blocking of iframeDollars

  • Thread starter Thread starter Robert Baer
  • Start date Start date
R

Robert Baer

In the May 30 issue of InformationWeek, page 63, ther was an article
"From Russia With Malware".
It states that "companies can prevent the downloading of adware and
spyware from iframeDollars' servers by blocking the IP address
81.222.131.59 .
However, they do not give example(s) of what to put in the HOSTS file
for individual peons.
So, in order that we do not get peed-on, would someone be so kind as
to provide that service?
 
In news: Robert Baer typed:
In the May 30 issue of InformationWeek, page 63, ther was an
article "From Russia With Malware".
It states that "companies can prevent the downloading of adware and
spyware from iframeDollars' servers by blocking the IP address
81.222.131.59 .
However, they do not give example(s) of what to put in the HOSTS
file for individual peons.
So, in order that we do not get peed-on, would someone be so kind
as to provide that service?
Click to expand...

Add 81.222.131.00 - 81.222.131.255 to your firewall deffinitions!
Works great. :)
 
Robert Baer said:
In the May 30 issue of InformationWeek, page 63, ther was an article
"From Russia With Malware".
It states that "companies can prevent the downloading of adware and
spyware from iframeDollars' servers by blocking the IP address
81.222.131.59 .
However, they do not give example(s) of what to put in the HOSTS file
for individual peons.
So, in order that we do not get peed-on, would someone be so kind as
to provide that service?
Click to expand...

There's no provision for blocking an IP address in the HOSTS file.
You'd need to know the host name.
Typically "ping -a 81.222.131.59" entered at a command pormpt would resolve
the name. In this case it doesn't; that address isn't pingable.
Whois isn't much help either; so as far as the HOSTS file goes, I don't know
what to tell you.
If you are behind a configurable router, maybe you could block the IP
address there.

-or-

Go here and get their most excellent HOSTS file:
http://www.mvps.org/winhelp2002/hosts.htm
 
There's no provision for blocking an IP address in the HOSTS file.
You'd need to know the host name.
Typically "ping -a 81.222.131.59" entered at a command pormpt would resolve
the name. In this case it doesn't; that address isn't pingable.
Whois isn't much help either; so as far as the HOSTS file goes, I don't know
what to tell you.
If you are behind a configurable router, maybe you could block the IP
address there.
Click to expand...
=========================================
inetnum: 81.222.0.0 - 81.222.255.255
org: ORG-EA40-RIPE
netname: RU-ELTEL-20021128
descr: ELTEL.NET
descr: PROVIDER
country: RU
admin-c: ER4040-RIPE
tech-c: ER4040-RIPE
status: ALLOCATED PA
mnt-by: RIPE-NCC-HM-MNT
mnt-lower: ELTEL-RIPE-MNT
mnt-routes: ELTEL-RIPE-MNT
source: RIPE # Filtered

organisation: ORG-EA40-RIPE
org-name: ELTEL
org-type: LIR
address: 10N, 65-67, Chaykovskogo Str.
address: 191123
address: Saint-Petersburg
address: Russian Federation
phone: +7 812 4381100
fax-no: +7 812 4381101
e-mail: (e-mail address removed)
admin-c: DS544-RIPE
admin-c: OS1157-RIPE
admin-c: AG12797-RIPE
admin-c: SA507-RIPE
mnt-ref: ELTEL-RIPE-MNT
mnt-ref: RIPE-NCC-HM-MNT
mnt-by: RIPE-NCC-HM-MNT
source: RIPE # Filtered

role: ELTEL REGISTRY
address: JSC ELTEL
address: 10N, 65-67,
address: Chaykovskogo st.
address: 191123 Saint-Petersburg
address: Russia
phone: +7 812 4381100
phone: +7 812 4381102
fax-no: +7 812 4381101
e-mail: (e-mail address removed)
remarks: trouble: Points of contact for ELTEL
remarks: trouble: Sales:
(e-mail address removed)
remarks: trouble: Routing and peering issues:
(e-mail address removed)
remarks: trouble: SPAM and Network security issues:
(e-mail address removed)
remarks: trouble: Mail issues:
(e-mail address removed)
remarks: trouble: LIR issues:
(e-mail address removed)
remarks: trouble: Information:
http://www.eltel.net
remarks: trouble: Hosting:
http://www.HostWay.ru
admin-c: SA507-RIPE
admin-c: OS1157-RIPE
tech-c: AG12797-RIPE
tech-c: YV89-RIPE
nic-hdl: ER4040-RIPE
mnt-by: ELTEL-RIPE-MNT
source: RIPE # Filtered

% Information related to '81.222.128.0/20AS20597'

route: 81.222.128.0/20
descr: ELTEL.net
origin: AS20597
mnt-by: ELTEL-RIPE-MNT
source: RIPE # Filtered
==================================================
 
It states that "companies can prevent the downloading of adware and
spyware from iframeDollars' servers by blocking the IP address
81.222.131.59 .
However, they do not give example(s) of what to put in the HOSTS file
for individual peons.
Click to expand...

According to http://whois.webhosting.info/81.222.131.59 there are only three
domain names on that ip. Note that the reverse domains lookup is often
incomplete. To block those three, add ...
127.0.0.1 BESTCOUNTER.BIZ
127.0.0.1 IFRAMEDOLLARS.BIZ
127.0.0.1 IFRAMEDOLLARS.COM
to your hosts file.

Regards, Dave Hodgins
 
Back
Top