[Dshield] new Agobot infection here?

Rick Klinge rick at jaray.net
Thu Mar 4 20:41:24 GMT 2004


I concur... 

Please provide info to:

http://www.asacp.com/reportsite.html

National Center for Missing and Exploited Children to combat the
proliferation of this disturbing material. You can also report suspicious
activity relating to child pornography to their "Tipline" at 1-800-843-5678.

Call 1-800-BE-ALERT. PLEASE DO NOT DOWNLOAD CHILD PORNOGRAPHY, AS THIS IS A
VIOLATION OF LAW. MERE POSSESSION OF THIS MATERIAL IS A VIOLATION OF FEDERAL
LAW AND MAY VIOLATE STATE STATUTES AS WELL. 

Since Operation Predator began in July of 2003, ICE has made more than 2,000
arrests nationwide. ICE has established a toll-free number for the public to
report illegal activity, including information about child sex offenders and
others who put children at risk. The number, 1-866-DHS-2ICE, is monitored 24
hours a day.


"Take a bite out of Psyco's"

~Rick

> -----Original Message-----
> From: list-bounces at dshield.org 
> [mailto:list-bounces at dshield.org] On Behalf Of Richard Roy
> Sent: Thursday, March 04, 2004 1:27 PM
> To: General DShield Discussion List
> Subject: RE: [Dshield] new Agobot infection here?
> 
> 
> According to DNSstuff.com and Arin.net it is some colocation 
> company hosting porn.  Most definitely a browser hijack by 
> malware to get traffic to the porn site.
> 
> www.ipiku.com. CNAME IN 38400 ipiku.com. ipiku.com. NS IN 
> 38400 ns1.teen4ever.net. ipiku.com. NS IN 38400 
> ns2.teen4ever.net. ns1.teen4ever.net. A IN 38400 
> 63.246.157.25 ns2.teen4ever.net. A IN 38400 63.246.157.26 
> 
> Search results for: 63.246.157.26 
> 
> 
> OrgName:    United Colocation Group, Inc.
> OrgID:      UCG-14
> Address:    200 Paul Ave., Suite 500
> City:       San Francisco
> StateProv:  CA
> PostalCode: 94124
> Country:    US
> 
> NetRange:   63.246.128.0 - 63.246.159.255
> CIDR:       63.246.128.0/19
> NetName:    ASN-UNCGI-EXC-02
> NetHandle:  NET-63-246-128-0-1
> Parent:     NET-63-0-0-0-0
> NetType:    Direct Allocation
> NameServer: NS1.UNITEDCOLO.NET
> NameServer: NS2.UNITEDCOLO.NET
> Comment:
> RegDate:    2002-10-24
> Updated:    2003-03-24
> 
> NOCHandle: INFO-ARIN
> NOCName:   Info
> NOCPhone:  +1-888-993-9339
> NOCEmail:  info at unitedcolo.com
> 
> AbuseHandle: ABUSE185-ARIN
> AbuseName:   Abuse
> AbusePhone:  +1-888-993-9339
> AbuseEmail:  abuse at unitedcolo.com
> 
> TechHandle: SYSAD4-ARIN
> TechName:   Sysadmin-UCG
> TechPhone:  +1-888-993-9339
> TechEmail:  sysadmin at unitedcolo.com
> 
> OrgTechHandle: ZS203-ARIN
> OrgTechName:   Sago Networks
> OrgTechPhone:  +1-866-510-4000
> OrgTechEmail:  ipadmin at sagonet.com
> 
> # ARIN WHOIS database, last updated 2004-03-03 19:15
> # Enter ? for additional hints on searching ARIN's WHOIS database.
> 
> -----Original Message-----
> From: list-bounces at dshield.org 
> [mailto:list-bounces at dshield.org] On Behalf Of > Kenneth Coney
> 
> Sent: Thursday, March 04, 2004 12:03 PM
> To: list at dshield.org
> Subject: Re: [Dshield] new Agobot infection here?
> 
> 
> Well the site is certainly infected with Trojan.ByteVerify.  
> Probably other 
> stuff too.  In any case  since it has photos of children 
> performing sex 
> acts it's owners need to be tracked down and publicly executed.
> 
> 
 

___________________________________________________________________
Virus Scanned and Filtered by http://www.FamHost.com E-Mail System.




More information about the list mailing list