Sunbeltblog comments
"Dangerows" 
. Ows for your danger. But seriously. This may be a big mistake from the bad guys. What if the phone companies trace the calls 
? I think this may be a biggest mistake ever from the dark side.
The usual excellent grammar from the scammers - on various pages, it says:
Software component license "exprited"
That means the license stopped being a prit. Whatever a prit is.
"What if the phone companies trace the calls ?"
I'm sure most of the numbers lead to countries who don't give a damn. Just like the various frauds and scams with porn dialers and "It is urgent you call this number" mails and emails.
The phone company will be charging you some insane rate so they're getting their cut and don't care either.
If the numbers do get traced back it'll probably be to a cell phone set up with stolen information.
Dang, I should have thought of that.
Estdomains is the registrar. Dodgy looking domain registration details allegedly for someone in Albania. 64.28.182.146 is the IP address, hosted by Cernel, a host that has also been associated with Zlob and other nastiness.. I suspect that Cernel need to get their act together more.
Ah yes, our old friend EstDomains. How do they get away with hosting malware? Is it some horrible European law? Or lack of?
Why does ICANN allow estdomains to be an accredited registrar?
Because they get payed. As long as ICANN gets it's cut, they don't care.
I show them with a diff registrar:
http://whois.domaintools.com/
pas...ordtwoenter.com
ICANN Registrar: INTERCOSMOS MEDIA GROUP, INC. D/B/A DIRECTNIC.COM
Created: 2006-04-02
Expires: 2012-04-02
Registrar Status: clientDeleteProhibited
Registrar Status: clientTransferProhibited
Registrar Status: clientUpdateProhibited
Name Server: NS0.P2E.COM (has 10 domains)
Name Server: NS1.P2E.COM
Name Server: NS2.P2E.COM
Name Server: NS3.P2E.COM
Name Server: NS4.P2E.COM
Whois Server: whois.directnic.com
Can't do anything about the others but I'll get in touch with OFCOM and BT and get the UK number shut off.
I've tried calling OFCOM and ICSTIS, their offices are apparently closed. I've called BT and Crimestoppers, both of whom told me they can't do anything (all they've told me to do is call my local police force 
).
Could've sworn OFCOM and ICSTIS had 24 hour numbers but apparently not.
From the phonepayplus.org.uk site;
This is what we know about the number you entered (09099679595).
We do not have any specific information about this number at present. However we can tell you the following.
This is classified as a Sexual Entertainment Services at a Premium Rate for BT customers number.
It is provided by Invomo Ltd.
And costs £1.50pm [in pence or pounds where 'pm' means 'per minute' and 'pc' means 'per call'].
I've submitted a report via their site, but am not expecting much (I'll give OFCOM/ICSTIS a call tomorrow morning)
MysteryFCM -- that's rather interesting...
No such details for the SMS number 
**************
This is what we know about the number you entered (79910).
We can tell you that this number (known as a 'shortcode') relates to a text message providing premium rate content such as ringtones, jokes, games, tarot and chat.
If you are receiving chargeable text messages that you want to cancel, we would recommend that you get in touch with your mobile provider and ask them for details of the company operating this shortcode. When you have this information, contact that company and request to be unsubscribed from it. We are unable to do this on your behalf.
Alternatively, you could text the word STOP to the number you queried; however, we cannot guarantee that this will work with every shortcode.
**************
The number checker btw, is at;
http://www.phonepayplus.org.uk/n...k/
numberchecker
1.50 pounds per minute? That's almost 3 dollars :O!!!
Alex,
I've got in touch with PhonePayPlus (formerly known as ICSTIS) concerning this and they've asked me to e-mail the URL to your blog so they can look into it ..... I'll CC you a copy of the e-mail I send them 
Antiadware? lol?
If I got hijacked to this site, and yanked the plug from the computer, and rebooted in safe mode, what would happen? Besides being yelled at by my parents for booting in safe mode?
Yes, if you reboot in safe mode, it should give you back your desktop.
Removing locker.exe and the associated registry entry then should get you back to normal.
Thanks. I don't fool around and go to dangerous websites, but I'm just making sure, as this is a particularly scary bit of malware, so I just want to make sure. (P.S. How can I make my parents believe an out of date copy of McAfee and Windows Firewall is not secure? The only real security we have is Spybot.)
Eek, at least get a free AV product like AVG if you need something.
Follow up on this issue :
http://sunbeltblog.blogspot.com/...y-by-
phone.html
Ladies and Gentlemen,
it's a pity that we have seen that case so late. There are some details that have not been mentioned before.
1)@Invomo
Invomo earlier was "Telecom One Ltd", a (originally) Hong Kong based UK phone company. One of their directors was the danish businessman M*S*P* who later founded several companies in Spain and Gibraltar and who was convicted of "dialler fraud" in Germany in 2005. He was also the main topic of a BBC programme ("The Great Phone Call Con", see google). Up to 20,000 UK citizens may have been victims of the man German TV called "The Godfather of Dialler Fraud".
One of his companies had the following address:
CTRA. ANDRATX, 43 (PORTALS NOUS)
07180 CALVIA(MALLORCA) (BALEARES)
2)@whois p2e.com
via google you may find "Global Acces SA" from Andorra (just enter p2e.com into google). Earlier they had an office in Calvia:
CTRA. ANDRATX, 43 (PORTALS NOUS)
07180 CALVIA(MALLORCA) (BALEARES)
What a coincidence, isn't it?
(google: "971676264")
In their "Contact" section you may find another Danish businessman, Morten D*
http://www.global-acces.com/?pag...m/?
page=contact
Mr Morten D* had a danish domain (mdue.dk - also mdue.com) registered for
Mdue Communication
Vejlevej 68
Nr Snede, DK 8766
DK
004531133285
This is the same danish phone number used for "Global Voice SA"
Global Voice S.A.
Suite 13, First Floor
Oliaji Trade Center
Francis Rachel Street
Victoria, Mahe SC
SC
004531133285
If you want to learn more about Morten Due, Gaetano Tavassi, Mr Abdul-Hameed and the other folks you may take a look at the Adult Webmasterboards. Or take a look at the ICSTIS / PP+ site. There you can find Mr Due blaming "unknown third parties" responsible for thousands of complaints about his diallers:
http://www.phonepayplus.org.uk/
p...lobalAccess.pdf
PP+ knows about the background, but not too many people know that they know. If there is any police activity in that case, please send us a note. Leave a message for the "Bavarian Online Fraud Analysis Team" here:
http://www.the-scream.co.uk/foru...isplay.php?
f=30
Kind regards
Henry Amlet
BOFAT
Feldmoching, Germany
Commenting by HaloScan
