Theplanet.com willingly hosts people with trojans/botnets Options

[robFehr]

I sent an email close to a week ago to the abuse department regarding an individual who is installing trojans on people computers, and using them to spam yahoo chat.

The domain in question is http://www.findsexygirlz.com.


Above is an example of his spamming back on Nov 27th. He has since changed his domain name to findsexygirlz.com, and a recent image of his activity can be seen at


Basically, he is building a botnet by installing trojans on peoples computers, which he then uses to spam yahoo chat with his URLs. A set % of the time, his website will redirect to a 'webcam application' landing page, which makes the user download and install the program whcih is the trojan.

People infected will spam the chatrooms to try and infect more people.

More details on this guy can be found at http://www.gof***yourself.com/showthread.php?t=681401

Like I said, I emailed theplanet close to a week ago, and they have done NOTHING. I even called them to ask them how long it takes to investigate matters like this and they said a few hours.

[nForcer]

So if you sent the email, I'll be they are doing what they are supposed to be doing...looking into the situation.

The Planet, unlike many other providers, is very cautious with events such as this because most of the time they are spoofed IP addresses having nothing to do with a server hosted at ThePlanet.

Just because you submitted a report to the Abuse department doesn't mean they will contact you with the end result. Just report the issue and unless its directly affecting you in a business way...let them do thier job and be humble.

[robFehr]

That is ridiculous
This has nothing to do with spoofed ip addresses - use tracert and its obvious that the site is hosted at theplanet.com

And I know they will not email me about the result, but I can see the result with my own eyes as this guy has his bots all over yahoo chat; right now.

Its been 8 days now, and since they claimed most incidents are resolved within a few hours, or at most 2-3 days, I have a feeling they are going to do nothing about this case.

[Heatseeker]

none of those sites are hosted at theplanet. so, just because it's still happening you assumed that theplanet didn't do anything about it? it appears he just moved his operation elsewhere.

an older dns record that he was hosted at theplanet, but it doesn't seem so anymore.

edit: just saw your new post. please post a screenshot of your tracert because i'm not seeing those domains hosted at theplanet.

[Matt2k]

I don't know about the bots, but I had no idea such a forum existed with over 10 million posts.

[Matt2k]

> one of those sites are hosted at theplanet. so, just because it's still happening you assumed that theplanet didn't do anything about it?

If you'll read the thread, the trojan downloads data from http://xnet4.ipwn.com/ys/dat/mylink.txt (and others) which is clearly a server at this datacenter.

Now, this is just a theory, but if getting to that stage involves hanging out on a yahoo chat room, downloading a program, watching network traffic and debugging the trojan, then I might understand why it's taking the abuse department a little longer to run some tests. Obviously unless it's something super critical they want to make sure they're not canning a legitimate customer.

[robFehr]

I think it has more to do with incompetence than anything else. The research has already been done. They have to do nothing but look at whats already there.

Here is his trojan website http://xsphinx.com/
(if you refresh www.findsexygirlz.com enough you will get there)
Here is the actual trojan http://xsphinx.com/xsphinx.exe

What more proof do you need? Honestly..

[Matt2k]

> What more proof do you need? Honestly..

Are you trying to convince me or the abuse department, because I'm certainly not about to run that executable.

[robFehr]

Well im hoping that by creating this thread theplanet actually looks into the situation.

[fpscops.com]

Well im hoping that by creating this thread theplanet actually looks into the situation.

Its been tried with little reward. I haven't checked lately to see if persian tools is still on this network. Some guy rallied hard here in the forums to shut down a pirate site.

[robFehr]

Well im hoping that by creating this thread theplanet actually looks into the situation.

Its been tried with little reward. I haven't checked lately to see if persian tools is still on this network. Some guy rallied hard here in the forums to shut down a pirate site.

ugh..
why are hosts so incompetent nowadays

[fpscops.com]

There's several different things that could be going on. One thing to keep in mind is that there could be an investigation going on and there simply gathering evidence.

[nForcer]

He's just looking for a 'finders fee' so he can cash in on being a tattle tale.

...just looking for attention.

[robFehr]

He's just looking for a 'finders fee' so he can cash in on being a tattle tale.

...just looking for attention.

is that what you think of when people report trojan makers?

idiot

[klaude]

Its great how people go about shouting "impompetence" in situations like this. If you emailed our abuse group then we're aware of it and we'll handle it. Sometimes "handling it" involves leaving the site up. Thanks for reporting this to us. I'll follow up with our abuse guys to make sure we're taking care of it.

[nForcer]

I guess this robFehr guy must have been hit by one of these 'trojans' to justify making such a big fuss.

Its pretty sad when an 'idiot' can point out YOUR stupidity. Kind of like watching a normal person loose in in the Special Olympics.

I mean no disrespect to those involved in or in relation to the Special Olympics. My crude usage was to point out the severity of the issue.

[fpscops.com]

I guess this robFehr guy must have been hit by one of these 'trojans' to justify making such a big fuss.

Its pretty sad when an 'idiot' can point out YOUR stupidity.  Kind of like watching a normal person loose in in the Special Olympics.

I mean no disrespect to those involved in or in relation to the Special Olympics.  My crude usage was to point out the severity of the issue.

You are a complete and total douche bag.

Why you even posted in thread no one will ever know.

[nForcer]

[cprompt]

I mean no disrespect to those involved in or in relation to the Special Olympics.

When you mean no disrespect or don't want to cause offence, it is often better to think of a different analogy

[robFehr]

I guess this robFehr guy must have been hit by one of these 'trojans' to justify making such a big fuss.

Its pretty sad when an 'idiot' can point out YOUR stupidity.  Kind of like watching a normal person loose in in the Special Olympics.

I mean no disrespect to those involved in or in relation to the Special Olympics.  My crude usage was to point out the severity of the issue.

You are an idiot. Even worse, you are an idiot that has over 1800 posts on a support forum for a host, which makes your title 'SuperGeek' seem truly fitting.

Why don't you go troll in another thread. I sent an email 8 days ago and nothing happened, I figured this case was ignored so I brought it up here.

Thank you klaude for the reply - if you need any other info about this guy let me know.

PS nForcer: its ironic to see you calling people idiots when you obviously have difficulty spelling simple words like 'lose'