The 'hostance.net' dialers have a new home
Well, this major repository (also known as TrafficAdvance and Carima Ltd), responsible of creating and hosting tens of thousands of repacked trojan/dialers, has a new home: traffic-advance.net (with dialers being typically pushed from deposito.traffic-advance.net).
Here's the whois:
Put "traffic-advance.net" in your block lists as soon as possible. There are reports of hijacks already.
EDIT: please note that "hostance.net" is still up as well, and still hosting trojans. So don't remove that one.
Here's the whois:
Domain Name: traffic-advance.net
Created on..............: 03 Apr 2006 12:55:10
Expires on..............: 03 Apr 2008 12:55:10
Administrative Info:
CARIMA ENTERPRISES LIMITED
CARIMA ENTERPRISES
45 Welbeck Street
London, UK W1G 8DZ
GB
Phone: +1.2402555993
Fax..: +1.2402555993
Email: ******************@lycos.co.uk
Technical Info:
CARIMA ENTERPRISES LIMITED
CARIMA ENTERPRISES
45 Welbeck Street
London, UK W1G 8DZ
GB
Phone: +1.2402555993
Fax..: +1.2402555993
Email: ******************@lycos.co.uk
Registrant Info:
CARIMA ENTERPRISES LIMITED
CARIMA ENTERPRISES
45 Welbeck Street
London, UK W1G 8DZ
GB
Phone: +1.2402555993
Fax..: +1.2402555993
Email: ******************@lycos.co.uk
Status: Locked
Put "traffic-advance.net" in your block lists as soon as possible. There are reports of hijacks already.
EDIT: please note that "hostance.net" is still up as well, and still hosting trojans. So don't remove that one.
posted by TNT at 02:22
2 Comments:
Is a variant of italian dialer,yours and my country,add's the several key in trusted zone(015 on Hijackthis)
It modifies some value in the registry
(Internet explorer and security option)is compress with upx,the new variant compress with pepack or aspack,the dialer written in Visual Basic
Cheers
Thanks for the extra info.
Post a Comment
<< Home