Promosis? Who are these guys?
Douglas Otis
dotis at mail-abuse.org
Wed Apr 20 18:09:24 UTC 2005
On Wed, 2005-04-20 at 12:38 +0530, Suresh Ramasubramanian wrote:
> seen on a local linux mailing list -
>
> > It looks like some one broke into VSNL's name server and done some
> > harm to open source websites I'm now using Airtel's (mantraonline)
> > name server and able to browser the sites mentioned above any one have
> > any idea whats happening ??? while nslookup to the VSNL's name server
> > I'm getting 66.151.179.147 for all those sites. the list includes,
> > gnomefiles.org
> > gnome-look.org
> > gforge.org
> > mantisbt.org
>
> suresh at frodo 12:23:32 [~]$ whois 66.151.179.147
> Internap Network Services PNAP-06-2001 (NET-66-150-0-0-1)
> 66.150.0.0 - 66.151.255.255
> Promosis Inc. PNAP-BSN-PROMO-RM-01 (NET-66-151-179-128-1)
> 66.151.179.128 - 66.151.179.191
>
> The promosis.com site, however, is an all flash site that says they've
> developed promo campaigns for Bose, Oracle, art.com, Forbes etc.
> Looks legit ..
>
> Any idea? Something that works when NS is changed couldnt be spyware
> on the guy's PC though he is a newbie to linux, and is surfing the net
> using firefox on a windows PC
I cleaned a few PCs that had a search toolbar installed on the browsers.
(Both IE and Firefox) In addition to offering prominent sex links,
other revenues seemed based upon guiding users into trying out a list of
anti-stuff that actually made things worse. One trick, among many nasty
tricks, was to heavily load the /windows/system/driver32/etc/hosts file
to disable sites that may offer a remedy and to also block their
updates. The search toolbar and the anti-stuff were provided by the
same "accredited" company (although using different names). Even
registry settings made it appear some software was loaded, but when the
user attempted to uninstall this bogus software, it fired-up a link that
took them back to anti-stuff site, using IE, which was not the default
browser. I see the same type of service offered here, but by different
names.
-Doug
More information about the NANOG
mailing list