Bunch of new thiefware testing 4 U

tickler · 2007-04-18, 01:31 PM

A guy at the zoo is running a bunch of sponsor tests on an infected machine.
http://www.gfy.com/showthread.php?t=722960

attn: Hoes.com
This post show something happening on your site
http://www.gfy.com/showpost.php?p=12236585&postcount=39

Useless · 2007-04-18, 05:25 PM

Does a Zango pop-up at a site mean that that particular domain is somehow sponsoring that pop? Or does it mean that the scumware is targetting that domain for some other reason?

tickler · 2007-04-18, 06:41 PM

Maybe both, or maybe they are popping because of a sponsor link on the page.

Apparently Hoes isn't the only LL/TGP that it is happening on.

Until sponsors put in place backend checks for this shit, canning individual affiliates using it isn't going to accomplish much.

I believe there is a way for sponsors to get on an excluded list also, so perps can't send traffic to their sites, or use their trademarks/domains.

Remember these low lifes can even steal your typein/SERP traffic, thus causing you to payout to them, what should have been 100% profit signups.

walrus · 2007-04-18, 08:33 PM

Quote:

Originally Posted by Useless Warrior

Does a Zango pop-up at a site mean that that particular domain is somehow sponsoring that pop? Or does it mean that the scumware is targetting that domain for some other reason?

Anyone willing to pay the price can purchase keywords from them. So I could target my keywords for any domain and basicly redirect the traffic from them.

Useless · 2007-04-18, 09:34 PM

Quote:

Originally Posted by walrus

Anyone willing to pay the price can purchase keywords from them. So I could target my keywords for any domain and basicly redirect the traffic from them.

So basically, scumbags are purchasing popular free porn site names, like Hoes, Tommy's, etc, in order to steal their traffic through Zango infected browsers. And the surfers getting the pop-ups are going to naturally assume that it is Marc and/or Tommy producing those pops, since they appear at their sites. Fucking wonderful.

Any one of us could be falling victim to this type of keyword theft and we wouldn't even know it.

walrus · 2007-04-18, 10:35 PM

Quote:

Originally Posted by Useless Warrior

So basically, scumbags are purchasing popular free porn site names, like Hoes, Tommy's, etc, in order to steal their traffic through Zango infected browsers. And the surfers getting the pop-ups are going to naturally assume that it is Marc and/or Tommy producing those pops, since they appear at their sites. Fucking wonderful.

Any one of us could be falling victim to this type of keyword theft and we wouldn't even know it.

Yep and what is even worse....they are being trained that popups and crap is normal and something that you just got to live with rather than realizing some scum sucking dirtbag has infected their computers with something that could actually be very dangerous.

Or worse they actually buy into the "voluntary install" crap and actually believe that this is a service to them and not a huge disservice.

Jim · 2007-04-19, 07:50 AM

Quote:

Originally Posted by Useless Warrior

So basically, scumbags are purchasing popular free porn site names, like Hoes, Tommy's, etc, in order to steal their traffic through Zango infected browsers. And the surfers getting the pop-ups are going to naturally assume that it is Marc and/or Tommy producing those pops, since they appear at their sites. Fucking wonderful.

Any one of us could be falling victim to this type of keyword theft and we wouldn't even know it.

I never thought of using zango for buying free site keywords. And I don't think anyone is really doing that yet. Of course, I would imagine a free site keyword would still be cheap at this moment.

Just as an example, adwaresucks is getting about 180k unique visitors/month. And it doesn't seem to be dropping.

LowryBigwood · 2007-04-19, 08:35 AM

Sexsearch.com.. seems to be a big supporter of Zango traffic.

"Contact us let's make a deal... We'll sell you your stolen traffic back at a discount!" Good shit...

Am I correct on this thinking or am I way off base here? I am sometimes wrong....

Useless · 2007-04-19, 08:37 AM

Quote:

Originally Posted by Jim

I never thought of using zango for buying free site keywords. And I don't think anyone is really doing that yet. Of course, I would imagine a free site keyword would still be cheap at this moment.

I don't mean free sites as in the kind we submit to link lists. I meant BIG free porn link sites like Tommy's, Hoes, and the LOR. That zoo thread reported Zango pops on Hoes and Tommy's, which I assume means that some scumbag has purchased those domains as keywords.

