Infected directory submission service

[W32/Sober@MM!M681]

I was testing a new "free" directory submission service and after I submitted one of my sites to the first directories I noticed that my computer started downloading some weird files and my anti-virus software was turned off.

It turned out that my computer got infected by W32/Sober@MM!M681. So much for this free submission service!

As soon as I had cleaned my hard drives from trojans I came here to warn everyone about www. 1ps .biz (without spaces).

[Join us @ facebook]

Have you tried to contact the owners of this site?

BTW what browser you used to do the submittions? (my guess is that you have IE)

I used IE (hadn't installed Firefox on my new computer), so I guess it's my own fault....

I tried to contact the web site owner, but I haven't heard anything yet.

The web site is hosted in Russia (at webspace.ru) and the IP address is blacklisted for spam (multiple time) so I guess they will not care or maybe they don't know how to remove the trojans(?). Last time the IP was blacklisted was today (the 16th of April).

[Join us @ facebook]

I've just checked the spam list for the referer spam tool and they are on it too ( http://www.thetopsites.net/referer_spam/index.php?trg=spamblacklist )

Maybe I should sent an email to godaddy because the domain name is registered thru them.

[Join us @ facebook]

That's a good idea. BTW if they send you a reply let us know

[Philippine Beach Resorts]

forgive me for my ignorance. why is it called referer spam?

It's because they use a spider that visits domain names and fake a referring URL. THat way their own web site show up in your log files. Some people do not have their stats password protected so for example Google and other search engines find hte links so the spammer gets higher link popularity.

I don't know if Google has already found out this and are ignoring links in stats pages? Anyone know?

BTW I just got a mail from one of the sites I submitted my URL to. Looks like 1ps has been blocked from submitting to some sites.

Date: Mon, 17 Apr 2006 02:00:01 -0700 (GMT)
To: <>
From: <>(SECRET FFA)
Subject: #######  STOP posting to my F F A site!  #######

Title: Xavier Media
URL: http://www. .com/
Submitted by: no @ spam .com
IP: *.*.*.99

Thanks for submitting your site to our high-traffic F F A Links page.

http://www. .com/

#####################################
#####################################

"STOP posting to my F F A site!"

You are wasting your time, because NO ONE
is going to see your ad!

Read the F.REE report that reveals the shocking
TRUTH behind all those "we'll put your ad on
500,000 sites for f.ree" programs!

http:// .com/

######################################
######################################

[Join us @ facebook]

forgive me for my ignorance. why is it called referer spam?

It is called referer spam or statistics spam, because the spammer uses a referer header to visit your site using a bot. This way, when you check your statistics you'll see some referring sites, that are actually fake hits. You can see more information here :

http://www.thetopsites.net/referer_spam/

I don't know if Google has already found out this and are ignoring links in stats pages? Anyone know?

The bad news is that none have done something for this, and that's the reason that referer spam is growing. On the url above is a tool that I made before some time, that helps restrict access to those scamers.

[Philippine Beach Resorts]

oh ok, now i know... thanks for taking the time to explain to me, both of you.

[Guest]

[62.861]

Markirosyan, Googlebot, Msnbot, thergery