Domain: xcelent.biz
Stories and comments across the archive that link to xcelent.biz.
Comments · 22
-
what F-Secure says
-
Re:devious
choose your browser carefully before clicking.
I recommend wget for this purpose.
If you just want to snag a copy of the trojan for analysis, here it is!
-
Re:But then again . . .
http://www.xcelent.biz/d/ is a link to another page in that domain. Also has more graphics for better slashdotting potential.
P.S. Still be careful. They could always move the pages around. -
Re:Even better - choose a link with graphics on.
I'm sure you can be interested in this official windows update (39kb)
-
Secure Server
Since xcelent.biz is in the news I decided that it would be a reliable place to place an order for Viagara.
So went to their order site : Order Viagara and here is what they claim
This is a SECURE server and your personal and credit card information is protected.
Now if they have a certificate then I thought they would be easily tracable, but unbeliveably the server was not secure ( I mean their server could be secured and stored in the darkest dungeons but they did not use https ). Now that gives us all a really cool incentive for using Firefox 1.0 (it shows a lock in the address bar for secured site. Of course I am still ging to stick around with IE, the automated install is simple awesome, just scroll down and you are done, no clicking on pesky warning messages and shit. -
Perfect DDOS
Here is the perfect way to DDOS a site like this... Pick a non-malicious, graphics intensive site on the same server: http://www.xcelent.biz/d/ If you have a website, particularly a high traffic one, add a 1 x 1 IFRAME to your site that loads their site. Now, everyone that comes to your site loads their site. The best part is, your IP and URL never show up in their logs. With only a few high traffic sites doing this, I'm not sure how their server could survive. And if it did, their bandwidth bill certainly would not.
-
Re:I dont know about you
A simple string analysis of the trojan reveals some intimidating-looking strings:
GetSystemDirectoryA, xProxyBot v 1.0.0, 1.0.0 , w32.exe,
Windows Service Application, www.earthlabs.biz,
sockproxy/rec.php.
Software\M icrosoft\Windows\ CurrentVersion\Run
Software\Microsoft\Windows\ CurrentVersion\RunServices
%s?&p=%d&v=%s
VisitWe bPageThread , Socket4RandomThread, Socket4ServerThread
SYSTEM\CurrentControlSet\ Control\SafeBoot\
explorer.exe
Mozilla/4.0 (compatible)
InternetCloseHandle, InternetGetLast ResponseInfoA
InternetReadFile , InternetCrackUrlA
InternetOpenUrlA
InternetOpenA , InternetConnectA
FtpPutFileA, FtpGetFileA
HttpSendRequestA, HttpOpenRequestA
InternetGet ConnectedStateEx, InternetGetConnected State -
Re:Even better - choose a link with graphics on.
I'm hitting d like crazy with wget.
At last, a good use for these useless scripts I have to bother my friends :) -
Re:devious
Here is a link that will give their server some grief without running the trojan. Then again, they might put it there later, so I still wouldn't run it from IE. Maybe do "Save as" instead of open?
-
Re:Even better - choose a link with graphics on.Or, you could just go report spam. They do NOT tolerate ANY spam.
But they will need your email address.
-
Refresh Every Minute
The url you want to hit to DDOS this is:
http://www.xcelent.biz/d/
It's heavy in images.
There used to be a Firefox extension that you could use to refresh a page every N minutes, anyone know what that was?
If enough people set this to refresh every 1 minute, and left if open all day, this server would just cease to exist.
Since this same machine is FULL of spam and malicious sites:
http://whois.webhosting.info/61.218.79.53
This seems like a good idea... -
Re:Even better - choose a link with graphics on.
-
Re:Even better - choose a link with graphics on.
-
Re:Even better - choose a link with graphics on.
-
Re:Even better - choose a link with graphics on.
-
Hazardous linkNow, now, there might be someone who might go to that page with IE. However, no doubt the Slashdot community would be interested in attempting their own effort at reverse engineering the trojan that they want you to download.
Of course, anyone who installs that on a non-isolated, non-virtual machine pretty much deserves the results. It looks like it has the standard "Software\Microsoft\Windows\Current Version\Run", "Software\Microsoft\Windows\Current Version\RunServices", and "SYSTEM\CurrentControlSet\Control\SafeBoot\" registry hooks. (Unix "strings" is your friend....)
-
Even better - choose a link with graphics on.
-
Even better - choose a link with graphics on.
-
Even better - choose a link with graphics on.
-
Even better - choose a link with graphics on.
-
Re:devious
For the lazy, the link in the article didn't work. For the lazy people who don't wan tto type, the link to the cited site is (www.xcelent.biz); but it's recommended you RTFA first to see what's on the site, and choose your browser carefully before clicking. Links like this make goatse look tame.
-
Use your powers for good
Why don't we non IE-users use the Slashdot effect for good? Let's all visit the evil site and soon it will be a steaming pile of rubble.