Megadownloads.com

[sponge]

On Sun, 19 Oct 2003 15:17:33 -0400, BoB <me@privacy.net> wrote:

>Noticed this msg in another NG today.
>______________________________
>quote
>I wanted the latest version of Winzip and Googled accordingly.
>Received a list of sites and went for the "Free Downloads".
>Got to a site called 1000downloads.co.uk
>Clicked on 'download Winzip9'.
>
>My internet connection to my ISP was immediately terminated and was
>reconnected to a new one with the premium number of 09097927979.
>There was even a new entry in my Dial Up Networking folder and a
>shortcut on my desktop.
>
>There was no indication of their call charges but at say, £1 per
>minute, a thirty minute "free download" could be quite expensive.
>I feel that an inexperienced user could be seriously conned.
>end quote
>___________________
>
>Someone mentioned megadownloads.com was a place to stay away from
>and that they do show at the top of the site that they are a pay
>site, 1.5 euros per minute, dialer - but in small letters.
>
>Neither megadownloads nor 1000downloads are presently listed in
>either my 126k or 581k HOSTS file. Neither are listed in IE-SpyAd
>for the IE restricted sites list. Shouldn't they be or is this just
>"surfer beware"?
>
>BoB
>For the duration of Swen, my address is inoperative.

It is a dialer/hijacker called WebTelecom. There are so many of these
things that's it's hard to keep the names straight, so I don't know if
SpyBot or Ad-Aware identify it. I will send them a submission. In the
meantime, make sure that you do not pay those charges and inform the
phone company of the situation. If you need help removing the dialer,
post back here.

Yes, it's a case of "surfer beware". Your other options are to take
legal action against the site and maker of the trojan or push for
legislation against this stuff.

If you're more concerned about the here-and-now, the best thing you
can do to enhance your security is to use another browser -- anything
but Internet Explorer; that puts virtually all the dialers and
hijackers to bed. Add www.megadownloads, 1000downloads.co.uk, and also
the following line to your HOSTS file:

127.0.0.1 www.sponsoradulto.com

Forget about using Spyad -- it provides no appreciable security, since
it mostly duplicates (but does not block) what's already on HOSTS
anyway.

Sponge
Sponge's Secure Solutions
www.geocities.com/yosponge
My new email: yosponge2 et yahoo dot com

[BoB]

On 19 Oct 2003 15:10:21 -0700, yosponge@yahoo.com (sponge) wrote:

>On Sun, 19 Oct 2003 15:17:33 -0400, BoB <me@privacy.net> wrote:
>
>>Noticed this msg in another NG today.
>>______________________________
>>quote
>>I wanted the latest version of Winzip and Googled accordingly.
>>Received a list of sites and went for the "Free Downloads".
>>Got to a site called 1000downloads.co.uk
>>Clicked on 'download Winzip9'.
>>
>>My internet connection to my ISP was immediately terminated and was
>>reconnected to a new one with the premium number of 09097927979.
>>There was even a new entry in my Dial Up Networking folder and a
>>shortcut on my desktop.
>>
>>There was no indication of their call charges but at say, £1 per
>>minute, a thirty minute "free download" could be quite expensive.
>>I feel that an inexperienced user could be seriously conned.
>>end quote
>>___________________
>>
>>Someone mentioned megadownloads.com was a place to stay away from
>>and that they do show at the top of the site that they are a pay
>>site, 1.5 euros per minute, dialer - but in small letters.
>>
>>Neither megadownloads nor 1000downloads are presently listed in
>>either my 126k or 581k HOSTS file. Neither are listed in IE-SpyAd
>>for the IE restricted sites list. Shouldn't they be or is this just
>>"surfer beware"?
>>
>>BoB
>>For the duration of Swen, my address is inoperative.
>
>It is a dialer/hijacker called WebTelecom. There are so many of these
>things that's it's hard to keep the names straight, so I don't know if
>SpyBot or Ad-Aware identify it. I will send them a submission.

Thanks for following up.

>In the meantime, make sure that you do not pay those charges and inform
>the phone company of the situation. If you need help removing the dialer,
>post back here.
>
>Yes, it's a case of "surfer beware". Your other options are to take
>legal action against the site and maker of the trojan or push for
>legislation against this stuff.
>
>If you're more concerned about the here-and-now, the best thing you
>can do to enhance your security is to use another browser -- anything
>but Internet Explorer; that puts virtually all the dialers and
>hijackers to bed. Add www.megadownloads, 1000downloads.co.uk, and also
>the following line to your HOSTS file:
>
>127.0.0.1 www.sponsoradulto.com

Passed the above information back to the NG from which it came
and provided a url for Firebird v7.

>Forget about using Spyad -- it provides no appreciable security, since
>it mostly duplicates (but does not block) what's already on HOSTS
>anyway.

Uninstalled. That's one less thing for me to keep up with.

>Sponge
>Sponge's Secure Solutions
>www.geocities.com/yosponge
>My new email: yosponge2 et yahoo dot com

Thanks so much for your quick response Sponge.

BoB
For the duration of Swen, my address is inoperative.

[Andy Jefferies]

yosponge@yahoo.com (sponge) wrote in message news:<8d76ec03.0310191410.61cc1b8d@posting.google. com>...
>
> It is a dialer/hijacker called WebTelecom. There are so many of these
> things that's it's hard to keep the names straight, so I don't know if
> SpyBot or Ad-Aware identify it. I will send them a submission. In the
> meantime, make sure that you do not pay those charges and inform the
> phone company of the situation. If you need help removing the dialer,
> post back here.

Any pointers in removing this dialer would be greatly appreciated -
our phone bill just doubled due to 2 calls to this number.

Many thanks,
Andy.

[Jay T. Blocksom]

On Mon, 20 Oct 2003 09:35:07 -0400, in <alt.privacy.spyware>, BoB
<me@privacy.net> wrote:
>
> On 19 Oct 2003 15:10:21 -0700, yosponge@yahoo.com (sponge) wrote:
>
[snip]
> >
> >It is a dialer/hijacker called WebTelecom. There are so many of these
> >things that's it's hard to keep the names straight, so I don't know if
> >SpyBot or Ad-Aware identify it. I will send them a submission.
>
> Thanks for following up.
>
[snip]
> >
> >If you're more concerned about the here-and-now, the best thing you
> >can do to enhance your security is to use another browser -- anything
> >but Internet Explorer; that puts virtually all the dialers and
> >hijackers to bed. Add www.megadownloads, 1000downloads.co.uk, and also
> >the following line to your HOSTS file:
> >
> >127.0.0.1 www.sponsoradulto.com
>
> Passed the above information back to the NG from which it came
> and provided a url for Firebird v7.
>
[snip]

All well and good, but that's only half the fix. The other is to rid the
system of the hijack-enabler itself. This:

<http://www.litepc.com/ieradicator.html>

will do the trick.

--

Jay T. Blocksom
--------------------------------
Appropriate Technology, Inc.
usenet01[at]appropriate-tech.net


"They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety."
-- Benjamin Franklin, Historical Review of Pennsylvania, 1759.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
NOTE: E-Mail address in "From:" line is INVALID! Remove +SPAMBLOCK to mail.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Unsolicited advertising sent to this E-Mail address is expressly prohibited
under USC Title 47, Section 227. Violators are subject to charge of up to
$1,500 per incident or treble actual costs, whichever is greater.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -