Comments on: Who is thesource.ofallevil.com?

By: ecards

ecards — Wed, 01 Oct 2008 19:15:06 +0000

Only problem is the Joke is getting a little stale.

With Google going nuts getting into everything like they are they might be the better joke for the next 6 years.

By: Spyware Free Removal

Spyware Free Removal — Mon, 08 Sep 2008 19:33:11 +0000

What a set of scammers, that is bad, bad, bad!

By: geekEleet

geekEleet — Sat, 06 Sep 2008 20:34:02 +0000

This is the most perplexing thing I have seen on the web to-date. Nobody has been able to solve the whole mystery. 6 years later, it’s still being talked about. Great post!

By: Anti-Free-Speecher

Anti-Free-Speecher — Tue, 08 Apr 2008 17:33:57 +0000

Probably no legal ramifications in the United States. Singapore, on the other hand …

By: peace

peace — Thu, 07 Feb 2008 07:45:12 +0000

good scam hehe

By: Jason Macpherson

Jason Macpherson — Mon, 10 Sep 2007 13:49:33 +0000

I believe that Microsoft could block access to their site from those using the thesource.ofallevil.com.

HTTP 1.1 sends the site’s name in the “host” field. Apache (and probably IIS) can be configured to redirect anyone visiting via the evil DNS name.

By: Alex

Alex — Mon, 10 Sep 2007 09:44:22 +0000

IANAL, but the Mrs. is.

Her comments were that Internet libel case law was, for the most part, still a very new subj. for the courts. It’s not inconceivable that Microsoft could sue for libel, but they must _prove_ damages (the most difficult part of *any* libel case). And most of the time a large corporation is held to a higher standard of proof for showing damages.

My $.02 – It’s much more likely that the bad press suing the owner of the domain name > whatever damage it is currently causing.

By: googleboy

googleboy — Thu, 26 Apr 2007 01:10:59 +0000

O, forgotten to mention: also theroot.ofallevil.com/ is existing, which is a duplicate of … Verisign.

And: a site search in Google (site:ofallevil.com) is giving … 113.000 pages living behind ofallevil.com. – And a normal Google to ofallevil.com is giving 217.000 pages: they are rather quoted by people who refer to it as real MS pages with solutions for problems…

By: googleboy

googleboy — Thu, 26 Apr 2007 00:34:42 +0000

As far as I can see, it’s a website with duplicated MS copyrighted stuff. And partially redirecting to (stealing bandwith from) MS itself: in the pages some MS css and js files are used (see source code), for instance:
css.microsoft.com/library/toolbar/3.0/quicklinks/en-us/ql.css
img.microsoft.com/downloads/loc/en/main.css
js.microsoft.com/library/svy/broker.js

I’m not technical enough to analyze what is happening if the “Validation Required” button “Continue” is clicked (sending personal pc data to ofallevil.com?). They say: “As described in our privacy statement, Microsoft will not use the information collected during validation to identify or contact you.” – That will be correct, if the data are harvested by ofallevil.com and used by ofallevil.com and partners! Phishing?

I’ve the same lack of technical know-how about what will be downloaded (didn’t try!): maybe not the original MS files, but spyware / malware alternatives?

Anyway, I found that the IP Address: 69.64.38.157 (see http://www.who.is/whois-com/ip-address/ofallevil.com/ ) is the same IP used for 38 other websites / domain names (!); (see http://www.seologs.com/ip-domains.html ).

The others are commercial sites, so I guess it’s not a joke, but at least a Search Engine Optimization trick.

PS:
I Googled the ofallevil page by searching for info about “activate.exe”, one of the downloading files. According to Spyware.net (www.fbmsoftware.com/spyware-net/Process/Activate_exe/3001/) that file is or can be a Trojan.

By: Pete

Pete — Sun, 25 Mar 2007 22:13:43 +0000

@Thomas – Good point. I am not sure what legal action, but a simple lawsuit for some type of fraud might at least unmask the joker.

My initial reaction is that it *is* different from the items you mentioned, but you may be right – I’ll have to think about it some more.