2014, 04:00:26 am »
I'm just a fun loving kind of chap Stripes  :lol: :lol:

The new URL is drgrwe.hownottogetsuedonline.com/criminal-court

It seems they change it regularly to thwart  investigators such as myself, I was disappointed with the whole scheme to be honest as little real thought has gone into getting the legal facts right in any part of the page, simply having a collection of  organisational names posted all over a web page impresses no one bar the guy with a low IQ who actually thinks this kind of activity scares anyone with a functioning brain.

Must try harder  :!:

Offline White Stripes

  • Core
  • *****
  • ***
  • Je suis aimé
Re: Fake infringement Notices - A Tale Of Stupidity
« Reply #3 on: September 20, 2014, 10:31:41 am »
Code: [Select]
~$ curl -v drgrwe.hownottogetsuedonline.com/criminal-court
* About to connect() to drgrwe.hownottogetsuedonline.com port 80 (#0)
*   Trying 85.25.103.43... connected
* Connected to drgrwe.hownottogetsuedonline.com (85.25.103.43) port 80 (#0)
> GET /criminal-court HTTP/1.1
> User-Agent: curl/7.21.0 (i486-pc-linux-gnu) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3.4 libidn/1.15 libssh2/1.2.6
> Host: drgrwe.hownottogetsuedonline.com
> Accept: */*
>
< HTTP/1.1 302 Moved Temporarily
< Server: nginx/1.2.1
< Date: Sat, 20 Sep 2014 06:49:14 GMT
< Content-Type: text/html
< Transfer-Encoding: chunked
< Connection: keep-alive
< X-Powered-By: PHP/5.4.4-14+deb7u14
< Set-Cookie: referer=empty; expires=Sun, 21-Sep-2014 06:50:50 GMT; path=/criminal-court; domain=.drgrwe.hownottogetsuedonline.com
< Location: http://www.msn.com
<
* Connection #0 to host drgrwe.hownottogetsuedonline.com left intact
* Closing connection #0


hmm ... it feeds the browser a cookie... in this instance saying there is no referrer...
then redirects me to msn.com

Code: [Select]
~$ curl -v -e "www.foobar.com" drgrwe.hownottogetsuedonline.com/criminal-court
* About to connect() to drgrwe.hownottogetsuedonline.com port 80 (#0)
*   Trying 85.25.103.43... connected
* Connected to drgrwe.hownottogetsuedonline.com (85.25.103.43) port 80 (#0)
> GET /criminal-court HTTP/1.1
> User-Agent: curl/7.21.0 (i486-pc-linux-gnu) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3.4 libidn/1.15 libssh2/1.2.6
> Host: drgrwe.hownottogetsuedonline.com
> Accept: */*
> Referer: www.foobar.com
>
< HTTP/1.1 302 Moved Temporarily
< Server: nginx/1.2.1
< Date: Sat, 20 Sep 2014 10:25:26 GMT
< Content-Type: text/html
< Transfer-Encoding: chunked
< Connection: keep-alive
< X-Powered-By: PHP/5.4.4-14+deb7u14
< Set-Cookie: referer=d3d3LmZvb2Jhci5jb20%3D; expires=Sun, 21-Sep-2014 10:27:02 GMT; path=/criminal-court; domain=.drgrwe.hownottogetsuedonline.com
< Location: http://www.msn.com
<
* Connection #0 to host drgrwe.hownottogetsuedonline.com left intact
* Closing connection #0

feed it a referrer and it sets a hashed cookie... but still redirects to msn.com...


....would you be willing to pm me where exactly you were surfing when this nasty thing popped up? i think it is looking for specific referrers...


Offline GhostShip

  • Ret. WinMX Special Forces
  • WMW Team
  • *****
Re: Fake infringement Notices - A Tale Of Stupidity
« Reply #4 on: September 20, 2014, 12:38:41 pm »
PM sent, what is missing from the image is the full addy of info but I didn't think it was sensible to post that due to it likely having some identifying data embedded in it,

Offline White Stripes

  • Core
  • *****
  • ***
  • Je suis aimé
Re: Fake infringement Notices - A Tale Of Stupidity
« Reply #5 on: September 20, 2014, 10:58:17 pm »
still a 302 redirect.... i wonder if its targeting uk ips...

heres a windows port of curl; http://www.confusedbycode.com/curl/  if you want to play too lol... note: i have not tested this port... ive never used curl on anything but linux...

WinMX World :: Forum  |  Discussion  |  WinMx World News  |  Fake infringement Notices - A Tale Of Stupidity
 

gfxgfx
gfx
©2005-2017 WinMXWorld.com. All rights reserved.
SMF 2.0.14 | SMF © 2017, Simple Machines
Page created in 0.033 seconds with 22 queries.
Helios Multi © Bloc
gfx
Powered by MySQL Powered by PHP Valid XHTML 1.0! Valid CSS!