New Virus/Trojan Technique? | Cakewalk Forums

Join us now!

Username
Password
Verification
	Stay logged in

Forgot Your Password? Forgot your Username? Haven't received registration validation E-mail?

User Control Panel Log out

Forums
Posts

Latest Posts

Active Posts

Recently Visited

Search Results

View More
Blog

Recent Blog Posts

View More
Photos

Recent Photos

My Favorites

View More Photo Galleries
PMs

Unread PMs

Inbox

Send New PM View More
Page Extras
Menu
- Forum Themes

Cakewalk
- Products
- Support

Mark Thread UnreadFlat Reading Mode ❐

New Virus/Trojan Technique?

Author Post Essentials Only Full Version
Joe Bravo Max Output Level: -56.5 dBFS Total Posts : 1870 Joined: 2004/01/27 14:43:37 Status: offline 2007/02/08 10:29:09 (permalink) New Virus/Trojan Technique? I was wondering if some of you guys that have space on a web server have noticed this happening too. For the past month, at least once or twice per week, when I view my server stats I'll find what apears to be a new link to one of my web pages from a website that I've never heard of before, and when I put their url into my browser window and try to go there, all I'll get is a blank web page with the words: SERVER ERROR. Nothing else whatsoever. If I try to view the source file it says the same thing and nothing else, no head or body tags ... nothing. The latest link I got was today from (DON'T CLICK ON THIS!): http://www.cjrz.com The Whois record for this domain reads: Registrant: cjrz.com 7328 East Hartman Dr. Wichita Falls, TX 76302 US Domain name: CJRZ.COM Administrative Contact: Robers, Ophelia 7328 East Hartman Dr. Wichita Falls, TX 76302 US +1.9408573433 Fax: +1.9408573982 Technical Contact: Robers, Ophelia 7328 East Hartman Dr. Wichita Falls, TX 76302 US +1.9408573433 Fax: +1.9408573982 Registration Service Provider: iPowerWeb, 888 511 4678 602-307-5438 (fax) http://IPOWER.com This company may be contacted for domain login/passwords, DNS/Nameserver changes, and general domain support questions. Registrar of Record: TUCOWS, INC. Record last updated on 04-Feb-2007. Record expires on 27-Jan-2008. Record created on 27-Jan-2007. Domain servers in listed order: NS2.HOSTMONSTER.COM 70.98.111.2 NS1.HOSTMONSTER.COM 70.98.54.2 Domain status: clientTransferProhibited clientUpdateProhibited I tried googling "Robers, Ophelia" and "Ophelia Robers", neither of which turned up anything. I used reverse phone number lookups for their contact number: (940) 857-3433, and it came up as not existing as a business or personal number either one. I got a couple of trojans over the past couple of weeks and couldn't figure out where they came from. I'm wondering if this is a new sort of fishing idea someone had, in that, they figure that if you see someone linking to your web site, that you'll do exactly what I did, which is to go the url that's linking to you, and that there's a trojan waiting for you when you click on their web page? Anybody familiar with this? #1 6 Replies Related Threads
scook Forum Host Total Posts : 24146 Joined: 2005/07/27 13:43:57 Location: TX Status: offline RE: New Virus/Trojan Technique? 2007/02/08 10:41:59 (permalink) FYI, the street address looks bogus too. There is no East Hartman Drive in Wichita Falls, there is an East Hatton Drive. #2
Joe Bravo Max Output Level: -56.5 dBFS Total Posts : 1870 Joined: 2004/01/27 14:43:37 Status: offline RE: New Virus/Trojan Technique? 2007/02/08 10:49:20 (permalink) Umm... figures. #3
Kicker Max Output Level: -81 dBFS Total Posts : 477 Joined: 2004/06/08 23:31:37 Location: Amherst, MA Status: offline RE: New Virus/Trojan Technique? 2007/02/08 18:07:04 (permalink) Joe, The server logs may not be reporting the complete web address of the page that contains the link. It may only show you the domain. Somewhere in that domain there is probably a page with tons of links to all sorts of web sites. It's a common technique to generate traffic. The server error that you see from the root address means that the web server can't process the default page. The page that you receive that says Server Error is harmless. If there's nothing in the source file, then there's nothing to worry about. #4
Joe Bravo Max Output Level: -56.5 dBFS Total Posts : 1870 Joined: 2004/01/27 14:43:37 Status: offline RE: New Virus/Trojan Technique? 2007/02/08 19:42:23 (permalink) I don't know, I've never done it before but, I think you can make the source say anything and be completely different from what shows on the web page, or you can make it not show anything at all (many do). Now the strange thing is, that their domain was due to expire a couple of days ago, so they must have been around for a while, yet there's not one cached page at google with cjrz.com in the web address. But you will find over 500 pages listed that are entirely (well I only looked at a few dozen so I'm assuming) nothing but pages showing web stats and their name (cjrz.com) keeps coming up as a referrer ... just like with me. Also, their supposed to be based in Texas but their web host is located in Utah. It's really strange. I understand what you're saying about them having a links page to generate traffic; I see that all the time, but I don't understand why they don't have a single page cached at Google when they must have been around for at least a year. How do you generate those links pages without it showing up in a search engine somewhere? The only way I can think of is to use Flash (or JavaScript). That could be a big pain to make a page full of links like that though. But I'm fairly sure now that their page(s) isn't carrying any trojans etc. I've gotten on their web page a couple of times between last night and today and AVG didn't find anything when I scanned just now. So, false alarm I guess. Just call me Chicken Little. But I'm 6'5" so at least I'm no Little Chicken. post edited by Joe Bravo - 2007/02/08 20:20:26 #5
altima_boy_2001 Max Output Level: -55 dBFS Total Posts : 2033 Joined: 2005/11/04 17:48:01 Location: Central Iowa Status: offline RE: New Virus/Trojan Technique? 2007/02/08 20:04:59 (permalink) ORIGINAL: Joe Bravo I understand what you're saying about them having a links page to generate traffic; I see that all the time, but I don't understand why they don't have a single page cached at Google when they must have been around for at least a year. How do you generate those links pages without it showing up in a search engine somewhere? The only way I can think of is to use Flash (or JavaScript). That could be a big pain to make a page full of links like that though. Appropriately configured robots.txt in the root of the domain will alter what bots will access from your site. Corporate written bots will follow this standard in general because they might face liability if they don't. You can request google to not cache anything from your domain also so I would assume that other engines have the same ability. #6
d_in_conduct Max Output Level: -86 dBFS Total Posts : 226 Joined: 2004/03/03 19:05:03 Status: offline RE: New Virus/Trojan Technique? 2007/02/08 22:27:12 (permalink) I had a lot of changes to web pages that were created with a certain PhotoShop Web Photo Gallery script. All the other scripts seem to be holding on okay, but with that one script I would get links to warez inserted onto my page. Since I keep a master copy of everything on the ground, I could just delete from the site and upload new... created with a different script. There must be bots that look for specific codes. ------------------------------------------------ All your base are belong to us... #7

Jump to:

© 2024 APG vNext Commercial Version 5.1