Monthly Archives: January 2008

Video Tutorial: Finding the Web Host

Posted on by
Reply

anti spam

Several days ago, we reported a fake online shoe store called Prestige Footwear, which involves more than a dozen domains. Most of them are now dead. Where is it hosted? Our investigations revealed that some of the websites are/were hosted in China. Others are/were hosted at a possibly hacked website.

This tutorial is a video demonstration of the steps we took to find the web hosting companies involved with the fake online shoe store. Those steps are described in our report of January 27 concerning Prestige Footwear. This video tutorial is open to users of any operating system as long as they have access to Internet and a web browser. Continue reading

Introduction to VisualWare’s VisualRoute (MAC): Finding the Hosts of FOOTBALLYEARS.NET And HEIGHTGROWTHSHOES.COM

Posted on by
Reply

VisualRoute 2008 Business Apple Network Utilites

MacHouse is a big advocate of taking a tough action against those sponsor websites where they hire career spammers to post spam comments to increase traffic, which we call spam vandalism. A simple measure to take is to find the host of such sponsor website. If you can find it, then you can file a complaint and have the website shut down. In fact, a career spammer did some damage on our own SMF website around January 21. In this particular case, the sponsors are footballyears.net and heightgrowthshoes.com.

Of course, there is no guarantee that the web hosting company will comply with your request. But what? Would you rather sit back and play defense whenever the same career spammer comes back to cause trouble? Continue reading

HQCODECVIP1355.DMG Containing Trojan (OSX/RSPlug-Gen)

Posted on by
Reply

anti spam






TOKYO (MacHouse) – In the last article hosted at our SEO/Web Safety blog, we mentioned a disc image which we suspected contains a Trojan virus targeting Mac users. We sent this file, hqcodecvip1355.dmg, to security expert Sophos for a review. And they have confirmed to us that this disc image contains a Trojan’s derivative called ‘OSX/RSPlug-Gen.’ According to Sophos, it’s described as a malicious program which is designed to modify “the computer’s network settings,” “potentially causing the user’s web traffic to be redirected to malicious sites.” It’s also known as DNS Changer Trojan. hqcodecvip1355.dmg contains a DNS Changer Trojan that specifically targets Mac users. And there is another file from hqcodecvip.com. The file name is hqcodecvip1000.dmg. It’s possible that this file is also infected.

We appreciate Sophos for their quick response and for their finding.






Click on the button for more information on this Trojan virus. VTC

Multiple Hacked Websites and Possible Trojan Attack Targeting Mac Users

Posted on by
Reply

anti spam

TOKYO (MacHouse) – One of the scrap comments circulated by a spam terrorist whose IP address is shown as 90.156.169.211 is something that we could have easily missed. But we didn’t. In fact, all the four forwarding links except the last one are insignificant. (See Screenshot 01.) And the last forwarding link would lead Internet users all the way to a porn website where a possible trojan attack awaits them. Continue reading