Re: what would cause this ??

"DrZaius" wrote:

supposedly, this person thinks someone they met
online, deliberately aimed the attack at one specific
machine (hers).

How so? It's just a link; there's no obligation to click it. And even
if you do, Windows won't directly run the executable but will first
ask what to do with it if subsequently, the scripted dialog on the
page was clicked.

is there a way to find out who the site belongs to?
i tried the usual methods, but came up short.

The standard way is to use 'whois' but Windows doesn't have that
application by default. There are several websites where you can do
a whois lookup.

In any case, that was just the first link in the chain. there are a
few domains and hosts involved before you get to the malware.

sajpj.eaqcfmc.cn (the host for the original link) -> runs a script at:
goodnserver.info -> loads a page at:
mystats.name -> redirects to:
themymoviessite.com -> loads the malware execuable from:
videowebsoft.com

The domain eaqcfmc.cn is registered in China. I can't tell which
registry because the name is in Chinese. sajpj.eaqcfmc.cn has IP
address 217.20.112.28 which I find belongs to netdirekt in Germany.

goodnserver.info is registered through EstDomains (Estonia) and its
IP (217.20.113.27) also belongs to netdirekt.

mystats.name gives no useful info about the registry or registrant but
its hosted by 'Beyond The Network America' in the US at IP address
205.177.122.130.

themymoviessite.com and videowebsoft.com are both registered through
EstDomains and share the IP address 81.29.249.27. This is hosted by
'LLC GlobalWholesaleTrade' in Moscow, Russia.

All the EstDomains registrant (domain owner) details are unavailable.
Looking at the providers and countries here, I wouldn't count on fast
action in taking anything offline but you may be lucky.


.

Relevant Pages

  • Re: Different Approaches to Saving settings: Which is better?
    ... Everything that affects the computer and belongs to that Registry, ... Everything that belongs to the application would in my opinion be set in the ... I need to have the properties of these windows to stay when the ... up so that it reads and writes from an xml file to handle all this. ...
    (microsoft.public.dotnet.languages.vb)
  • RE: process in memory
    ... > Does anyone know what ZBu.exe belongs to? ... I get this resident in memory and ... > I see it in the registry but I don't see any need for it. ...
    (microsoft.public.windowsxp.general)
  • Error control when accessing the Registry
    ... Let me start by saying that I'm not certain whether this belongs ... here, in this notes group, or another more developmentally ... data in the registry - no big thing, I've got all that code written ...
    (microsoft.public.dotnet.languages.vb)
  • Re: Error control when accessing the Registry
    ... Let me start by saying that I'm not certain whether this belongs ... here, in this notes group, or another more developmentally ... data in the registry - no big thing, I've got all that code written ...
    (microsoft.public.dotnet.languages.vb)