SpyDawn Rises As Newest Rogue Antispyware Program
SpyDawn has been reported by Bleeping computer as the newest fake antispyware program. Removal instructions have been posted as well as screen shots, including the pop up warning by the clock. The web page spydawn.com should be added to all the security black lists soon.
Here is the spydawn.com domain information. IP location is in the Ukraine with Inhoster Hosting company. The domain is registered through Estdomains. Both bad signs.
Registration Service Provided By: ESTDOMAINS INC
Contact: +1.3027224217
Website: http://www.estdomains.com
Domain Name: SPYDAWN.COM
Registrant:
ODS ltd
Robyn Turner turnrobyn@gmail.com
Level 11 Toowong Tower
9 Sherwood Road
Toowong
null,Qld 4006
AU
Tel. +61.38761200
Creation Date: 12-Nov-2006
Expiration Date: 12-Nov-2007
Domain servers in listed order:
ns3.dragracers.biz
ns2.dragracers.biz
ns1.dragracers.biz
Administrative Contact:
ODS ltd
Robyn Turner turnrobyn@gmail.com
Level 11 Toowong Tower
9 Sherwood Road
Toowong
null,Qld 4006
AU
Tel. +61.38761200
Technical Contact:
ODS ltd
Robyn Turner
Level 11 Toowong Tower
9 Sherwood Road
Toowong
null,Qld 4006
AU
Tel. +61.38761200
Billing Contact:
ODS ltd
Robyn Turner
Level 11 Toowong Tower
9 Sherwood Road
Toowong
null,Qld 4006
AU
Tel. +61.38761200
Status:ACTIVE
2 comments:
Spydawn is downloaded through fake Myspace profiles used by the following domain:
Domain Name: VIEWPROTECTP.COM
Registrar: ONLINENIC, INC.
Registrant:
Said Mahmod abdulla@abdulla.cc +96.485743234
Said Mahmod inc.
Gavi-ayesh 34 21
Reeayad,Reeayad,PALESTINIAN TERRITORY, OCCUPIED 7849343
Domain Name:viewprotectp.com
Record last updated at 2007-03-23 13:07:13
Record created on 2007/3/23
Record expired on 2008/3/23
Domain servers in listed order:
ns1.palestine-dns.org ns2.palestine-dns.org
Administrator:
Gavi-ayesh 34 21
Reeayad
Reeayad,
PALESTINIAN TERRITORY, OCCUPIED
7849343
name:(Said Mahmod)
mail:(abdulla@abdulla.cc) +96.485743234
Said Mahmod inc.
Technical Contactor:
Gavi-ayesh 34 21
Reeayad
Reeayad,
PALESTINIAN TERRITORY, OCCUPIED
7849343
name:(Said Mahmod)
mail:(abdulla@abdulla.cc) +96.485743234
Said Mahmod inc.
Billing Contactor:
Gavi-ayesh 34 21
Reeayad
Reeayad,
PALESTINIAN TERRITORY, OCCUPIED
7849343
name:(Said Mahmod)
mail:(abdulla@abdulla.cc) +96.485743234
Said Mahmod inc.
Registration Service Provider:
name: Rustelekom Ltd.
tel: +1.8666254678
fax: +1.9782465632
web:http://nameservers.ru
The previous information has been obtained either directly from the registrant or a registrar of the domain name other than Network Solutions. Network Solutions, therefore, does not guarantee its accuracy or completeness.
Show underlying registry data for this record
Current Registrar: ONLINENIC, INC.
IP Address: 58.65.239.252 (ARIN & RIPE IP search)
IP Location: HK(HONG KONG)
Lock Status: ok
DMOZ no listings
Y! Directory: see listings
Data as of: 14-Jun-2005
Domain Name: VIEWPROTECTP.COM
Registrar: ONLINENIC, INC.
Whois Server: whois.OnlineNIC.com
Referral URL: http://www.OnlineNIC.com
Name Server: NS1.PALESTINE-DNS.ORG
Name Server: NS2.PALESTINE-DNS.ORG
Status: ok
Updated Date: 23-mar-2007
Creation Date: 23-mar-2007
Expiration Date: 23-mar-2008
Fake MySpace Profile Warning
Re: SpyDawn
There are many fake profiles on MySpace; some are fun but some are really bad. This is not a joke! View every friend request you receive and look for an all blue screen that reads “This site contains adult content. Click here to install MSViewer.” If you click it you will download software containing a fake virus alert icon for your desktop plus a bunch of re-loadable Trojan viruses. You will receive messages to download spyware removal software that will further attack your computer. The attack software is called SpyDawn (Google it); the web site that contains the software download has a listed owner of :
Said Mahmod abdull
Said Mahmod inc.
Gavi-ayesh 34 21
Reeayad,Reeayad,PALESTINIAN TERRITORY, OCCUPIED 7849343
His listed email is abdulla@abdulla.cc
Listed contact number is +96.485743234
This is what the fake profile will look like. Do not click on it!
I have place a photo of what the fake profile looks like at the link below:
http://www.clubndance.com/pics/Fakeprofile.jpg
Registrant:
Said Mahmod abdulla@abdulla.cc +96.485743234
Said Mahmod inc.
Gavi-ayesh 34 21
Reeayad,Reeayad,PALESTINIAN TERRITORY, OCCUPIED 7849343
Domain Name:viewprotectp.com
Record last updated at 2007-03-23 13:07:13
Record created on 2007/3/23
Record expired on 2008/3/23
Domain servers in listed order:
ns1.palestine-dns.org ns2.palestine-dns.org
Administrator:
Gavi-ayesh 34 21
Reeayad
Reeayad,
PALESTINIAN TERRITORY, OCCUPIED
7849343
name:(Said Mahmod)
mail:(abdulla@abdulla.cc) +96.485743234
Said Mahmod inc.
Technical Contactor:
Gavi-ayesh 34 21
Reeayad
Reeayad,
PALESTINIAN TERRITORY, OCCUPIED
7849343
name:(Said Mahmod)
mail:(abdulla@abdulla.cc) +96.485743234
Said Mahmod inc.
Billing Contactor:
Gavi-ayesh 34 21
Reeayad
Reeayad,
PALESTINIAN TERRITORY, OCCUPIED
7849343
name:(Said Mahmod)
mail:(abdulla@abdulla.cc) +96.485743234
Said Mahmod inc.
Registration Service Provider:
name: Rustelekom Ltd.
tel: +1.8666254678
fax: +1.9782465632
web:http://nameservers.ru
The previous information has been obtained either directly from the registrant or a registrar of the domain name other than Network Solutions. Network Solutions, therefore, does not guarantee its accuracy or completeness.
Show underlying registry data for this record
Current Registrar: ONLINENIC, INC.
IP Address: 58.65.239.252 (ARIN & RIPE IP search)
IP Location: HK(HONG KONG)
Lock Status: ok
DMOZ no listings
Y! Directory: see listings
Data as of: 14-Jun-2005
Domain Name: VIEWPROTECTP.COM
Registrar: ONLINENIC, INC.
Whois Server: whois.OnlineNIC.com
Referral URL: http://www.OnlineNIC.com
Name Server: NS1.PALESTINE-DNS.ORG
Name Server: NS2.PALESTINE-DNS.ORG
Status: ok
Updated Date: 23-mar-2007
Creation Date: 23-mar-2007
Expiration Date: 23-mar-2008
Post a Comment