As many of you know, iFramecash(dot)biz is down (as well as its related site, extrememoney(dot)biz). This is a nasty group that runs exploits through ads.
Well, they are actually running just fine, thank you — albeit at a different site, iframemoney(dot)biz. In fact, here’s the whole happy bunch:
| 81.95.146.85 | iframemoney biz | Charles | Manuel | admin@spyfix.biz | |
| 81.95.146.86 | xarwiroozc biz | Charles | Manuel | admin@spyfix.biz | |
| 81.95.146.86 | xcytxcxqrb biz | Charles | Manuel | admin@spyfix.biz | |
| 81.95.146.86 | xdnsupulub biz | Charles | Manuel | admin@spyfix.biz | |
| 81.95.146.86 | xepvdhdnzs biz | Charles | Manuel | admin@spyfix.biz | |
| 81.95.146.86 | xffsktxdul biz | Charles | Manuel | admin@spyfix.biz | |
| 81.95.146.86 | xgbgsfmdis biz | Charles | Manuel | admin@spyfix.biz | |
Of course, in typical style, their site is replete with the black car and funky techno music. After all, the life of a spyware scum must be glamorous, no? (Hey Boris, let’s pwn some machines and then hit teh disco yah!)
Alex Eckelberry
(Thanks to Sunbelt researcher Patrick Jordan and our friends at MAD)