On Fri, 26 Sep 2003 20:20:41 GMT, "|3iff //ullins"
<biff.mullins3@3premeditatedfun.com> wrote:

>hey, something pretty strange happened to one of my pc's today and i
>can sure use any help/info that i can get...
>
>first of all, i try to be pretty good about "battening down the
>hatches" security-wise, and i always use a good, beefed-up hosts
file.
>one of the entries i have in the hosts file is:
>127.0.0.1 sitefinder.verisign.com

It's funny you mentioned this, because only about half an hour before
this I had noticed them for the first time in my hardware firewall
logs.
They supposedly are a B2B advertising service -- mainly IT right now
-- which supposedly has some keyword-harvesting features. My guess is
they use some sort of script, but I can't tell yet what kind or if
it's IE specific. They seem to be tied to an advertising service
called gotoast.com.
I checked the link and it contacted itxt.vibrantmedia.com, but I have
no idea what it returned; it doesn't look like executable code, nor a
script.
Either way, they are worthy of blocking:
HOSTS:
127.0.0.1 www.gotoast.com
127.0.0.1 www.vibrantmedia.com
127.0.0.1 itxt.vibrantmedia.com

DNSKong:
gotoast
vibrantmedia

Firewall: Network Mask
GoToast 66.7.128.0 255.255.255.0
VibrantMedia 213.86.59.0 255.255.255.240
VibrantMedia 63.211.210.221 255.255.255.255 (or, single IP)

Sponge
Sponge's Anti-Spyware Source
www.geocities.com/yosponge