On 26 Jun 2003 03:03:03 GMT, Sarge <GiveMeTwenty@bootcamp.invalid>
wrote:
>siljaline <siljaline@invalid.com> wrote in
>news:vbgkfvoodu1mfllet12ca595um0pev2as4@4ax.com :
>
>> That clicks through to the "i-won" domain - perhaps not a
false-flag.
>
>How can a .gif be spyware? And how does iwon.com figure into it?
Nowhere on
>http://my.myway.com can I find a link, redirect or embedded object
pointing
>to iwon.com. But that's beside the point anyway -- Ad-aware is
flagging the
>*image*. There are plenty of ways for scumware authors to screw with
you,
>but a .gif ain't one of them.
A gif can be symptomatic of spyware or a spyware infection attempt.
Consider two scenarios. One is that a gif with a certain name is known
ot be packaged with brand X spyware. So, logically, the anti-spyware
program *SHOULD* flag it as a possible sign of the presence of the
spyware.
The other thing is what happens in operation. When you visit a site,
you usually are, in fact, "visiting" several sites. You may be visitng
Yaoho.com, but you are also getting redirected to ad.doubleclick.com,
images.atdmt.com, and whatever else. Since you are "visiting" those
sites they can load in whatever the heck they please. Usually, they
just drop cookies, but sometimes they may drop malicious JavaScript,
VBScript, Java Applets, and, the worst of all, inject ActiveX
Controls. Usually, these links come as an image link, where the image
is an ad or web bug.
As far as Myway goes, it is a part of Imagefarm, a major ad server
service. Siljaline is absolutely correct that it is owned, and
probably the same service, as IWON. Note that they have the same
postal address and reside on the same Class C. Read below.
06/29/03 16:45:54 whois my.myway.com
..com is a domain of USA & International Commercial
Searches for .com can be run at http://www.crsnic.net/
whois -h whois.crsnic.net myway.com ...
Redirecting to NETWORK SOLUTIONS, INC.
whois -h whois.networksolutions.com myway.com ...
Registrant:
My Way, . (MYWAY8-DOM)
One Bridge Street
Suite 42
Irvington, NY 10533
US
Domain Name: MYWAY.COM
Administrative Contact:
Admins, Domain (XMELACOFBI) domain@staff.myway.com
One Bridge Street, Suite 42
Irvington, NY 10533
US
914-591-2000 fax: 123 123 1234
Technical Contact:
Network Solutions, Inc. (HOST-ORG) namehost@WORLDNIC.NET
21355 Ridgetop Circle
Dulles, VA 20166
US
1-888-642-9675 fax: 123 123 1234
Record expires on 22-Nov-2007.
Record created on 20-Sep-2002.
Database last updated on 29-Jun-2003 02:51:04 EDT.
Domain servers in listed order:
DNS4.IMGFARM.COM 208.45.133.230
DNS5.IMGFARM.COM 208.45.133.231
06/29/03 02:48:32 dns MYWAY.COM
Mail for MYWAY.COM is handled by mprdmxin.MYWAY.COM
Canonical name: MYWAY.COM
Addresses:
208.45.133.133
06/29/03 16:46:42 whois iwon.com
..com is a domain of USA & International Commercial
Searches for .com can be run at http://www.crsnic.net/
whois -h whois.crsnic.net iwon.com ...
Redirecting to BULKREGISTER, LLC.
whois -h whois.bulkregister.com iwon.com ...
iWon.com, Inc.
One Bridge Street, Suite 42
Irvington, NY 10533
US
Domain Name: IWON.COM
Administrative Contact
Domain Owners-> domain@staff.iwon.com
iWon, Inc.
One Bridge Street, Suite 42
Irvington,, NY 10533
US
Phone (914) 591-2000
Fax
Technical Contact
Domain Technical-> abusemail@staff.iwon.com
iWon, Inc.
One Bridge Street, Suite 42
Irvington, NY 10533
US
Phone (914) 591-2000
Fax
Record updated on-> 2001-06-12 18:22:09
Record created on-> 1999-02-04
Record expiring date-> 2007-02-04
Database last updated on-> 2003-06-29 02:50:41 EST
Domain servers in listed order:
DNS4.IMGFARM.COM 208.45.133.230
DNS5.IMGFARM.COM 208.45.133.231
06/29/03 02:48:27 dns iwon.com
Mail for iwon.com is handled by mxpita.iwon.com
Canonical name: iwon.com
Addresses:
208.45.133.25
Sponge
Sponge's Anti-Spyware Source
www.geocities.com/yosponge
Reply With Quote