game
photo
retro
rant
Not logged in. · Lost password · Register

All content © NFGworld, unless otherwise noted, except for stuff we stole. Contact the editor-in-chief : baldbutsuave@thissitesdomain, especially if you are an attractive young female willing to do nude photography modelling. All rights reversed. 1019

    Forum     Search     Members     The Bedroom     About
Forum: NFGworld Forums Science, Tech and Such Social Studies RSS
Scams from Disasters
submit to reddit
Author name (Administrator) 2011-03-13, 09:20 #1
Avatar
Member since May 2011 · 2201 posts · Location: Brisbane
Group memberships: Administrators, Members
Show profile · Link to this post
Subject: Scams from Disasters
After the 'quake and tsunami in Japan on Friday there were warnings on the news about scams and dodgy charities trying to profit from it.  I just found the first such scam after clicking a link on a friend's facebook feed.

The link, promising a video of a Japanese whale launched 5km from the ocean by the tsunami, directed me to to crazytsunamivid.info (as a rule anything with .info should be considered dodgy at best) and it takes you to a page that sort of looks like a YouTube page:


It is, of course, a total lie.  WTF is FouTube?  When you try to click the video to start playback, it pops up a new window and tries to log you in to Facebook (this didn't actually log me in, thankfully), and a second or two later asks you to verify your age (this time with a very sloppy Youtube logo).  Oooh, it must be a great video if you have to be 16 or older!


Clicking the verification (which oddly only mentions the UK or USA) link takes you to a series of auto-forwarding pages until finally you land at one of those sure-fire markers of a scam, a Smilies page.

Before you get there, you have a whip past bit.ly/usipad1111, which in turn leads you to
x.azjmp.com/4cQMg?sub=ipadus, which sends you to
smileycentral.com/dl/index.jhtml?partner=ZNxpt728&spu=true?sub_id=40697-ipadus&click_hash=1212P3Td&nsrc=az2,
before finally dropping you off at smileycentral:


And from there, naturally, you're asked to download and install a bunch of ugly smiling icons, add a search bar to your browser, and basically slow your computer down and have your activities tracked.


The FouTube page is interesting.  All of the video links on the right link to the same destination: ch0p.me//ao, but this is yet another auto-forwarding page that takes you to 7-gram-rocks.info which, sadly, doesn't actually load anything. 

All of the other links on the FouTube page take you to the same page you're viewing already.  I am kind of surprised they missed the chance to allow inattentive users to try and log in with their YouTube passwords here.

The counter at the bottom of the page has links to three different sites: 24log.com, 24log.it, and russianwomen.ca, a mail-order-bride site with a 24log logo at the bottom.

Also, if you dare right click anywhere on the crazytsunamivid page, it exhorts you to stop mucking about and watch the damn video already:

[Image: http://nfgworld.com/grafx/throwaway/FouTube3.png]
BLEARGH
Author name (Administrator) 2011-03-13, 14:45 #2
Avatar
Member since May 2011 · 2201 posts · Location: Brisbane
Group memberships: Administrators, Members
Show profile · Link to this post
The scammers move fast.  Now you can find a similar thing on spinavideo.com, basically the identical page (though they replaced FouTube with YouTube) and a different video title.  No counter this time, and all links on the page point to itself.


The anti-rightclick javascript has a different message this time:

[Image: http://nfgworld.com/grafx/throwaway/YouTube2.png]

It seems that these pages are automatically liked if you're running a browser that isn't Opera, thus spreading the joy to your friends without your knowledge.

[Image: http://nfgworld.com/grafx/throwaway/YouTube3.png]
BLEARGH
Author name (Administrator) 2011-03-14, 21:26 #3
Avatar
Member since May 2011 · 2201 posts · Location: Brisbane
Group memberships: Administrators, Members
Show profile · Link to this post
This is very interesting.  The same scam keeps changing its URL.  I found it on a third page, and reloaded the page a few hours later and it auto-forwarded to two more diffrerent URLs.  Currently it's on dailymusic.ca.

This time the code had something interesting in it.  The body of the page consists of just an <!--HTML comment-->:

<!-- Mirrored from respectmiley.com/ by HTTrack Website Copier/3.x [XR&CO'2010], Tue, 01 Mar 2011 23:37:16 GMT -->

respectmiley.com redirects you to emmarespect.com which is slightly different than these other pages, but immediately forwards you to mileyshock.com, which is basically the same page as the rest.


Facebook uses a system called OpenGraph, which allows web developers to put a little bit of code in their pages making it easier for facebook (and other sites) to work out what kind of content is on display.  One of the code bits is a facebook profile number, which is supposed to indicate the administrator of the page.

In this case respectmiley is supposedly being run by Aidan F. (who swears it isn't really him, and who asked me to delete the link to his profile 'cause he won't get jobs if anyone finds out he's made of evil).  The dailymusic page lists  as the administrator.  I'm pretty confident neither of these people is actually in charge.


These pages just love to fuck with you.  Pop-up windows, auto-forwarding pages and hoops to jump through.  In one of these video pages clicking the hoop link (Hot Alice in Wonderland Graphics!) takes you to tracking101.com, then to webfetti.com which looks as slick and polished as the smileycentral page (they are affiliated), but is offering some truly hideous myspace designs.  Myspace?  Really?  Spammers are behind the curve a little here, though perhaps they're targeting the young and dumb demographic intentionally.


So you never really know what you're gonna get, but you know it's not going to be what you thought.
BLEARGH
This post was edited on 2012-03-29, 12:13 by NFG.
Author name (Administrator) 2011-03-15, 21:25 #4
Avatar
Member since May 2011 · 2201 posts · Location: Brisbane
Group memberships: Administrators, Members
Show profile · Link to this post
The scam keeps changing.  This time it's fount at goldenque.com/tsunami, with a new twist: a radarurl.com tracking tag on the right side of the screen:


The tag takes you to a tracking service site called radarurl.com, where you can see the stats for this page.  Who knows, it might actually be showing the numbers of people who visit.

Note too that this time it's called FbVideo, not YouTube or FouTube or FbTube.

The scams keep changing too, this time there are three buttons, each with four links for earning money, answering surveys, winning ipads etc.

[Image: http://nfgworld.com/grafx/throwaway/FbVideo2.png]

The delivery page is completely different this time.  After being taken past adscendmedia.com, you briefly notice innovationalnewmedia.co.uk in your address bar, until you're finally dumped at aff.mobilefun4hours.com, where you can take the celebrity quiz.  I didn't bother.

Clicking another link takes you past the adscendmedia.com, then npvos.com and finally bustedtees.com.  Every link takes you to a different point.  Each one looks like it uses an affiliate program so that the scammers can get a penny or four every time some chump clicks through.  Based on the radarurl stats, it ain't a lot of chumps, or pennies.

And, oh yeah, the administrator of this one is russian.
BLEARGH
This post was edited on 2011-03-15, 21:59 by NFG.
Author name 2011-03-16, 09:45 #5
Avatar
Member since Apr 2009 · 59 posts · Location: Bendigo
Group memberships: Citizens, Denizens, Members, Underground, Wannabe Denizens
Show profile · Link to this post
Aww man, I love these things!

I mean, how much effort has someone gone through to make sure that at least one unsuspecting preteen gives them all their pocket money? It's a work of art really.
Close Smaller – Larger + Reply to this post:
Smileys: :-) ;-) :-D :-p :blush: :cool: :rolleyes: :huh: :-/ <_< :-( :'( :#: :scared: 8-( :nuts: :-O
Special characters:
RSS RSS Feed for this thread
We love UNB by Yves Goergen!