Jump to content


malware, part 2

  • Please log in to reply
1 reply to this topic

#1 warren



  • Members
  • 2,208 posts

Posted 02 February 2011 - 10:56 AM

Once in a while, when I'm searching for something in google, and I find a link to h.com, I find that some site (not h.com) is trying to upload an executable file to my computer. Unfortunately, I always click "no" before remembering to look at just what was going on, so I don't remember the details. And then when I click on the link a second time to try to figure out what happened, it doesn't happen again. I don't remember when this last happened, but I ran several malware, virus, rootkit, etc. scanners after that and didn't find anything.

OK, so I got it again just now. This time I'm writing down everything that happened.

I googled "golani_dati" because I wanted to see if this new user had posted elsewhere using the same name. Google came back with several results

golani_dati_86 - Viewing Profile - Hashkafah.com
26 Jan 2011 ... This user has not configured their 'About Me' page and has not added a signature to their account yet. Comments ...
www.hashkafah.com/index.php?/user/...golani-dati... - United States - Cached

golani_dati_86 - Viewing Profile - Hashkafah.com
26 Jan 2011 ... Hashkafah.com : golani_dati_86 - Viewing Profile - Hashkafah ...
www.hashkafah.com/index.php?/user/...golani-dati... - United States - Cached

golani_dati_86 - Viewing Profile - Hashkafah.com
26 Jan 2011 ... Group: Validating; Active Posts: 0 (0 per day); Joined ...
www.hashkafah.com/index.php?/user/...golani-dati-86/ - United States - Cached

I clicked on the first one, and my browser (FF 3.6.13) popped up a dialog box saying

You have chosen to open
which is a: Binary File
from http//fortreecom.net

Now usually I hit "Cancel", but this time I'll save it and see what it is. Well it's a 333KB file. It does look like a com file (I can't recall the last time I saw a com file ...). This file starts with "MZ", which means it's EXE format, but it turns out that's legal for COM files. Well I'm not going to execute it. Neither Microsoft Security Essentials nor Malware Bytes flag it, and I don't feel like finding a disassembler and taking it apart. I looked through the rest of it for text strings, and didn't find any other than names of some system calls. In "properties" it describes itself as "Intel® Integrated Controller Hub Audio Driver"

Then I visited the link again, and this time I wound up at http://www.hashkafah...e__tab__aboutme, nothing downloaded.

This is really odd. I don't see what caused it to download that executable. No hits for fortreecom.net at Google (maybe it's so new that there's nothing yet, I think the domain is different each time this happens), and when I visit that URL I get a meta-refesh to Google:
<html><head><meta http-equiv='Refresh' content='0; URL=http://www.google.com'></head></html>

Whois says that this domain was registered on Jan 31. And the contact emails are hidden via something called Privacyprotect.org.
Poe's law: without a clear indication of the author's intent, it is difficult or impossible to tell the difference between sincere extremism and an exaggerated parody of extremism

If not now, when? Because I have lunch plans.

Purple is indeed very important

The Uncertainty Principle. It proves we can't ever really know... what's going on. So it shouldn't bother you. Not being able to figure anything out. Although you will be responsible for this on the mid-term. - "A Serious Man"

#2 towerofbabble



  • Members
  • 214 posts

Posted 02 February 2011 - 06:35 PM

Some Kabbalistic mystics provide intriguing and unusual descriptions of the Tower of Babel. According to Menachem Tsioni, an Italian Torah commentator of 15th century, the Tower was a functional flying craft, empowered by some powerful magic or technology; the device was originally intended for holy purposes, but was later misused in order to gain control over the whole world. Isaac of Acre wrote that the Tower builders had reached, or at least planned to reach the distance of 2,360,000,000 parsas or 9-10 billion kilometers above the Earth surface, which is about the radius of the Solar System, including most Trans-Neptunian objects. Similar accounts are also found in the writing of Jonathan Eybeschutz and the ancient book Brith Menuchah, according to which the builders of the Tower planned to equip it with some shield technology ("shielding wings") and powerful weapons. Many Kabbalists believed that the ancient peoples possessed magic knowledge of the Nephilim, which allowed them to construct such powerful devices. Moreover, according to some commentaries, some Talmudic sages possessed a manual for building such a flying tower.
According to another mysterious Kabbalistic account, one third of the Tower builders were punished by being transformed into semi-demonic creatures and banished into three parallel dimensions, inhabited now by their descendants.

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users