• Home
  • About 404TS
  • Contact

404 Tech Support

Where IT Help is Found

  • Articles
    • Code
    • Entertainment
    • Going Green
    • Hardware, Gadgets, and Products
    • Management
    • Network
    • News
    • Operating Systems
    • Security and Privacy
    • Software
    • System Administration
    • Talking Points
    • Tech Solutions
    • Web
    • Webmaster
  • Reviews
  • Media
    • Infographics
    • Videos
  • Tech Events
  • Tools
    • How do I find my IP address?
    • Browser and plugin tests
  • Get a Technical Consultation
You are here: Home / Media / Follow-Up: Firefox Phishing Site Taken Down

Follow-Up: Firefox Phishing Site Taken Down

2010-02-19 by Jason

I got a lot of positive feedback on my article Is Your Firefox Genuine? Phishing at its Phinest! where I identified a site that had repackaged Mozilla Firefox and wrapped it up in a bunch of malware. The site was getting a decent amount of traffic, I suspect, because it was advertising itself well and was often the top sponsored result for Firefox-related searches on Bing. I tried multiple times to get a hold of Microsoft’s advertisement group to request that they drop the advertisement, but they were unreachable “for reasons beyond [their] control.” Little did I know, there was an easier way to prevent people from installing this malware all along…

About a week after my article was published, the advertisements on Bing were replaced with Mozilla’s own ads pointing to the correct site, but I still wasn’t satisfied that there was anything I could do. I added the URL to OpenDNS’s list and notified Mozilla about a problem I thought they would have been interested in. I’ve had practice taking down sites before that were infringing my copyright using DMCA claims but this kind of issue seemed more blatant, direct, and malicious. It annoyed me that there was nothing I could do.

A few days ago, that annoyance took action in the form of a single ping. I was wondering if the site was still up. Unfortunately, it was.

I received a response from the ping pointing me to an IP of 72.47.224.148. Out of curiosity, I did an NSLOOKUP to see what that IP address was registered to. It was going to a server on gridserver.com. That sounded oddly familiar.

Because the domain is .io, looking up the Domain registry information was a little different than the usual for .com, .net, or .org. Domains ending in .IO are controlled by the Indian Ocean Domain Registry. Looking up the offending site in their Whois results in gibberish (best guess, a person in Taiwan registered it):

The only discernable information is that the URL points to a MediaTemple server. MediaTemple? MediaTemple! Gridserver.com also resolves to the MediaTemple webpage!

Here I imagined that the site would be hosted on some random malicious server in China or Russia and it’s practically the server right next to the one my site is running on!

So, it starts with a Twitter tweet:

And, until the person responsible finds a different host, it ends with a blank page and no more serving up malware-ridden Firefox.

Props to MediaTemple for taking the content down. Though they’re likely to lose a customer, they’ve made the Internet a better place. Hopefully my efforts are also helping towards that goal. I know there are more malware-dealing sites out there, but let’s hope their days are numbered.

Filed Under: Media, News, Security and Privacy

Trending

  • Hotmail No Longer Allows Common Password, Takes Strides To Prevent Account Hijacking
    In Media, Security and Privacy
  • Arrr, matey! Avast! 5 launches today!
    In Security and Privacy, Software
  • A Thunderbird Update Problem
    In Software, Tech Solutions

Latest Media Posts

Find Out Where To Download SNES ROMs

Find Out Where To Download SNES ROMs

Multifunctional Video Conversion Tools – Wondershare Video Converter

Multifunctional Video Conversion Tools – Wondershare Video Converter

  • Popular
  • Latest
  • Today Week Month All
  • How to ‘Unblock’ multiple files at a time with PowerShell How to 'Unblock' multiple files at a time with PowerShell
  • Read the Event Logs on Windows Server Core Read the Event Logs on Windows Server Core
  • SOLVED: “This modification is not allowed because the selection is locked.” SOLVED: "This modification is not allowed because the selection is locked."
  • Increase IIS Private Memory Limit to improve WSUS availability Increase IIS Private Memory Limit to improve WSUS availability
  • Access to the resource [servershare] has been disallowed Access to the resource [servershare] has been disallowed
  • Keeping Your Mac Healthy: A Comprehensive Guide to Maintenance and Troubleshooting Keeping Your Mac Healthy: A Comprehensive Guide to Maintenance and Troubleshooting
  • Making Distributed Software Development Work: Strategies and Best Practices for Managing Remote Teams Making Distributed Software Development Work: Strategies and Best Practices for Managing Remote Teams
  • customer contactless payment for drink with mobile phon at cafe counter bar,seller coffee shop accept payment by mobile.new normal lifestyle concept The Latest Innovations In Payment Technology
  • How Digital Technology Brought the Rise of the CMO   How Digital Technology Brought the Rise of the CMO  
  • How to Purchase Cryptocurrencies? How to Purchase Cryptocurrencies?
Ajax spinner

Elevator Pitch

404 Tech Support documents solutions to IT problems, shares worthwhile software and websites, and reviews hardware, consumer electronics, and technology-related books.

Subscribe to 404TS articles by email.

Recent Posts

  • Keeping Your Mac Healthy: A Comprehensive Guide to Maintenance and Troubleshooting
  • Making Distributed Software Development Work: Strategies and Best Practices for Managing Remote Teams
  • The Latest Innovations In Payment Technology

Search

FTC Disclaimer

404TechSupport is an Amazon.com affiliate; when you click on an Amazon link from 404TS, the site gets a cut of the proceeds from whatever you buy. This site also uses Skimlinks for smart monetization of other affiliate links.
Use of this site requires displaying and viewing ads as they are presented.

Copyright © 2023 · Magazine Pro Theme on Genesis Framework · WordPress · Log in