1. Ragnarok

    Ragnarok Private E-2

    Something weird just happened as I surfed into the majorgeeks website. MS Antispy popped up a window saying that "syserrors.com" was trying to enter my trusted zone. I did a quick investigation which took me to http://www.syserrors.com/ which promptly informed me I was infected with W32.Sinnaka.A@mm and that my computer is being controlled from ip: 227.4.167.118
    I did a whois on the ip and the info I got back was:
    NetRange: 224.0.0.0 - 239.255.255.255
    CIDR: 224.0.0.0/4
    NetName: MCAST-NET
    NetHandle: NET-224-0-0-0-1
    Parent:
    NetType: IANA Special Use
    NameServer: FLAG.EP.NET
    NameServer: STRUL.STUPI.SE
    NameServer: NS.ISI.EDU
    NameServer: NIC.NEAR.NET
    Comment: This block is reserved for special purposes.
    Comment: Please see RFC 3171 for additional information.
    Comment:
    RegDate: 1991-05-22
    Updated: 2002-09-16
    I searched the name of the worm on google and found the name of the files it drops, searched my h/drives for them and came up clean. I then ran AVG and that to came up clean. I can only conclude this is a scam to get you to try/buy the products listed on this site. What is a major concern aside from the unethical way of luring you to their site is that they appear to be using the official MS Security Centre logo on there. Can anyone enlighten me as to whether these people are connected to MS? btw I blocked there access but if "Joe Average" stumbled upon this he could wind up in all sorts of trouble.
     
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    WHat people?

    The address you listed is just part of a reserved set of addresses used for Multicast Networks. Multicast is used most frequently in Video networks where one stream is broadcast over a network and many different endpoints (users) can join the multicast stream. It reduces network bandwidth by only transmitting one stream no matter how many end users join to receive it.

    And yes http://www.syserrors.com/ is a scam!
     
  3. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

  4. Ragnarok

    Ragnarok Private E-2

    Thanks for your reply Chaslang, the ip the site gave out was as follows:
    Attention! Your system is under control of remote computer with IP address 227.4.167.118. The remote computer has access to the following folders on your PC:
    - \WINDOWS\System32
    - \Program Files\Internet Explorer
    - \My Documents
    - Drive C:\ files
    Click here to download official anti-spyware software

    I traced it with SamSpade and was unaware of exactly what multicast was/is. Thank you for clearing that up.

    I wonder if MS are aware of them using their "Security" logo.
     
  5. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    I doubt it! But I wonder if that icon is trade marked?
     

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds