Botnet startup

[i am watching you]

Hi

This is the start of a botnet :

http://pugzksrvgf.happyhost.org/

There are hundreds of pages on that one site, with every word, which will turn into Comment Spam with links; which in turn will be used for phishing.

http://au.search.yahoo.com/search?p=...t-501&ei=UTF-8

Only started a few hours ago, so as of now there are only 18 listings, this can and sometimes does turn into thousands of listings.

[i am watching you]

Hi

I have found this co in the past to be very frustrating at shutting down phishing/botnet sites, they host. I tried for a year with hundreds of sites and they never replied !

happyhost.org

74.52.83.82
Record Type: IP Address

OrgName: ThePlanet.com Internet Services, Inc.
OrgID: TPCM
Address: 315 Capitol
Address: Suite 205
City: Houston
StateProv: TX
PostalCode: 77002
Country: US

[Dick H Box]

http://pugzksrvgf.happyhost.org/ has now, (15/10/09) been taken down. "happyhost" has a WOT Red flag.

[Dick H Box]

From my connection the URL
http://pugzksrvgf.happyhost.org/
points to:
http://yourseekinfo.com/index.php?pa...+grow+rosemary

Refreshing just reloads the same page. It was redirecting to www.videojug.com/
landing on a different page each time, but now I just get 'yourseekinfo.com/index', & there it stops. The trail has disappeared from my end.

[i am watching you]

One of hundreds of fake listings the seekinfo site lists ( all being fake )

Domain name: spyware-remover-free.com

dministrative Contact:
Name: domain owner
Organization: n/a
Address: Engelenburg 44
City: Haarlem
Province/state: HAARLEM
Country: NL
Postal Code: 2036
Phone: +31.543581388
Fax: +31.543581388
Email: [robertsimonkroon@gmail.com]

Nameserver Information:
ns1.privacy-software.info
ns2.privacy-software.info

Create: 2009-10-14 16:23:40
Update: 2009-10-14

Name Server details:

Domain Name:PRIVACY-SOFTWARE.INFO
Created On:30-Jul-2009 19:09:52 UTC
Last Updated On:05-Oct-2009 17:43:48 UTC
Expiration Date:30-Jul-2010 19:09:52 UTC
Sponsoring Registrar:Todaynic.com, Inc. (R285-LRMS)
Status:CLIENT TRANSFER PROHIBITED
Registrant ID:TOD-41553757
Registrant Name:Privacy Software INC
Registrant Organization:Privacy Software INC
Registrant Street1:Hanckemaborg 21
Registrant Street2:
Registrant Street3:
Registrant City:Groningen
Registrant State/Province:GRONINGEN
Registrant Postal Code:9722
Registrant Country:NL
Registrant Phone:+31.543581320
Registrant Phone Ext.:
Registrant FAX:+31.543581320
Registrant FAX Ext.:
Registrant Email: [michaeltycoon@gmail.com]

[i am watching you]

Some more of his Portfolio of fake spyware:

free-spyware-cleaner .com - 212.117.160.18 -
Email: [robertsimonkroon@gmail.com]
free-spyware-checker .org - Email: [robertsimonkroon@gmail.com]
fast-spyware-cleaner .org - Email: [robertsimonkroon@gmail.com]
clean-pc-now .org - Email: [robertsimonkroon@gmail.com]
spyware-scaner .com - Email: [robertsimonkroon@gmail.com]
free-spyware-cleaner .com - Email: [robertsimonkroon@gmail.com]
free-tube-orgasm .net - Email: [robertsimonkroon@gmail.com]
free-spyware-cleaner .net - Email: [robertsimonkroon@gmail.com]
clean-pc-now .net - Email: [robertsimonkroon@gmail.com]
spyware-killer .biz - Email: [robertsimonkroon@gmail.com]


Sampled malware phones back to od32qjx6meqos .cn/ua.php, more phone back locations are also parked there:

