Gandi.net Groups

I belive that there is this virus that spreads by hijacking the users
MSN and opening a dialog box to all online contancts. It sends a
message to the contacts saying something along the line of "hey is this
u in the picture??" and it gives a URL
http://www.hothotpeople.net/photo8.com. After the virus sends the
message to all of the contacts the computer freezes up and has to be
restarted. After which if the user trys to open MSN again it freezes
the computer. It also is using alot of the user's CPU power. Most
people would not realize that the photo8.com "picture" is not actually
a web site its another form of executeable (.com). I pinged the URL
http://www.hothotpeople.net and it gave me an IP address of
217.70.184.38 and then i did a whois search of the address and that
lead me to this site. I belive that this website is hosting some kind
of malware at that location. If the file was removed then the virus
would not be able to spread to anymore people because the link in the
message would be invalid. please investigate this and take appropiate
action bassed on your investigation.

sincerly,random name here ______

On Avr, 13 2007 17:05 CEST, random name here wrote:

I belive that there is this virus that spreads by hijacking the users
MSN and opening a dialog box to all online contancts. It sends a
message to the contacts saying something along the line of "hey is
this
u in the picture??" and it gives a URL
http://www.hothotpeople.net/photo8.com. After the virus sends the
message to all of the contacts the computer freezes up and has to be
restarted. After which if the user trys to open MSN again it freezes
the computer. It also is using alot of the user's CPU power. Most
people would not realize that the photo8.com "picture" is not actually
a web site its another form of executeable (.com). I pinged the URL
http://www.hothotpeople.net and it gave me an IP address of
217.70.184.38 and then i did a whois search of the address and that
lead me to this site. I belive that this website is hosting some kind
of malware at that location. If the file was removed then the virus
would not be able to spread to anymore people because the link in the
message would be invalid. please investigate this and take appropiate
action bassed on your investigation.

sincerly,random name here ______

Thank you for bringing this to our attention.

As a word of general internet hygiene, if you have a link to a virus
*don't* include the full link in a mail, because people will click on
it and then download the virus! We are on Linux, so we won't be
affected, but not everyone is out there... :)

I have contacted the owner of the domain and assured that there is no
longer any contaminants being sent from the domain. 

If you notice any other examples of abuse please send your complaints to
abuse@gandi.net, and provide as much evidence as possible (fake whois,
example of code, screenshots, etc...)  

Best regards,

Ryan
http://www.gandi.net/

Thank you for bringing this to our attention.

As a word of general internet hygiene, if you have a link to a virus
*don't* include the full link in a mail, because people will click on
it and then download the virus! We are on Linux, so we won't be
affected, but not everyone is out there... :)

I have contacted the owner of the domain and assured that there is no
longer any contaminants being sent from the domain. 

If you notice any other examples of abuse please send your complaints
to
abuse@gandi.net, and provide as much evidence as possible (fake whois,
example of code, screenshots, etc...)  

Best regards,

hey, thanks for the quick response and thanks for the tips :D i hope the
maker of the virus knows he was beaten by a 17 year old :D

On Avr, 16 2007 15:35 CEST, random name here wrote:

hey, thanks for the quick response and thanks for the tips :D i hope
the
maker of the virus knows he was beaten by a 17 year old :D

Dunno...there are some pretty good 15-year old virus makers! lol ;)

Ryan
http://www.gandi.net/

Dunno...there are some pretty good 15-year old virus makers! lol ;)

haha i'll just keep beating them whenever i can then and eventually they
will give up :D

here in holland now we have this same problem, hothotpics.com/photo8.php
it say; ben jij dat op deze foto? then the link with :p smiley behind
it. think we have national problem
DO NOT INSTALL!!!

If you notice any other examples of abuse please send your complaints
to
abuse@gandi.net, and provide as much evidence as possible (fake whois,
example of code, screenshots, etc...)  

