Who is thesource.ofallevil.com?

thesource.ofallevil.com has a DNS CNAME that resolves to microsoft.com’s IP address. Apparently, somebody registered the domain in 2002. I don’t really recall any initial stories about it, but am sort of intrigued that it could stay around for 5 years without some sort of legal action. I wonder if the practical joker has ever been "outed". Anyone know? (I came across it while doing a search on RMS and MOM).

Update: Thomas asks below "What legal action would that be?" It is a fair question. I suspect that there are a number of legal actions that would provide subpoena authority to at least find out who is behind it all. And though IANAL, I do have reason to believe that if the owner were, say, Apple, there would be plenty of opportunity for legal action. Also, if the owner has some way to make money from it (by being paid by Sun, for example), then the same possibilities exist.

If it is just a practical joke (which seems like the most probable case), it is unlikely that there is anything that could be done, except unmask the joker.

of

11 comments for “Who is thesource.ofallevil.com?

  1. March 25, 2007 at 3:12 pm

    Uh… what legal action would that be? A DNS name is no different than a bookmark, tag, or (for that matter) a Google search term like “evil empire” pinned to Microsoft.

  2. Pete
    March 25, 2007 at 6:13 pm

    @Thomas – Good point. I am not sure what legal action, but a simple lawsuit for some type of fraud might at least unmask the joker.

    My initial reaction is that it *is* different from the items you mentioned, but you may be right – I’ll have to think about it some more.

  3. googleboy
    April 25, 2007 at 8:34 pm

    As far as I can see, it’s a website with duplicated MS copyrighted stuff. And partially redirecting to (stealing bandwith from) MS itself: in the pages some MS css and js files are used (see source code), for instance:
    css.microsoft.com/library/toolbar/3.0/quicklinks/en-us/ql.css
    img.microsoft.com/downloads/loc/en/main.css
    js.microsoft.com/library/svy/broker.js

    I’m not technical enough to analyze what is happening if the “Validation Required” button “Continue” is clicked (sending personal pc data to ofallevil.com?). They say: “As described in our privacy statement, Microsoft will not use the information collected during validation to identify or contact you.” – That will be correct, if the data are harvested by ofallevil.com and used by ofallevil.com and partners! Phishing?

    I’ve the same lack of technical know-how about what will be downloaded (didn’t try!): maybe not the original MS files, but spyware / malware alternatives?

    Anyway, I found that the IP Address: 69.64.38.157 (see http://www.who.is/whois-com/ip-address/ofallevil.com/ ) is the same IP used for 38 other websites / domain names (!); (see http://www.seologs.com/ip-domains.html ).

    The others are commercial sites, so I guess it’s not a joke, but at least a Search Engine Optimization trick.

    PS:
    I Googled the ofallevil page by searching for info about “activate.exe”, one of the downloading files. According to Spyware.net (www.fbmsoftware.com/spyware-net/Process/Activate_exe/3001/) that file is or can be a Trojan.

  4. googleboy
    April 25, 2007 at 9:10 pm

    O, forgotten to mention: also theroot.ofallevil.com/ is existing, which is a duplicate of … Verisign.

    And: a site search in Google (site:ofallevil.com) is giving … 113.000 pages living behind ofallevil.com. – And a normal Google to ofallevil.com is giving 217.000 pages: they are rather quoted by people who refer to it as real MS pages with solutions for problems…

  5. September 10, 2007 at 5:44 am

    IANAL, but the Mrs. is.

    Her comments were that Internet libel case law was, for the most part, still a very new subj. for the courts. It’s not inconceivable that Microsoft could sue for libel, but they must _prove_ damages (the most difficult part of *any* libel case). And most of the time a large corporation is held to a higher standard of proof for showing damages.

    My $.02 – It’s much more likely that the bad press suing the owner of the domain name > whatever damage it is currently causing.

  6. September 10, 2007 at 9:49 am

    I believe that Microsoft could block access to their site from those using the thesource.ofallevil.com.

    HTTP 1.1 sends the site’s name in the “host” field. Apache (and probably IIS) can be configured to redirect anyone visiting via the evil DNS name.

  7. peace
    February 7, 2008 at 3:45 am

    good scam hehe

  8. Anti-Free-Speecher
    April 8, 2008 at 1:33 pm

    Probably no legal ramifications in the United States. Singapore, on the other hand …

  9. September 6, 2008 at 4:34 pm

    This is the most perplexing thing I have seen on the web to-date. Nobody has been able to solve the whole mystery. 6 years later, it’s still being talked about. Great post!

  10. September 8, 2008 at 3:33 pm

    What a set of scammers, that is bad, bad, bad!

  11. October 1, 2008 at 3:15 pm

    Only problem is the Joke is getting a little stale.

    With Google going nuts getting into everything like they are they might be the better joke for the next 6 years.

Comments are closed.