The Misuse Of Your Material
admin
FAO Administrators and Polycounters
Just got off the phone from the police after having no luck elsewhere because this latest online parasite has not replied to my email...
If you have no idea what I'm talking about, I'm talking about online threats where someone steals links to your artwork and uses your name to redirect people to rootkits, trojans and fake anti-virus programs. It's not nice having your name dragged through the mud.
The last guy actually replied to my emails after some threats and removed the links but this one hasn't and is now using a different domain, registered to a different person with a different virus attached.
By The Way...
Deviant art and Polycount images are being used as links to these threats so I urge you to do a little ego surfing. Check google images under your most common online alias and look out for dodgy links. Be careful! If the link contains nspl.co.in don't click it because you may not have the software to deal with the infection. As for anything else I'm not so sure, keep your eyes open!
Just got off the phone from the police after having no luck elsewhere because this latest online parasite has not replied to my email...
If you have no idea what I'm talking about, I'm talking about online threats where someone steals links to your artwork and uses your name to redirect people to rootkits, trojans and fake anti-virus programs. It's not nice having your name dragged through the mud.
The last guy actually replied to my emails after some threats and removed the links but this one hasn't and is now using a different domain, registered to a different person with a different virus attached.
By The Way...
Deviant art and Polycount images are being used as links to these threats so I urge you to do a little ego surfing. Check google images under your most common online alias and look out for dodgy links. Be careful! If the link contains nspl.co.in don't click it because you may not have the software to deal with the infection. As for anything else I'm not so sure, keep your eyes open!
Replies
Deviant art was notified of a hijacked link, the image was of deviant artwork and the link contained deviantart.com but finally resolved to another domain after piggybacking off yet another site.
I'm no hacker so it's hard to say how they are doing it, maybe it's a case of providing links on their own dodgy site that are controlled by scripts, making them appear like they are somewhere else. When google images re-caches, the new links appear instead of the original genuine ones. If that even makes sense/is possible!
JS/FakeAV.L (Authentium (Command))- Trojan.JS.Fraud.ba (Kaspersky)
- HTML/Renos.J (Norman)
- FakeAlert (AVG)
- JS/FakeAlert.72367 (Avira)
- Trojan.Script.Q (BitDefender)
- JS/AdClickerScript.AI (CA)
- Trojan.JS.Fraud (Ikarus)
- Troj/FakeAV-CLJ (Sophos)
*Bigjohn I don't want you to lose any data, or otherwise be affected by this. If your not 100% sure, let me know.Update: This guy has just changed domain again after another email, same virus though. Google security have been contacted, re: his email account. Asked that they not delete or suspend services, instead track his ip address. Not sure if they can.
The problem is that you can directly link to Deviantart images. So the only thing I think we can do is tell DA about it, and have them ban that domain/IP. But I'm not sure how helpful that will be in the long run.
Also, I don't know why google would allow a link to something that's not directly an image, and has scripts attached to it. That shouldn't be allowed for this exact reason.
About using images on his own server, it's doubtful that's the case as it would be pretty easy to trace him. He's got to be using free hosting somewhere.
It could be that his ip was logged when he signed up to some of these services as proxies don't work with google for one and that may be the only avenue to detection. whois information is obviously false.
Also reported urls to a site (badware I think, can't remember) anyway he's changed the attack domain AGAIN! now it's
DO NOT GO TO THIS SITE
ps: AGAIN I urge you ALL to check google images for your artwork, if the hovered popup contains nspl.co.in it is a virused link and needs reporting.
gc
That sucks but at least you were able to talk to them. Doing my bit though, reporting to all the companies affected but I'm getting the impression that this person will never be caught or stop
Will justice prevail? *goes to dust off old batman costume...
Been in touch with every source possible, I won't bore you with the details except for one: after stumbling on a thread regarding the hacking of google images and leaving a comment I was in communication with the author who reported to google. Shortly afterwards all the dodgy behaviour ceased, no more bad links!
I wish to thank everyone involved in helping to solve these issues and hope something befitting is in store for the low life responsible:)
Nicely done!