[OT] Warning: MVP.org is not a Microsoft MVP site

[Steven Burn]

[quoted from: microsoft.public.win98.gen_discussion]

The Microsoft MVPs have a web domain, mvps.org, which contains what
we hope are a lot of useful articles aimed at being of help to users
of Windows.

We have become aware that there is another domain, mvp.org without
the s, and would advise you all that this has no connection with the
Microsoft MVP program or its members, and may put visitors at risk
of "drive-by" installs of malware.

Robear Dyer (PA Bear)
Alex Nichol
Doug Knox
Kelly Theriot
Ken Blake

Microsoft MVP program
http://mvp.support.microsoft.com

[/quote]

--
Regards

Steven Burn
Ur I.T. Mate Group
www.it-mate.co.uk

Keeping it FREE!

Disclaimer:
I know I'm probably wrong, I just like taking part ;o)

 

[YoKenny]

[quoted from: microsoft.public.win98.gen_discussion]

The Microsoft MVPs have a web domain, mvps.org, which contains what
we hope are a lot of useful articles aimed at being of help to users
of Windows.

We have become aware that there is another domain, mvp.org without
the s, and would advise you all that this has no connection with the
Microsoft MVP program or its members, and may put visitors at risk
of "drive-by" installs of malware.

Robear Dyer (PA Bear)
Alex Nichol
Doug Knox
Kelly Theriot
Ken Blake

Microsoft MVP program
http://mvp.support.microsoft.com

[/QUOTE]

Looks like another CWS mutation. Uses IFRAME to redirect to
xyz.getfound.com where xyz is www to prevent click-through

HOSTS file material.

 

[Vegard Krog Petersen]

Looks like another CWS mutation. Uses IFRAME to redirect to
xyz.getfound.com where xyz is www to prevent click-through

HOSTS file material.

In English please ;-)

 

[Steven Burn]

Below is quoted from: microsoft.public.win98.gen_discussion

From Malware Maven & MVP Mike Burgess, to whom I'd forwarded Steve Burn's
first post in this thread:

<paste>
You can safely view the hijack here:
http://www.samspade.org/t/safe?u=http://hitq.com/nav.html?AgentCod
e%3Denamecorp

This installs the following:
http://nav.HitQ.com/hitQX.cab (hitQX.ocx)
http://nav.goi.com/goixX.cab (goixX.ocx)
http://nav.hitq.com/HitQ.exe
http://nav.hitq.com/HitQUninstall.exe
http://nav.hitq.com/HitQnavi.dll
Note: these files are "Packed: UPX"
I unpacked them and the only mentioned URLs are "hitq.com"

http://go.hitq.com/search.php?word=%s&AgentCode=%s
refreshes to:
http://bigportal.com/
loads:
http://nav.goi.com/goixX.cab

Note: all the above URLs are owned by the same person:
KIM HYUNGHO
</paste>

--
Regards

Steven Burn
Ur I.T. Mate Group
www.it-mate.co.uk

Keeping it FREE!

Disclaimer:
I know I'm probably wrong, I just like taking part ;o)

[quoted from: microsoft.public.win98.gen_discussion]

The Microsoft MVPs have a web domain, mvps.org, which contains what
we hope are a lot of useful articles aimed at being of help to users
of Windows.

We have become aware that there is another domain, mvp.org without
the s, and would advise you all that this has no connection with the
Microsoft MVP program or its members, and may put visitors at risk
of "drive-by" installs of malware.

Robear Dyer (PA Bear)
Alex Nichol
Doug Knox
Kelly Theriot
Ken Blake

Microsoft MVP program
http://mvp.support.microsoft.com

Looks like another CWS mutation. Uses IFRAME to redirect to
xyz.getfound.com where xyz is www to prevent click-through

HOSTS file material.
[/QUOTE]

 

[YoKenny]

Below is quoted from: microsoft.public.win98.gen_discussion

From Malware Maven & MVP Mike Burgess, to whom I'd forwarded Steve
Burn's first post in this thread:

<paste>
You can safely view the hijack here:
http://www.samspade.org/t/safe?u=http://hitq.com/nav.html?AgentCod
e%3Denamecorp

This installs the following:
http://nav.HitQ.com/hitQX.cab (hitQX.ocx)
http://nav.goi.com/goixX.cab (goixX.ocx)
http://nav.hitq.com/HitQ.exe
http://nav.hitq.com/HitQUninstall.exe
http://nav.hitq.com/HitQnavi.dll
Note: these files are "Packed: UPX"
I unpacked them and the only mentioned URLs are "hitq.com"

http://go.hitq.com/search.php?word=%s&AgentCode=%s
refreshes to:
http://bigportal.com/
loads:
http://nav.goi.com/goixX.cab

Note: all the above URLs are owned by the same person:
KIM HYUNGHO
</paste>

CWS breeds faster than cockroaches in the night. There are over 1130 known
domain names now.
http://www.merijn.org/cwschronicles.html

[quoted from: microsoft.public.win98.gen_discussion]

The Microsoft MVPs have a web domain, mvps.org, which contains what
we hope are a lot of useful articles aimed at being of help to users
of Windows.

We have become aware that there is another domain, mvp.org without
the s, and would advise you all that this has no connection with
the Microsoft MVP program or its members, and may put visitors at
risk
of "drive-by" installs of malware.

Robear Dyer (PA Bear)
Alex Nichol
Doug Knox
Kelly Theriot
Ken Blake

Microsoft MVP program
http://mvp.support.microsoft.com

Looks like another CWS mutation. Uses IFRAME to redirect to
xyz.getfound.com where xyz is www to prevent click-through

HOSTS file material.

 

[Steven Burn]

CWS breeds faster than cockroaches in the night. There are over 1130 known
domain names now.
http://www.merijn.org/cwschronicles.html

</snip>

Why am I not suprised (

--
Regards

Steven Burn
Ur I.T. Mate Group
www.it-mate.co.uk

Keeping it FREE!

Disclaimer:
I know I'm probably wrong, I just like taking part ;o)