<![CDATA[[SecurityRatty] tag: mock]]> http://securityratty.com/tag/mock Wed, 26 Mar 2008 23:41:03 +0000 iRatty Engine http://blogs.law.harvard.edu/tech/rss <![CDATA['Paris for President' Parody Strikes Viral Gold]]> http://securityratty.com/article/c1dcff1c78a97408875146e9aad4f22a http://securityratty.com/article/c1dcff1c78a97408875146e9aad4f22a
]]> Sun, 10 Aug 2008 15:30:00 +0000 mock campaign video faux bid million times socialite presidency 'Paris for President' Parody Strikes Viral Gold <![CDATA[Fake Porn Sites Serving Malware - Part Two]]> http://securityratty.com/article/86e13cf5a3ac03ff0da9f40355440a24 http://securityratty.com/article/86e13cf5a3ac03ff0da9f40355440a24
What we've go here is the same malware gang using the very same malicious ISP among the ones you rarely see in any report, continuing to crunch out domain redirectors using the same templates for fake porn sites. And since some of the fake sites are actual redirectors, periodically revisting them leads to more fake codecs and even more actionable intelligence into the nature of their practices, and which are the ISPs proving them with hosting services for several consecutive years.

The main redirector in this campaign popular-adult.com is also responding to :

basic-adult .com
business-adult .com
center-adult .com
comp-adult .com
compadult .com
controladult .com
cruiseporn .com
drive-adult .com
ebony-adult-video .com
ebony-pornmovie .com
ebony-video-xxx .com
engine-adult .com
fat-adult-video .com
fat-pornmovie .com
fat-video-xxx .com
global-adult .com
inc-adult .com
name-adult .com
nameadult .com
other-adult .com
partadult .com
pleasureadult .com
porn-abc .com
porn-contact .com
porn-global .net
porn-go .net
porn-group .net
porn-party .net
porn-play .net
porn-plus .net
porn-power .net
porn-room .net
pornabout .com
porndrive .net
pornhelp .net
pornname .net
pornstar-adult-video .com
pornstar-pornmovie .com
pornstar-video-xxx .com
room-adult .com
scan-adult .com
seek-adult .com
u-adult .com

The secondary redirectors going out of popular-adult.com :