Best regards,

The damn thing was just offered to me by a girlfriend on msn... now
coming from www.hothotpics.com

ben jij dat op deze foto?
http://www.hothotpics.com/photo8.phpandiad... > 

gives a photo8.com file to download and execute

Pingen naar hothotpics.com [69.93.234.34] met 32 byte gegevens:

Antwoord van 69.93.234.34: bytes=32 tijd=136 ms TTL=46


Domain Name: HOTHOTPICS.COM
   Registrar: GANDI
   Whois Server: whois.gandi.net
   Referral URL: http://www.gandi.net
   Name Server: NS1.HOTHOTPICS.COM
   Name Server: NS2.HOTHOTPICS.COM
   Status: clientTransferProhibited
   Updated Date: 12-may-2007
   Creation Date: 02-may-2007
   Expiration Date: 02-may-2008

Last update of whois database: Thu, 14 Jun 2007 21:43:21 UTC <<<

 2007/06/14 23:44:04

domain:		hothotpics.com
owner-address:	Schuilhuisstrabe 21
owner-address:	3545GG
owner-address:	Munich
owner-address:	Germany
admin-c:	PK733-GANDI
tech-c:		PK733-GANDI
bill-c:		PK733-GANDI
nserver:	ns1.hothotpics.com 69.93.234.34
nserver:	ns2.hothotpics.com 69.93.234.35
reg_created:	2007-05-02 15:35:00
expires:	2008-05-02 15:35:00
created:	2007-05-02 17:32:31
changed:	2007-05-02 17:32:31

person:		Piet Klaase
nic-hdl:	PK733-GANDI
address:	Schuilhuisstrabe 21
address:	3545GG
address:	Munich
address:	Germany
phone:		+49.3435463454
e-mail:		3c26e806ca6d8111397629e40d2f09ff-pk733@contact.gandi.net
lastupdated:	2007-05-02 17:32:28

will also send to abuse@gandi.net

That virus is still present on the site
it is just in the form of a php script now


http://www.hoth**pics.com/photo8.php

Hmmm, nowadays it spreads itself as php in the link, which links to the
com-file.
Still a problem, it seems...

On Avr, 13 2007 17:28 CEST, Ryan (Gandi) wrote:

On Avr, 13 2007 17:05 CEST, random name here wrote:

I belive that there is this virus that spreads by hijacking the users
MSN and opening a dialog box to all online contancts. It sends a
message to the contacts saying something along the line of "hey is
this
u in the picture??" and it gives a URL
http://www.hothotpeople.net/photo8.com. After the virus sends the
message to all of the contacts the computer freezes up and has to be
restarted. After which if the user trys to open MSN again it freezes
the computer. It also is using alot of the user's CPU power. Most
people would not realize that the photo8.com "picture" is not
actually
a web site its another form of executeable (.com). I pinged the URL
http://www.hothotpeople.net and it gave me an IP address of
217.70.184.38 and then i did a whois search of the address and that
lead me to this site. I belive that this website is hosting some kind
of malware at that location. If the file was removed then the virus
would not be able to spread to anymore people because the link in the
message would be invalid. please investigate this and take appropiate
action bassed on your investigation.

sincerly,random name here ______

Thank you for bringing this to our attention.

As a word of general internet hygiene, if you have a link to a virus
*don't* include the full link in a mail, because people will click on
it and then download the virus! We are on Linux, so we won't be
affected, but not everyone is out there... :)

I have contacted the owner of the domain and assured that there is no
longer any contaminants being sent from the domain. 

If you notice any other examples of abuse please send your complaints
to
abuse@gandi.net, and provide as much evidence as possible (fake whois,
example of code, screenshots, etc...)  

Best regards,

They also are using this domain:  RATETHISFACE.NET





On Avr, 13 2007 17:05 CEST, random name here wrote:

I belive that there is this virus that spreads by hijacking the users
MSN and opening a dialog box to all online contancts. It sends a
message to the contacts saying something along the line of "hey is
this
u in the picture??" and it gives a URL
http://www.hothotpeople.net/photo8.com. After the virus sends the
message to all of the contacts the computer freezes up and has to be
restarted. After which if the user trys to open MSN again it freezes
the computer. It also is using alot of the user's CPU power. Most
people would not realize that the photo8.com "picture" is not actually
a web site its another form of executeable (.com). I pinged the URL
http://www.hothotpeople.net and it gave me an IP address of
217.70.184.38 and then i did a whois search of the address and that
lead me to this site. I belive that this website is hosting some kind
of malware at that location. If the file was removed then the virus
would not be able to spread to anymore people because the link in the
message would be invalid. please investigate this and take appropiate
action bassed on your investigation.

sincerly,random name here ______

It seems that we have a Dutch version of this virus as well... :-(
Beware!

On Jun, 18 2007 00:22 CEST, Matai wrote:

It seems that we have a Dutch version of this virus as well... :-(
Beware!

