|
Written by Matt Jonkman
|
|
Saturday, 26 January 2008 |
|
www.theinstalls.net
Used to be that the spyware crud would install a bunch of different packages that the author had become an affiliate for. Well, service has moved to a new level. theinstalls.net appears to handle all that for you. Just install their crap and they'll serve all the other affiliate program binaries. One stop fraud!
And you get a 100 dollar bonus after your first 10k US installs. Can't beat that!
Sigs out for it.
#horrendous multi-install service at theinstalls.com
alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET MALWARE Theinstalls.com Initial Checkin"; flow:established,to_server; uricontent:"/plist.php?uid="; content:"|0d 0a|Host\: "; content:"theinstalls.com|0d 0a|"; within:23; classtype:trojan-activity; reference:url,www.theinstalls.com; sid:2007788; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET MALWARE Theinstalls.com Trojan Download"; flow:established,to_server; uricontent:"/files/programs/"; content:"|0d 0a|Host\: "; content:"theinstalls.com|0d 0a|"; within:23; classtype:trojan-activity; reference:url,www.theinstalls.com; sid:2007798; rev:1;) Just reminds me that there's no limit to human greed and our ability to inflict losses on others for our own profit. Happy Saturday! |
|
Last Updated ( Sunday, 03 February 2008 )
|