pornname .net/ted/382634557/1/
porn-abc .com/ike/1666520193/1/
pornhelp .net/dense/876421348/1/
porn-play .net/cristina/1970565499/1/
porn-global .net/percival/330780624/1/
porn-contact .com/cisse/854714304/1/
porn-play .net/honora/888715608/1/
pornname .net/deidre/1964468519/1/
pornhelp .net/pip/1977382266/1/
porndrive .net/shelton/767217618/1/
pornhelp .net/mat/354381578/1/
pornabout .com/tobe/1436617289/1/
porn-go .net/samson/7633197/1/
porn-contact .com/teresa/409084583/1/
porn-party .net/basil/1305549820/1/
porn-contact .com/ed/1067772053/1/
porn-contact .com/frish/1287341391/1/
pornname .net/mariah/53967973/1/
pornname .net/jacobus/291129748/1/
porn-plus .net/beverly/2122167311/1/
porn-party .net/lulu/917088357/1/
pornabout .com/boetius/1991451664/1/
cruiseporn .com/padde/1296397392/1/
porn-power .net/arch/334137732/1/
cruiseporn .com/meta/377489795/1/
porn-room .net/lynette/1518855371/1/
porn-play .net/link/1975737157/1/
hporn-global .net/vin/1241430020/1/
porndrive .net/dunk/1245242641/1/
porn-go .net/louisa/1685718172/1/
pornhelp .net/dunk/1859215260/1/
porn-contact .com/celia/1805798677/1/
porn-play .net/anabelle/987641695/1/
porn-room .net/rille/815076192/1/
pornabout.com/hodge/1040019816/1/
porn-abc .com/claes/1130748100/1/
pornabout .com/frederick/1987458246/1/
porn-go .net/fredde/1153431432/1/
porn-party .net/felicity/705720374/1/
porndrive .net/ginne/1183690031/1/
porn-group .net/kimberle/706468800/1/
porn-room .net/helen/565953612/1/
porn-party .net/arche/1387111363/1/
porn-contact .com/kingston/232354071/1/
pornhelp .net/mima/1024064014/1/
porn-power .net/gretchen/152347961/1/
porn-contact .com/ophelia/840853119/1/
porn-play .net/eleanor/88926029/1/
porn-power .net/bella/1712681771/1/
porn-global .net/melchizedek/1823498218/1/
pornabout .com/gabbe/1478560492/1/
porn-party .net/obedience/1540587230/1/
porndrive .net/rod/1177331120/1/
porn-play .net/gee/1314369182/1/
pornname .net/phineas/975226015/1/
porn-global .net/reynold/131075998/1/
porndrive .net/bat/1542809624/1/
porn-global .net/hans/400396810/1/
porn-contact .com/mock/1738069316/1/
porn-plus .net/tryphosia/354085313/1/
porn-room .net/bazaleel/1417267786/1/
porn-contact .com/joyce/353938308/1/
porn-power .net/laine/780004499/1/
pornhelp .net/mille/988856007/1/
cruiseporn .com/dare/258399427/1/
porn-global .net/nat/2039108680/1/
pornname .net/eudora/2132399934/1/
porn-go .net/ana/277211595/1/
pornhelp .net/auge/1990287956/1/
porn-contact .com/danial/1195423348/1/
porn-abc .com/teresa/1787982397/1/
porn-go .net/lawrence/1575543567/1/
porn-go .net/sherre/1066718744/1/
porn-contact .com/jack/657185819/1/
porn-abc .com/manda/216390544/1/
porn-party .net/chuck/1533427157/1/
porndrive .net/lucille/215841052/1/
cruiseporn .com/rodney/1024994863/1/
pornname .net/sheldon/669324635/1/
porn-global .net/janet/1677642355/1/
porn-global .net/basil/635902337/1/
porn-party .net/adela/980553444/1/
cruiseporn .com/charles/2038221862/1/
pornabout .com/sid/644600064/1/
porn-abc .com/eloise/1882289515/1/
porndrive .net/bryant/724023427/1/
porn-party .net/bonne/305120344/1/
porn-play .net/susan/826151266/1/
porn-room .net/sheila/439221958/1/
porn-go .net/valere/1498454342/1/
porn-contact .com/asenath/1036530205/1/
porn-plus .net/marcus/51947065/1/
porn-party .net/bridgit/518065759/1/
porn-plus.net/shawn/1427002427/1/
cruiseporn.com/alicia/1252994155/1/
porn-abc.com/arminda/975985679/1/
porn-party.net/lionel/929052416/1/
porn-contact .com/ande/1755833202/1/
porn-power .net/cyrus/732691977/1/
aboutadultsex .com/heloise/1008109638/1/
adultzoneworld .com/barne/506956701/1/
superporncity .com/roberta/1239682918/1/
pornhelp .net/eurydice/1944564451/1/
theadultpost .com/volodia/543769984/1/
porn-play .net/bird/760635633/1/
coolbestporn .com/bradford/578099145/1/
porn-plus .net/delilah/465854735/1/
porn-power .net/pheney/698426424/1/
porn-party .net/cristina/940229631/1/
porn-party .net/justin/1913395886/1/
porn-contact .com/lotte/1794233444/1/
porn-party .net/nowell/850070721/1/
worldbestadult .com/parthenia/1858633626/1/
funpornsite .com/patience/188018581/1/
adultsexpro .com/isse/1981168802/1/
adultsexpro .com/isabelle/683364151/1/
porndrive .net/erne/906935790/1/
porn-power .net/delpha/178727494/1/
porn-plus .net/chesley/1261676752/1/
porn-plus .net/selina/11889629/1/
porntimeguide .com/arnold/1555784224/1/
aboutadultsex .com/doug/1975246767/1/
porn-global .net/clum/1615653087/1/
funxxxporn .com/kym/739810260/1/
porn-plus .net/roxane/2022633909/1/
worldbestadult .com/vicke/955775101/1/
porn-play .net/jane/1396714471/1/
pornname .net/nicole/1695768032/1/
adultvideodot .com/bela/96070992/1/
porn-room .net/carre/1310194786/1/
adultsexpro .com/azubah/141802741/1/
theadulteye .com/pheney/1077328499/1/
porn-party .net/chick/1522449297/1/
aboutadultsex .com/elbert/1300176621/1/
findadultsex .com/lorre/2057361400/1/
teenporntop .com/aristotle/901956477/1/
coolbestporn .com/bartel/94175118/1/
porn-plus .net/deanne/70540201/1/
coolbestporn .com/appe/1679745028/1/
findadultsex .com/asaph/1439353641/1/
pornxxxfilm .com/tone/904077420/1/
funxxxporn .com/india/476477713/1/
adultvideodot .com/ed/879863981/1/
bestpriceporn .com/babbe/1457040435/1/
superliveporn .com/russell/56570486/1/