Jim · 2007-04-19, 08:42 AM

That's what I mean too Useless. If you look at the pop ups, they are for different programs. If you were running the same programs, they would pop up on your sites too.

When I tested adwaresucks, I used link-o-rama with my machine infected to see how it worked. It wasn't a link-o-rama keyword that caused it...it was a sponsors program.

LowryBigwood · 2007-04-19, 08:43 AM

Quote:

Originally Posted by Useless Warrior

I don't mean free sites as in the kind we submit to link lists. I meant BIG free porn link sites like Tommy's, Hoes, and the LOR. That zoo thread reported Zango pops on Hoes and Tommy's, which I assume means that some scumbag has purchased those domains as keywords.

Yep, that's what I got out of that thread too UW. They are bidding on popular site names... And some are then selling that traffic back to us.

Jim · 2007-04-19, 08:47 AM

I think if someone does buy a keyword for a specific site, it would only work for a very short time. With Greenie using the htaccess file, zango users get redirected to adwaresucks. So, any link-o-rama keyword is worthless.

Jim · 2007-04-19, 08:57 AM

I just read the thread again and I think they are just using tommys and hoes for testing. I am surprised that they aren't using some sort of htaccess file to take care of that.

Jim · 2007-04-19, 09:01 AM

Oh yeah, if anyone is worried about their site being targeted, they can create an htaccess file here
http://adwaresucks.com/webmasters/
And since nobody makes a dime from adwaresucks, you can change the target site to anyplace you like. Or even create your own zango page on our server using css.

LowryBigwood · 2007-04-19, 09:19 AM

Quote:

Originally Posted by Jim

Oh yeah, if anyone is worried about their site being targeted, they can create an htaccess file here
http://adwaresucks.com/webmasters/
And since nobody makes a dime from adwaresucks, you can change the target site to anyplace you like. Or even create your own zango page on our server using css.

Thanks Jim.

Not that my site has been targeted or is big enough to become a target, but I have used your htaccess fix and now I won't worry.

Allfetish · 2007-05-03, 12:34 AM

Here are some more about people using this stuff:

http://www.gofuckyourself.com/showthread.php?t=728914

Note this:

http://www.sophos.com/security/analyses/trojzlobpe.html

Quote:

Troj/Zlob-PE may scan the computer for recent access to the following websites:

bbs.gofuckyourself.net
greenguysboard.com
bigboynetwork.com
bbs.mediumpimpin.com
tgpalliance.com
crutop.nu
master-x.com
bbs.adultwebmasterinfo.com
gaywebmasterchat.com
webmastersarea.com
netpond.com
pornresource.com
cozyfrog.com
foogie.com
adultchamber.com
ynotmasters.com
ynotbob.com
pornstarkings.com
extremebullshit.com
peppersboard.com
gaymarketforum.com
askdamagex.com
forum.krawl.com
krawl.biz
videoscash.com
tgpalliance.com
jmbsoft.com
germesia.com
gallerytrafficservice.com
gaytraffic.nl
gfy.com
gofuckyourself.com
videosboard.com
thinkreel.com
boards.xbiz.com

Interesting, no ? As the GFY poster asks, why do you think they are checking to see if you visited boards like GreenGuyandJim.com ?

Allfetish · 2007-05-03, 12:46 AM

Looking into these counter measures in Dealing with Zango (via .htaccess), can't they simply cloak the user agent to avoid this in future versions?

It is a good idea what you are doing and it is great that it works for now, but I don't think this defense will hold for long. If I can think up this simple way to get around it, I'm sure the team of programmers they undoubtedly have could too.

tickler · 2007-05-03, 06:47 PM

Hey Jim:

Did you catch this site mentioned by Adam from Wild Cash?
http://stopbadware.org/

You might want to hook him up with
http://adwaresucks.com/

Bobc01 · 2007-05-03, 07:39 PM

How come these fuckwits are allowed to get away with it?

I've noticed flashcash sites using AFF in an exit console, seems unusual to me so is that part of all this?

