SECURITY When I was at work a few months ago, I encountered some spyware that was changing the dns information on one of my clients computers. This is effective for causing searches in their prefferred search engine(searchathand.com, 195.225.177.18), also effective at previnting internal usage dns, causing problems. There was an IP that the spyware(which i lost my notation on what it was) was using to phone home. It was a 78.x.x.x I believe. Anyway if anyone has a live copy of this program, I would like to see it. On a side note there are 13 websites hosted at the ip for searchathand.com :
1. foxik.com 0 listings 0 listings
2. gooddaystart.com 0 listings 0 listings
3. lovezest.com 0 listings 0 listings
4. palsland.com 0 listings 0 listings
5. ruworld.com 0 listings 0 listings
6. search-daily.com 0 listings 0 listings
7. searchathand.com 0 listings 0 listings
8. sysini.com 0 listings 0 listings
9. webcry.com 0 listings 0 listings
10. x-max.net 0 listings 0 listings
11. xxxnets.net 0 listings 0 listings
12. yahabags.com 0 listings 0 listings
13. ypiter.com
They all seem to be smut and spam stuff.

Anothere weird thing is when I traceroute these people who should be in the Ukraine it hits a new york router then jumps to the Ukraine. Does anyone know if there is a direct sattelite link in New York to the Ukraine?

Also they are hosted by netcat hosting(nice name). Which dead ends you guessed it, at New York.

So yeah what the hell. Give me a comment. Point out the flaws in my detective work or critique. noctem@pochta.ru