More fake porn video sites using similar site templates, and using the same redirection infrastructure :

porntubev20 .com
clearpornurlssite .com
mypornmovies .net
getyourfreemovie .com
tubescollection .com
free-best-porn .com/videos/
pornmovieshare .com
clipslab .com
mybestvideosite .com
avwav .com

The fake codecs download locations in this campaign : 

aviutility .com
18x-adult2008 .com
2008x-adult-2008 .com
best-codec .com
hq-codec .net
mpegsystem .com
bestsoft-ware08 .com

The registrant and hosting provider :

Cernel Inc, Legal Department  (support@cernel.net)
23404 W. Lyons Ave #223, Santa Clarita, Ca,91321
US, Tel. +1.6613470577

Historically, the same gang has been using the same hosting provider for many other fake codecs, which remain parked on the same netblock in a standby mode :

Fire-ticket .com - 64.28.184.162
Fire-codec .com - 64.28.184.163
Light-ticket .com - 64.28.184.163
Braketicket .com -  64.28.184.164
Mooncodec .net - 64.28.184.164
Light-codec .com - 64.28.184.165
Turbo-ticket .com - 64.28.184.165
Space-codec .com - 64.28.184.166
Ultra-ticket .com - 64.28.184.166
Brakecodec .com - 64.28.184.167
Demo-ticket .com - 64.28.184.167
Demoticket .net - 64.28.184.168
Hq-ticket .com - 64.28.184.168
Turbo-codec .com - 64.28.184.168
Hqticket .com - 64.28.184.169
End-ticket .com - 64.28.184.169
Nitro-codec .com - 64.28.184.169
Hqticket .net - 64.28.184.170
Clean-ticket .com - 64.28.184.170
Red-codec .com - 64.28.184.170
Black-codec .com - 64.28.184.171
Viva-ticket .com - 64.28.184.171
Niceticket .net - 64.28.184.171
Endticket .com - 64.28.184.172
Ultra-codec .com - 64.28.184.172
Wot-ticket .com - 64.28.184.172
Mega-codec .net - 64.28.184.173
Storm-ticket .com - 64.28.184.173
Megaz-ticket .com - 64.28.184.174
Vipcodec .net - 64.28.184.174
Democodec .net - 64.28.184.175
Giga-ticket .com - 64.28.184.175
Demo-codec .net - 64.28.184.176
Uin-ticket .com - 64.28.184.176
Hopeticket .com - 64.28.184.177
Hq-codec .net - 64.28.184.177
Best-codec .com - 64.28.184.178
Hope-ticket .com - 64.28.184.178
Endcodec .net - 64.28.184.179
Zero-ticket .com - 64.28.184.179
End-codec .net - 64.28.184.180
Pop-ticket .com - 64.28.184.180
Cleancodec .net - 64.28.184.181
Yupticket .com - 64.28.184.181

The deeper you go the more interesting it gets, malware command and controls located on the same network, fake banks, money mule recruitment sites, pharmaceutical scams and spam hosting - they or their customers if they are to forward the responsibility are definitely multitasking.

Related posts:
Fake Porn Sites Serving Malware
Underground Multitasking in Action
Fake Celebrity Video Sites Serving Malware
Blackhat SEO Redirects to Malware and Rogue Software
Malicious Doorways Redirecting to Malware
A Portfolio of Fake Video Codecs
]]> Mon, 07 Jul 2008 23:24:00 +0000 net malware porn-party porn-contact fake porn sites porn-play porn-plus porndrive pornhelp Fake Porn Sites Serving Malware - Part Two <![CDATA[More On Non-lethal Weapons: Electrified Shieds]]> http://securityratty.com/article/e7f8c88f01a1b72dd005f5c265493e15 http://securityratty.com/article/e7f8c88f01a1b72dd005f5c265493e15
"The kit "features a peel and stick perforated [f]ilm, power supply and necessary conversion equipment. This laminate becomes electrified providing a powerful deterrent to protect officers and keep suspects or rioters at bay." What could possibly go wrong?"

