Select Page

Until Jan 6, 2006, Corypaints(dot)com was a kids site.  The whois on Jan 1, 2006 shows it was a pending delete.  It was taken over by a spyware gang that deals with porn.

Let’s take a look at the front page:

Coreyspaintfrongpage

Never mind the kid’s content.  It’s being pulled from old material.

Let’s do a search in google for “cory paints”, and these are the types of results you’ll get:

Corypaintsseaerchersults 

If you type the same search in, but instead with “site:corypaints.com”, you get links to corypaint(dot)com directories with really sick links (not for the faint at heart):

Private familysex video download
Free dad & daughter f—-
schoolgirl rapecom
Mother and teen son porn
Real rape scenes and stories

Clicking on these links results in an attempted WMF exploit to infect you with spyware.

The lengths these slimeballs will go to to infest a machine just boggle the mind. 

 

Alex Eckelberry
(Thanks Sunbelt spyware researcher Patrick Jordan)


Fatal error: Uncaught wfWAFStorageFileException: Unable to save temporary file for atomic writing. in /home/eckelberry1966/public_html/sunbeltblog/wp-content/plugins/wordfence/vendor/wordfence/wf-waf/src/lib/storage/file.php:34 Stack trace: #0 /home/eckelberry1966/public_html/sunbeltblog/wp-content/plugins/wordfence/vendor/wordfence/wf-waf/src/lib/storage/file.php(658): wfWAFStorageFile::atomicFilePutContents('/home/eckelberr...', '<?php exit('Acc...') #1 [internal function]: wfWAFStorageFile->saveConfig('livewaf') #2 {main} thrown in /home/eckelberry1966/public_html/sunbeltblog/wp-content/plugins/wordfence/vendor/wordfence/wf-waf/src/lib/storage/file.php on line 34