0ni9o1s3feu60 .cn - 220.196.59.23 - Email: robertsimonkroon@gmail.com
mf6gy4lj79ny5 .cn - Email: robertsimonkroon@gmail.com
84u9wb2hsh4p6 .cn - Email: robertsimonkroon@gmail.com
7bs5nfzfkp8q8 .cn - Email: robertsimonkroon@gmail.com
kt4lwumfhjb7a .cn - Email: robertsimonkroon@gmail.com
q2bf0fzvjb5ca .cn - Email: robertsimonkroon@gmail.com
rncocnspr44va .cn - Email: robertsimonkroon@gmail.com
t1eayoft9226b .cn - Email: robertsimonkroon@gmail.com
4go4i9n76ttwd .cn - Email: robertsimonkroon@gmail.com
kzvi4iiutr11e .cn - Email: robertsimonkroon@gmail.com
hxc7jitg7k57e .cn - Email: robertsimonkroon@gmail.com
mt3pvkfmpi7de .cn - Email: robertsimonkroon@gmail.com
fyivbrl3b0dyf .cn - Email: robertsimonkroon@gmail.com
z6ailnvi94jgg .cn - Email: robertsimonkroon@gmail.com
p7keflvui9fkl .cn - Email: robertsimonkroon@gmail.com
f1uq1dfi3qkcm .cn - Email: robertsimonkroon@gmail.com
p0umob9k2g7mp .cn - Email: robertsimonkroon@gmail.com
7zju2l82i2zhz .cn - Email: robertsimonkroon@gmail.com

clean-pc-now .net - 94.75.233.162 - Email: [robertsimonkroon@gmail.com]
fast-spyware-cleaner .org - Email: [robertsimonkroon@gmail.com]
spyware-scaner .com - Email: [robertsimonkroon@gmail.com]
scan-pc-now .com - Email: [robertsimonkroon@gmail.com]
free-tube-porn .biz - Email: [robertsimonkroon@gmail.com]
spyware-killer .biz - Email: [robertsimonkroon@gmail.com]

[i am watching you]

His Trojans:

mf6gy4lj79ny5.cn
220.196.59.23
Trojan
Robert Kroon / [robertsimonkroon@gmail.com]
2009-06-10
details
t1eayoft9226b.cn
220.196.59.23
Trojan
Robert Kroon / [robertsimonkroon@gmail.com]
2009-06-15
details
kzvi4iiutr11e.cn
220.196.59.23
Trojan
[robertsimonkroon@gmail.com]
2009-06-18
details
7zju2l82i2zhz.cn
220.196.59.23
Trojan
Robert Kroon / [robertsimonkroon@gmail.com
2009-07-09
details
f1uq1dfi3qkcm.cn
220.196.59.23
Trojan
Robert Kroon / [robertsimonkroon@gmail.com]
2009-07-09
details
hxc7jitg7k57e.cn
220.196.59.23
Trojan
Robert Kroon / [robertsimonkroon@gmail.com]
2009-07-09
details
rncocnspr44va.cn
220.196.59.23
Trojan
Robert Kroon / [robertsimonkroon@gmail.com]
2009-07-09
details
4go4i9n76ttwd.cn
220.196.59.23
Trojan
Robert Kroon / [robertsimonkroon@gmail.com]
2009-07-09
details
kt4lwumfhjb7a.cn
220.196.59.23
Trojan
Robert Kroon / [robertsimonkroon@gmail.com]
2009-07-09
details
z6ailnvi94jgg.cn
220.196.59.23
Trojan
Robert Kroon / [robertsimonkroon@gmail.com]
2009-07-09
details
7bs5nfzfkp8q8.cn
220.196.59.23
Trojan
Robert Kroon / robertsimonkroon@gmail.com
2009-07-11
details
84u9wb2hsh4p6.cn
220.196.59.23
Trojan
Robert Kroon / robertsimonkroon@gmail.com
2009-07-12
details
fyivbrl3b0dyf.cn
220.196.59.23
Trojan
Robert Kroon / robertsimonkroon@gmail.com
2009-07-13
details
p0umob9k2g7mp.cn
220.196.59.23
Trojan
Robert Kroon / robertsimonkroon@gmail.com
2009-07-15
details
mt3pvkfmpi7de.cn
220.196.59.23
Trojan
Robert Kroon / robertsimonkroon@gmail.com
2009-07-18
details
p7keflvui9fkl.cn
220.196.59.23
Trojan
Robert Kroon / robertsimonkroon@gmail.com
2009-07-20
details
q2bf0fzvjb5ca.cn
220.196.59.23
Trojan
Robert Kroon / robertsimonkroon@gmail.com
2009-07-21
details
0ni9o1s3feu60.cn
220.196.59.23
Trojan
Robert Kroon / robertsimonkroon@gmail.com
2009-07-22
details
7mx1z5jq0nt3o.cn
220.196.59.23
Trojan
Robert Kroon / robertsimonkroon@gmail.com
2009-07-22
details
7cib5fzf462g8.cn
220.196.59.23
Trojan
Robert Kroon / robertsimonkroon@gmail.com
2009-07-24
details
3uxyctrlmiqeo.cn
220.196.59.23
Trojan
Robert Kroon / robertsimonkroon@gmail.com
2009-07-27
details
bnfdxhae1rgey.cn

