How do they do it? Spyware search page injection for orphaned websites..

Hi malware fighters,

Sometimes websites get orphaned and when the unaware try to go there using a link that once existed they land somewhere they never wanted to go to, example here: htxp://www.heart7.net/ now apparently claimed and owned by DemandMedia AS DemandMedia. They must be very well aware of these info: http://dndetails.com etc.
My question how do they do it, and how to block these cuckoo cybersquatters at searchLinkGroup?
http://www.who.is/domain_archive-net/heart7.net/
There is also this link there: http://www.ipvoid.com/scan/64.74.223.37
Here is a write up on a similar issue: http://www.bottrax.com/?p=35
Also here: http://www.robtex.com/dns/easyload.net.html
Is this malicious as described here: fi.nuseek.com injection: http://www.spywareinfoforum.com/index.php?showtopic=106199&st=0
or is there another scenario described here: http://dbaspot.com/forums/pick-database/385297-accuterm-www-asent-com-web-site.html
Here they called out for a global boycott against Enom and DemandMedia: http://www.conceptualist.com/2008/03/10/the-inquirer-wikileaks-calls-for-a-global-boycott-of-enom-and-demand-media/
The controversy is clearly demonstrated here: http://stopdomainparking.com/
Did you see who owns that site?

polonus

Hi forum friends,

But there will always be something to make us happy at the other end of the spectrum, thanks to the good side of Google’s adsense, see here: http://forums.noomle.com/showthread.php?s=ac7c50841116be75956b727c57c9bea1&t=2321&page=1 ;D

polonus


Yes, I find those parked site now and then.

Usually, they are “parked here courtesy of GoDaddy.”

I am beginning to think GoDaddy is not always on the up & up … though they are making tons of money.


Hi CharleyO,

Yes there is the speculation aspect, during the renewal period the registration is being halted to enable parking and this is just a pure business scheme- those that have the registration are the ones that park, they are first “in the know and are on top of it”. I have no problem with this part of the scheme, it is another side-effect that bothers me - link rot, annoyances, subtle censorship presented as something else, etc.
Another aspect is that also a lot of info is disappearing in this way. One clicks on a redirect link from another source to find additional information to land on a parking site in limbo. Then the original info is hard to find, if it wasn’t already copied or mirrored somewhere else. Even essential info on malware, I have found has disappeared from the Internet. Sometimes the Google cache had it, but does not have the info from before the domain was being parked. What happens with the info of a site after it has been parked, it is a sure way to have it go to limbo and later to oblivion. And it is funny, it is with info as it is a with a plaster, where you want it removed it will stick, and where you want it to stick it will fall off.
The other aspect is that this also can be used as a subtle way to remove controversial/questionable information from the web and who is to protest, the end-result is the same. Time for some party to start to retrieve all the info so it can still be found, if Google does not want to be evil it would give the info back to us in some form, until then we go here: http://web.archive.org/web where we can experience the web as it was, the site I mentioned was parked during 2007…

polonus