2007-04-18, 01:31 PM	#1
tickler If there is nobody out there, that's a lot of real estate going to waste! Join Date: Dec 2003 Posts: 2,177	Bunch of new thiefware testing 4 U A guy at the zoo is running a bunch of sponsor tests on an infected machine. http://www.gfy.com/showthread.php?t=722960 attn: Hoes.com This post show something happening on your site http://www.gfy.com/showpost.php?p=12236585&postcount=39 __________________ Latina Twins, Solo, NN, Hardcore Latin Teen Cash

2007-04-18, 05:25 PM	#2
Useless Certified Nice Person Join Date: Oct 2003 Location: Dirty Undies, NY Posts: 11,268	Does a Zango pop-up at a site mean that that particular domain is somehow sponsoring that pop? Or does it mean that the scumware is targetting that domain for some other reason? __________________ Click here to purchase a bridge I'm selling.

2007-04-18, 06:41 PM	#3
tickler If there is nobody out there, that's a lot of real estate going to waste! Join Date: Dec 2003 Posts: 2,177	Maybe both, or maybe they are popping because of a sponsor link on the page. Apparently Hoes isn't the only LL/TGP that it is happening on. Until sponsors put in place backend checks for this shit, canning individual affiliates using it isn't going to accomplish much. I believe there is a way for sponsors to get on an excluded list also, so perps can't send traffic to their sites, or use their trademarks/domains. Remember these low lifes can even steal your typein/SERP traffic, thus causing you to payout to them, what should have been 100% profit signups. __________________ Latina Twins, Solo, NN, Hardcore Latin Teen Cash

2007-04-19, 08:35 AM	#8
LowryBigwood Don't get discouraged; it's usually the last key that opens the lock... Join Date: Aug 2003 Location: Dallas, Tx Posts: 1,203	Sexsearch.com.. seems to be a big supporter of Zango traffic. "Contact us let's make a deal... We'll sell you your stolen traffic back at a discount!" Good shit... Am I correct on this thinking or am I way off base here? I am sometimes wrong.... __________________ Free Porn Buddy \| Porn Buddy Blog

2007-05-03, 06:47 PM	#18
tickler If there is nobody out there, that's a lot of real estate going to waste! Join Date: Dec 2003 Posts: 2,177	Hey Jim: Did you catch this site mentioned by Adam from Wild Cash? http://stopbadware.org/ You might want to hook him up with http://adwaresucks.com/ __________________ Latina Twins, Solo, NN, Hardcore Latin Teen Cash

2007-04-19, 08:42 AM	#10
Jim Banned Join Date: Aug 2003 Location: Mohawk, New York Posts: 19,477	That's what I mean too Useless. If you look at the pop ups, they are for different programs. If you were running the same programs, they would pop up on your sites too. When I tested adwaresucks, I used link-o-rama with my machine infected to see how it worked. It wasn't a link-o-rama keyword that caused it...it was a sponsors program.

2007-04-19, 08:47 AM	#12
Jim Banned Join Date: Aug 2003 Location: Mohawk, New York Posts: 19,477	I think if someone does buy a keyword for a specific site, it would only work for a very short time. With Greenie using the htaccess file, zango users get redirected to adwaresucks. So, any link-o-rama keyword is worthless.

2007-04-19, 08:57 AM	#13
Jim Banned Join Date: Aug 2003 Location: Mohawk, New York Posts: 19,477	I just read the thread again and I think they are just using tommys and hoes for testing. I am surprised that they aren't using some sort of htaccess file to take care of that.

2007-04-19, 09:01 AM	#14
Jim Banned Join Date: Aug 2003 Location: Mohawk, New York Posts: 19,477	Oh yeah, if anyone is worried about their site being targeted, they can create an htaccess file here http://adwaresucks.com/webmasters/ And since nobody makes a dime from adwaresucks, you can change the target site to anyplace you like. Or even create your own zango page on our server using css.

2007-05-03, 12:46 AM	#17
Allfetish If you really need money, you can sell your kidney or even your car Join Date: Mar 2005 Posts: 373	Looking into these counter measures in Dealing with Zango (via .htaccess), can't they simply cloak the user agent to avoid this in future versions? It is a good idea what you are doing and it is great that it works for now, but I don't think this defense will hold for long. If I can think up this simple way to get around it, I'm sure the team of programmers they undoubtedly have could too.

2007-05-03, 07:39 PM	#19
Bobc01 Banned Join Date: Apr 2007 Location: Hell Posts: 817	How come these fuckwits are allowed to get away with it? I've noticed flashcash sites using AFF in an exit console, seems unusual to me so is that part of all this?