220.196.59.23
Trojan
Robert Kroon / robertsimonkroon@gmail.com
2009-07-29
details
hsdqhuy921c08.cn

220.196.59.23
Trojan
Robert Kroon / robertsimonkroon@gmail.com
2009-07-29
details
6j5aq93iu7yv4.cn
220.196.59.23

Trojan / Rogue Antivirus
Robert Kroon / robertsimonkroon@gmail.com
2009-07-31
details
6pj2h8rqkhfw7.cn
220.196.59.23

Trojan
Robert Kroon / robertsimonkroon@gmail.com
2009-08-02
details
fb7pxcqyb45oe.cn
220.196.59.23

Trojan / Rogue Antivirus
Robert Kroon / robertsimonkroon@gmail.com
2009-08-04
details
mfbj6pquvjv8e.cn
220.196.59.23

Trojan / Rogue Antivirus
Robert Kroon / [robertsimonkroon@gmail.com]
2009-08-05
details
gjpwsc5p7oe3m.cn
220.196.59.23

Trojan / Rogue Antivirus
Robert Kroon / [robertsimonkroon@gmail.com]
2009-08-08
details
od32qjx6meqos.cn
220.196.59.23

Trojan / Rogue Antivirus
Robert Kroon / [robertsimonkroon@gmail.com]
2009-08-12
details
220.196.59.23
220.196.59.23
Trojan

Trojan / Rogue Antivirus
Robert Kroon / [robertsimonkroon@gmail.com]
2009-09-02
details

[i am watching you]

free-tube-porn.info
95.211.27.166
hosted-by.leaseweb.com Directs to Trojan
Robert Kroon / robertsimonkroon@gmail.com
2009-07-31
details


porn-tube-for-free.org
95.211.27.166
hosted-by.leaseweb.com Directs to Trojan
Robert Kroon / robertsimonkroon@gmail.com
2009-08-09
details


world-tube-free.info
95.211.27.166
hosted-by.leaseweb.com Directs to Trojan
Robert Kroon / robertsimonkroon@gmail.com
2009-08-13
details


world-tube-free.biz
95.211.27.166
hosted-by.leaseweb.com Directs to Trojan
Robert Kroon / robertsimonkroon@gmail.com
2009-08-14
details


malware-scanner.net
95.211.27.166
hosted-by.leaseweb.com Fake scanner page / Directs to Trojan
domain owner / robertsimonkroon@gmail.com
2009-08-30
details


malware-scanner.biz
95.211.27.166
hosted-by.leaseweb.com Fake scanner page / Directs to Trojan
domain owner / robertsimonkroon@gmail.com
2009-08-30
details


malware-scanner.info
95.211.27.166
hosted-by.leaseweb.com Fake scanner page / Directs to Trojan
domain owner / robertsimonkroon@gmail.com
2009-08-30
details


hq-tube-porn.com
95.211.27.166
hosted-by.leaseweb.com Fake scanner page / Directs to Trojan
Robert Kroon / robertsimonkroon@gmail.com
2009-09-05
details


porn-free-tube.biz
95.211.27.166
hosted-by.leaseweb.com Fake scanner page / Directs to Trojan
Robert Kroon / robertsimonkroon@gmail.com
2009-09-05
details


malware-stop.com
95.211.27.166
hosted-by.leaseweb.com Fake scanner page / Directs to Trojan
domain owner / robertsimonkroon@gmail.com
2009-09-05
details


sersoft.eu
95.211.27.166
hosted-by.leaseweb.com Directs to Trojan
2009-10-07
details


stop-malware.info
95.211.27.166
hosted-by.leaseweb.com Directs to Trojan
domain owner / robertsimonkroon@gmail.com
2009-10-07
details


malware-stop.info
95.211.27.166
hosted-by.leaseweb.com Directs to Trojan
domain owner / robertsimonkroon@gmail.com
2009-10-07
details


stop-malware.biz
95.211.27.166
hosted-by.leaseweb.com Directs to Trojan
domain owner / robertsimonkroon@gmail.com
2009-10-07
details


stop-spyware.biz
95.211.27.166
hosted-by.leaseweb.com Directs to Trojan
domain owner / robertsimonkroon@gmail.com
2009-10-07
details