Love that last sentense...

and

"It's all part of the Office of Law Enforcement Technology Commercialization's Mock Prison Riot"

Wow, a prison riot, what a fun event! ;-)

Read here.
About me: http://www.chuvakin.org
]]> Tue, 13 May 2008 11:12:00 +0000 prison riot mock prison riot law enforcement technology protect officers fun event powerful deterrent conversion equipment power supply rioters More On Non-lethal Weapons: Electrified Shieds <![CDATA[Microsoft Senior PC - not just for the elderly]]> http://securityratty.com/article/b40833af463c4e7344afed3fa409ff04 http://securityratty.com/article/b40833af463c4e7344afed3fa409ff04 Senior PC packages" is, in my mind, borderline genius and something I wish I had thought of first. Computer Weekly mock the idea in this weeks magazine, something I think is very unfair given that I'm sure some of their editorial team are getting on a bit and would probably be able to make good use of the built-in prescription software... If home computing can be made as easy as taking the PC out of the box, plugging it in and turning it on (not a word from the Mac users please - I know you've been able to do this for years) then that's to be encouraged for everyone, not just the elderly. And if it stops the "support" calls from my mother-in-law then that's priceless! ]]> Tue, 06 May 2008 15:00:00 +0000 built-in prescription software computer weekly mock heavy objects intelligent lady mother-in-law situation akin quadratic equations idea editorial team Microsoft Senior PC - not just for the elderly <![CDATA[On trial - role of the CISO]]> http://securityratty.com/article/c7d4719f03ff92232d4a44b142f09cf1 http://securityratty.com/article/c7d4719f03ff92232d4a44b142f09cf1 Infosec last week. I acted the role of the hapless and rather impotent CISO working for an overbearing CIO. There was a serious point to the exercise though - those barristers were playing for real and the legal terminology was all correct. The sentences handed out to the CIO and CEO, who were found guilty under section 450 of the companies act of destroying documents, reflected what would have happened in real life. It shouldn't come as a surprise that there might be confusion as to role of the CISO. It's a role that has quickly evolved from being technical and focused on IT, to one that's strategic and focused on mitigating business risks across the full scope of Information Security. My own role encompasses all aspects of managing risks to data and is, I'm pleased to report, far more respected than the part I played at the mock trial. But I've often had to push hard to put security on the agenda and I think some of the more traditionaly minded individuals in the organisation were taken aback by some of what I was putting on the table as being within scope of my responsibility when I first took on the role. The role of CISO is evolving and in fact, I think within a few years from now it'll probably no longer exist at all. Large organisations are going to require individuals whose role focuses on managing risk and compliance. The traditional view of the CISO as being a technical IT security specialist is going to very soon be as outdated as those who still hold that view! ]]> Sat, 26 Apr 2008 12:32:46 +0000 role ciso role focuses role encompasses impotent ciso security information security mock trial view On trial - role of the CISO <![CDATA[Infosec Europe]]> http://securityratty.com/article/46b5afc201cb0fae76eec90375b8d310 http://securityratty.com/article/46b5afc201cb0fae76eec90375b8d310 Infosec Europe at Olympia. The program this year looks, in my opinion, to be the best yet including input from some well known industry names such as Bruce Schneier, Alan Paller, as well as my fellow bloggers David Lacey ("Locking Down Social Networking Vulnerabilities" on the 22nd) and Philip Virgo ("Why Do We Need an E-Crime Unit?" on the 23rd). I'll be participating in the "The Mock trial of A.N.Corporate" on the 24th in the Interactive Theatre, where, according to the blurb "The excitement of a real courtroom is brought to Olympia, when a mock trial is conducted where various members of a corporation (It Manager, CISO, CIO and CEO) are put in the dock, and questioned by the defence and prosecution." It should be fun! There are some exciting new exhibitors on the list for this year including Behaviosec whose product "Behavio identifies unauthorized users within seconds by detecting anomalies in keyboard and mouse behavior." I'm looking forward to seeing you there. ]]> Tue, 15 Apr 2008 03:00:00 +0000 infosec europe mock trial bruce schneier industry names real courtroom interactive theatre e-crime unit behavio identifies olympia Infosec Europe <![CDATA[What if Diebold was bought out by Steve Wynn or Donald Trump?]]> http://securityratty.com/article/b26ebf8602a79c097a0428222dd37876 http://securityratty.com/article/b26ebf8602a79c097a0428222dd37876 Wed, 26 Mar 2008 23:41:03 +0000 mock news video machine manufacturers machine risks bad press electronic martin mckeay accuracy issues sadly iceberg What if Diebold was bought out by Steve Wynn or Donald Trump?