Hi malware fighters,
I was asked about a weird redirect from what seems a bogus IQ site and I dug in it and came up with the following report. Who has other thoughts about it and I hope the issue will be explained to that particular user…
Hi my fellow malware fighters,I recently had a similar “prefixed-search-redirecting” experience and I see a certain trend developing here,
that is why I ask your attention to the following issue…Well I did the investigation as it came under the subject - not a virus - tracking adware!
Main site is clean according to URLVoid,
but not scanned by all participating scanners in the URLVoid megascanner:
http://www.urlvoid.com/scan/iqbrainscan.comWeb server details
Scan for: htxp://www.iqbrainscan.com
Hostname: wXw.iqbrainscan.com
IP Address: 210.17.247.92
Date: 20-07-2010 06:16Running on: Apache/2.2.11
System info: (Unix) PHP/5.2.10
Powered by: PHP/5.2.10Web Application details:
Blacklisting statusDomain clean by Google Safe Browsing: wXw.iqbrainscan.com
Domain clean by Norton Safe web: wXw.iqbrainscan.com
Domain clean by Sucuri Web Blacklist: wXw.iqbrainscan.com
Domain clean by the Phish Tank: wXw.iqbrainscan.com
Domain clean by the Malware Domain List: wXw.iqbrainscan.com
http://www.urlvoid.com/scan/5m5i.com CLEAN
There is a daily limit put there:
400 wXw.iqbrainscan.com have exceed the daily limited
To speedup wXw.iqbrainscan.com visiting please use sub website directly !
not using URL forward.
How to setup and IIS or Apache sub website in VDNSThis page will redirect to 207.210.83.224/re.php 10 seconds later
Go to htxp://207.210.83.224/re.php NOW …(blocked by WOT reputation scanner)
VDNS help docThen we get a redirect via a bad reputation site:
htxp://www.tracklead.net/click.track?CID=125299&AFID=136596&ADID=316478&SID=1
See on the adware: http://www.threatexpert.com/report.aspx?md5=9023899e95311d35e5c233f1a0f388eb
Look for the lead.wrapper.dll file on your machine,
for this is a malicious file related to this adware/spyware…Why tracklead is used here, well the Sony Corporation spokesman once with their big DRM issue,
put it so clearly: The industry will take whatever steps it needs to protect itself
and protect its revenue streams…It will not lose that revenue stream,
no matter what…Sony is going to take aggressive steps to stop this.
We will develop technology that transcends the individual user.
We will firewall Napster at source - we will block it at your cable company.
We will block it at your phone company.
We will block it at your ISP.
We will firewall it at your PC…
These strategies are being aggressively pursued because there is simply too much at stake."
As this Sony strategist said that is what is at the background of it all…
and that is what we now experience all around uspol
Open for further comments, please?
Damian