Scam?

[Ragnarok]

Something weird just happened as I surfed into the majorgeeks website. MS Antispy popped up a window saying that "syserrors.com" was trying to enter my trusted zone. I did a quick investigation which took me to http://www.syserrors.com/ which promptly informed me I was infected with W32.Sinnaka.A@mm and that my computer is being controlled from ip: 227.4.167.118
I did a whois on the ip and the info I got back was:
NetRange: 224.0.0.0 - 239.255.255.255
CIDR: 224.0.0.0/4
NetName: MCAST-NET
NetHandle: NET-224-0-0-0-1
Parent:
NetType: IANA Special Use
NameServer: FLAG.EP.NET
NameServer: STRUL.STUPI.SE
NameServer: NS.ISI.EDU
NameServer: NIC.NEAR.NET
Comment: This block is reserved for special purposes.
Comment: Please see RFC 3171 for additional information.
Comment:
RegDate: 1991-05-22
Updated: 2002-09-16
I searched the name of the worm on google and found the name of the files it drops, searched my h/drives for them and came up clean. I then ran AVG and that to came up clean. I can only conclude this is a scam to get you to try/buy the products listed on this site. What is a major concern aside from the unethical way of luring you to their site is that they appear to be using the official MS Security Centre logo on there. Can anyone enlighten me as to whether these people are connected to MS? btw I blocked there access but if "Joe Average" stumbled upon this he could wind up in all sorts of trouble.

[chaslang]

WHat people?

The address you listed is just part of a reserved set of addresses used for Multicast Networks. Multicast is used most frequently in Video networks where one stream is broadcast over a network and many different endpoints (users) can join the multicast stream. It reduces network bandwidth by only transmitting one stream no matter how many end users join to receive it.

And yes http://www.syserrors.com/ is a scam!

[chaslang]

By the way, both SpyAxe and SpyTrooper are listed on the rogue list:

http://www.spywarewarrior.com/rogue_anti-spyware.htm

[Ragnarok]

Thanks for your reply Chaslang, the ip the site gave out was as follows:
Attention! Your system is under control of remote computer with IP address 227.4.167.118. The remote computer has access to the following folders on your PC:
- \WINDOWS\System32
- \Program Files\Internet Explorer
- \My Documents
- Drive C:\ files
Click here to download official anti-spyware software

I traced it with SamSpade and was unaware of exactly what multicast was/is. Thank you for clearing that up.

I wonder if MS are aware of them using their "Security" logo.

[chaslang]

Quote:

Originally Posted by Ragnarok

I wonder if MS are aware of them using their "Security" logo.

I doubt it! But I wonder if that icon is trade marked?