A small fragment of Rove Digital (and others)

Just in case I forget.

inetnum: -
netname:        singhajeet3
descr:          singhajeet3 - Singh Ajeet
country:        UA
admin-c:        SA5766-RIPE
tech-c:         SA5766-RIPE
status:         ASSIGNED PA
mnt-by:         MNT-HOSTINGUA
source:         RIPE # Filtered

person:         Singh Ajeet
address:        34203, Florida, United States, Bradenton, 1901 60th Place E. Suite L4257
abuse-mailbox:  abuse@hosting.ua
phone:          +380487281518
nic-hdl:        SA5766-RIPE
source:         RIPE # Filtered

% Information related to ''

descr:          Datacenter Hosting.UA
origin:         AS41665
mnt-by:         MNT-HOSTINGUA
source:         RIPE # Filtered

I’ll probably forget the connection, so here is the short version:

A tweet from one of the good guys I’m following:
Details about the MediaTemple security issues (injected spam and .htaccess redirects) http://bit.ly/4POUnQ and http://bit.ly/7o1oyA

And somehow I ended up at redbuszoen. com via you-search. in.
Probably some kind of dynamic, now I end up at cyber-shop. net at, advancedhosters.com. Russians in the Netherlands. Shitty place that too.

That’s probably all, sorry for that.

If you want a little bit more, spamhaus is the usual reliable source:
But they forgot to list –
Or the whole freaking
More evil stuff in there. Like the skiddie forum at evilzone.org (forum.evilzone.org).

But then the whole .UA space should be nuked.
Much safer internet without it.
I’m beginning to have the same thoughts about .NL too.

(And I am now on day 13 in my career as a non-smoker. This is probably what hell will be when that time comes. Now I am prepared for it)

Update a bit later
When following the link from cyber-shop. net, I ended up downloading scareware from securitytoolsediting. net.
Virustotal tells med that 11 out of 40 vendors recognize the file install.exe.
The different names given contain “FakeAlert”, “RogueSecurity”, “Krap”.

securitytoolsediting. net appears to live at, “Baltic Center of Innovations TechPromInvest LTD”.
Probably a shitty place too. A quick google search seems to agree with me.

Posted in malware, bots, RBN. Comments Off on A small fragment of Rove Digital (and others)