* endellion.me.uk

 

The web as it was meant to be

Once upon a time someone thought up hyperlinking. This was revolutionary and it boggled the mind. Well my mind anyway. Think of it, from the static to the dynamic, the possibilities were endless. But that is twenty-odd years ago and now it turns out that the possibilities were endless - endlessly abused, more like. When is the last time you loaded a webpage in your browser that didn't have style sheets cascading all over the place, music blaring, flash animations taking your eye out with their sharp pointy sticks... One click and you have enough cookies to solve world hunger and a basketful of ActiveX controls turning your precious computer equipment into a zombie spam machine earning millions for a russian viagra dealer.

The web as it is

It's always best to make a bad thing into a good one, even if only spurious. Personally I derive great pleasure from running viruses on my honeypot Vir tual Machines, just to see what they do. There's lots of different ones out there, and it usually doesn't take longer than 10 minutes to pick one up.

Choose a link from the left, or below:

(Also take a look at my other hobby: the rogue access point ("honey point"?)!

what's with the DOS boxes? (this is not a virus write up, but for those suffering from these things and don't know why)

9.exe running as dllhost.exe

9.exe running as rtvcscan.exe

htndhooh.exe

lqby.exe a spam server

nt.exe and execpyd.exe

msconfig.exe The best one yet, also the most personal attention and whatnot

winsec.exe For an IRC bot, curiously uneventful.

click fraud

kj.exe running as ms-java, userlist.exe and msscvc.exe IRC warez bot with channel search indexes on the web!

postcard Ever since I started collecting spam emails (erm, all of a week ago) I turn out to have lots of new friends sending me postcards. Click on the picture to choose the specific postcard you want to examine.

Nationwide Phising exercise, complete with drive-by download (TROJ_DLOADER.IVX, from march 2007)

The Symantec AntiVirus server vulnerability Still a popular target.

"Video Access Codec Install". A Russian outfit seeks to "improve" your search results, and mainly ends up slowing down your internet connection.

SystemUpgrade.exe which got downloaded as DB.exe.

Storm Worm. Happy 2008 to you too!

Non Virus

The Moroccan Hacker Dude. Totally awesome hacker leaves me his phone pix! Worth the larger font!

Someone from China visits to gamble. Just for one day, I don't block https to see what would happen...

Search Engines Fascinating stuff. (I meant the search engines, not this page)

E-Mail. It was a great idea, and it is still useful, but what has happened to it?!?

Meet Server2K3 who runs all the viri! Meet Thor who runs all the Virtual Machines!

 

Why you are here

I am trying to figure out why you are here. I can only learn so much from the Google queries I get sent. And there are quite a few people who are using the Google translate feature to get at my content. It never ceases to amaze me. But still. I get the feeling that the visitors split into two groups -- there are people who have got their computer infected and due to the lack of info on the regular virus info sites end up here. Sorry mateys m/f. I take it you were hoping for something else. (But if you can cope with the foreboding interface, send me an email to tell me what you really wanted/expected!) Removal instructions? I am trying to incorporate them now. But due to the fact that I run these viri on VM's and I tend to "revert to snapshot" when I'm done, I can't be totally sure the removal worked OK in the long run. Let me help you get rid.

Oh and the second group. Well. What can I say. Rest assured I have your IP.

Here's a gratuitous image for you: this is what happens if your virus is served from a rate-limited website... "popular" yeah right.

xonex