twisted humor.com infect you with TROJANS!!

[Benholio]

Are they in the US? If so then thank god for the Super Broad DCMA...

[FthrJACK]

Registrant:

TwistedHumor.com (TWISTEDHUMOR-DOM)

7770 regents Road Suite 113-413

San Diego, CA 92122

US

Domain Name: TWISTEDHUMOR.COM

Administrative Contact:

Coats, M (MCP429) ads@TWISTEDHUMOR.COM

Lions Pride Enterprises, Inc.

7770 Regents Rd #113-413

San Diego , CA 92122

858-271-8650 (FAX) 858-566-3911

Technical Contact:

Kukuruzovic, Vladimir (KV338-ORG) noc@TWISTEDHUMOR.COM

Twistedhumor

Lions Pride Enterprises, Inc.

7770 Regents Rd #113-413

San Diego, CA 92122

USA

858-271-8650

Fax- 858-566-3911

Billing Contact:

Coats, M (MC20525) questions@TWISTEDHUMOR.COM

Lions Pride Enterpises, Inc.

7770 regents Road Suite 113-413

San Diego, CA 92122

619-458-3695 (FAX) 619-458-3695

Record last updated on 03-Jul-2001.

Record expires on 30-Jun-2003.

Record created on 30-Jun-1999.

Database last updated on 25-Oct-2001 11:27:00 EDT.

Domain servers in listed order:

SERVER8.TWISTEDHUMOR.COM 64.37.103.98

SERVER9.TWISTEDHUMOR.COM 64.37.114.66

ISP is ht*p://www.cybercon.com

[XPerties]

Anyone who has found this on there PC may send a complaint to the manager at cybercon....E-mail your complant and what you found to dave@cybercon.com Make sure you explain we the people of the internet wont stand for this!

-Chris:D

[Micropocalypse]

www.rankyou.com

www.srv2cpt.com

and twisted humor all have the same isp.

and are in the same city. hmmm...

[FthrJACK]

ok no response by cybercon to stop this spreading, so i emailed this today, if nothing is done after this ill get in touch with a few places such as symantec and see what they say should be done and report it to the authorities. here what i emailed dave@cybercon.com

[i:121b6c0689]

Dear sir

Im writting to you after being infected with a Trojan horse program and key logging programs contained in a file i downloaded from twistedhumor.com hosted on your web servers.

I find it disgusting that these people are taking advantage of peoples feelings after the attrocaties on September the 11th, in order to infect people with a stealth Trojan and then extract personal information of all kinds from them and submit them to endless pop up advertisements.

As the creators of this site and the Trojan horse file will not stop their illegal activities i would like to formally request that this site be closed down imediatley ( subject to your legal obligation) in order to prevent the spread of this virus and to stop the perpetrators collecting anymore personal information on any of its victims.

The site is being monitored and a group of victims is currently spreading the word of this site and the security risk envolved. We feel let down by the fact that to date the site is still operational and that no action seems to have been taken by cybercon.com in order to stop this activity, we feel that if Microsoft where to contact you over a warez site or site offering serial keys etc you would not fail in your legal obligation to shut the site down imediately.

Please can you ensure that action is taken.[/i:121b6c0689]

[FthrJACK]

and still no action... SO.. i emailed them again of course!

[i:778e1ea04b]Sure:

the file is called wnad.exe

it sits in your PC ( on win2k its found in WINNT, on XP its WINDOWS )

and waits 72hours, presumably so that you dont know where you got the infection, scanning the Pc with a Trojan scanner turned up Keyloggers on a few machines, presumably the intention is that you play the game, then donate money to the red cross, using of course your credit card, this information is then sent back at some point, this keylogger issue isnt something im certain of, howver i AM certain that this Trojan is designed to be as difficult as possible to delete, even Norton couldnt wipe it, it took safe mode on one PC of a friends to kill it off, i have found that at the command line if you type

C:WINDOWSwnad.exe /quit

you can normally then wipe the file off as well as its companion wnad.dat.

After 72hours the program also starts making pop up advertisements appear on your machine, infuriatingly often.

After receieving complaints about twistedhumor.com from people in America, and the UK, both by email and telephone, (i called your company and got an unhelpfull response, a friend in PA spoke to yourelf) i would have thought this site would be closed by now, especially with the oportunistic way this is exploiting the feelings of people since September 11th.

i wonder how many people are now infected and are not at a PC user level where they have the abbility to track down and remove this piece of evil? i know of a few, i have removed the files from thier machines myself, how many are still infected? how many possibly had credit card information stolen due to cybercon.coms lack of response to date? please remove this site!!

as i stated before, if microsoft or another large comapny emailed yourselves complaining the site would be closed within the hour. do the 50 or so people on our group who we have found so far have to report this to the FBI, the Red Cross, syamantec, mcaffee, and any internet governing body you may have in the USA before cybercon takes action and stops supporting the blatant illegal activity of this site? i hope not, it is a shame that so far nothing has been done other than promises of action over the phone or via email, and yet no action taken.

Please respond to this issue ASAP.[/i:778e1ea04b]

And you can find dave at:

Dave Tscharner

SMC Team Leader

h*tp://www.cybercon.com

h*tp://www.bestnet.net

email: dave@cybercon.com

ph: 314.621.9991

fax: 314.241.1777

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

C y b e r c o n, I n c. (cybercon.com)

A Hyson International Company (hyson.com)

World-Class Internet Hosting Center

210 North Tucker Boulevard, 7th Floor

Saint Louis, Missouri 63101-1978

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

[FthrJACK]

Now they gone and done it...

i posted this today:

[i:83d62be039]

Dear sir/madam

After repeated contact with staff and management at your company, and repeated stalling and excuses, i would like to inform you that unless action against twistedhumor.com is taken in the next 7 working days i will be seeking legal advice regards cybercon.com and twistedhumor.com for the distribution of mailcious code

( see: viri, trojan horse program, remote access tools etc)

contrary to American law and internet codes of practice.

Please do not ignore this letter.[/i:83d62be039]

[Rick]

Why don't we just DDOS them with twisted humor of our own? Truth is, they could care less and the ISP will get no more than a slap on the wrist at best.

Rick:mad:

[FthrJACK]

Why don't we just DDOS them with twisted humor of our own? [/quote:14615f17a1]

EH? um.. we could attack them tho i suppose, but then, yu betcha they will do all they can to trace us and sue [b:14615f17a1]our[/b:14615f17a1] asses!