Hello,

The domain name hothotpics.com has been suspended and its glue records
have been erased.

We appreciate your help in alerting us to the presence of such problems.


Please remember that the most information you can provide the better,
and that for assistance in abuse matters, please write to the dedicated
address, abuse(at)gandi.net. 

When writing, please provide as much evidence as possible to help us
analyze the situation.

Best regards,

Ryan
http://www.gandi.net/

On Jun, 17 2007 19:56 CEST, jon wrote:

They also are using this domain:  RATETHISFACE.NET





On Avr, 13 2007 17:05 CEST, random name here wrote:

I belive that there is this virus that spreads by hijacking the users
MSN and opening a dialog box to all online contancts. It sends a
message to the contacts saying something along the line of "hey is
this
u in the picture??" and it gives a URL
http://www.hothotpeople.net/photo8.com. After the virus sends the
message to all of the contacts the computer freezes up and has to be
restarted. After which if the user trys to open MSN again it freezes
the computer. It also is using alot of the user's CPU power. Most
people would not realize that the photo8.com "picture" is not
actually
a web site its another form of executeable (.com). I pinged the URL
http://www.hothotpeople.net and it gave me an IP address of
217.70.184.38 and then i did a whois search of the address and that
lead me to this site. I belive that this website is hosting some kind
of malware at that location. If the file was removed then the virus
would not be able to spread to anymore people because the link in the
message would be invalid. please investigate this and take appropiate
action bassed on your investigation.

sincerly,random name here ______

David Phillips

On Jun, 17 2007 19:56 CEST, jon wrote:

They also are using this domain:  RATETHISFACE.NET





On Avr, 13 2007 17:05 CEST, random name here wrote:

I belive that there is this virus that spreads by hijacking the users
MSN and opening a dialog box to all online contancts. It sends a
message to the contacts saying something along the line of "hey is
this
u in the picture??" and it gives a URL
http://www.hothotpeople.net/photo8.com. After the virus sends the
message to all of the contacts the computer freezes up and has to be
restarted. After which if the user trys to open MSN again it freezes
the computer. It also is using alot of the user's CPU power. Most
people would not realize that the photo8.com "picture" is not
actually
a web site its another form of executeable (.com). I pinged the URL
http://www.hothotpeople.net and it gave me an IP address of
217.70.184.38 and then i did a whois search of the address and that
lead me to this site. I belive that this website is hosting some kind
of malware at that location. If the file was removed then the virus
would not be able to spread to anymore people because the link in the
message would be invalid. please investigate this and take appropiate
action bassed on your investigation.

sincerly,random name here ______suck a dik cunt

On Aug, 16 2007 13:33 CEST, hamen lecurio wrote:

On Jun, 17 2007 19:56 CEST, jon wrote:

They also are using this domain:  RATETHISFACE.NET





On Avr, 13 2007 17:05 CEST, random name here wrote:

I belive that there is this virus that spreads by hijacking the
users
MSN and opening a dialog box to all online contancts. It sends a
message to the contacts saying something along the line of "hey is
this
u in the picture??" and it gives a URL
http://www.hothotpeople.net/photo8.com. After the virus sends the
message to all of the contacts the computer freezes up and has to be
restarted. After which if the user trys to open MSN again it freezes
the computer. It also is using alot of the user's CPU power. Most
people would not realize that the photo8.com "picture" is not
actually
a web site its another form of executeable (.com). I pinged the URL
http://www.hothotpeople.net and it gave me an IP address of
217.70.184.38 and then i did a whois search of the address and that
lead me to this site. I belive that this website is hosting some
kind
of malware at that location. If the file was removed then the virus
would not be able to spread to anymore people because the link in
the
message would be invalid. please investigate this and take
appropiate
action bassed on your investigation.

sincerly,random name here ______suck a dik cunt

heh.. i come back to see this post for old times sake and apparently it
wasn't deleted the first time and the newb troll decided he wanted some
more ownage.... heres some ideas

a) get a job
b) move out of ur mom's house
c) learn proper grammar and spelling ie:"suck a dik cunt" somehow i
don't feel insulted 
d) learn some honor... don't make viruses that mess up ppls computers it
makes only u look stupid


To the people who also reported the viruses, props to u its good to know
that there is more ppl that are trying to stop idiots like this from
carrying on his power trip :D

Have a nice day :D