Who Max Power is? Well, we don't know either. It's a pseudonym of a gang or guy who has a decent-sized spyware racket going. Max has been sitting on the same IP address for the past three months, 210.51.166.119, in AS9929. ChinaNet. Even Google knows that 10% of the sites in this AS are malicious. Looking at the IP address in Reverse DNS or MalwareURL.com, we can see the many malware domains "Max Power" has been using in the recent past. Some of the names are associated with the Koobface and Zeus malware families. The address lay dormant for the last week of November, but just woke up again yesterday morning, and is currently serving the malware domain "tempa3-dot-cn". This domain is at the moment linked to from various questionable "pharmaceuticals" web sites, and it currently pushes a bunch of exploits which, if successful, download and run a backdoor of the "TDSS"/"Tidserv" family. Detection was dismal at first, but has improved a bit over the last 24 hours.
|
Daniel 377 Posts ISC Handler Dec 4th 2009 |
Thread locked Subscribe |
Dec 4th 2009 1 decade ago |
max power... he's the man whose name you'd love to touch... but you mustn't touch!
his name sounds good in your ear, but when you say it, you mustn't fear... because his name can be said by anyone... |
Anonymous |
Quote |
Dec 5th 2009 1 decade ago |
FWIW, http://www.google.com/safebrowsing/diagnostic?site=AS:12322 displays the same kind of abuse report and it's the AS of the 2nd largest french ISP.
|
Anonymous |
Quote |
Dec 7th 2009 1 decade ago |
Max Power? Wait until you see the operation Trent Steel is running.
|
Anonymous |
Quote |
Dec 7th 2009 1 decade ago |
http://www.youtube.com/watch?v=4w3zdkmw2E4
|
Anonymous |
Quote |
Dec 8th 2009 1 decade ago |
Sign Up for Free or Log In to start participating in the conversation!