There's not much else we can do.

How about going as much public as possible? ("The guardian" is probably
not interested though.) There's lots of reputation at stake and silence
would unavoidably "support their game".

Please do not contact premiumhosting[.]cl about this. That is a
(unrelated?) web host , not the domain registrar, who would need to be
the one to be contacted about this.

They actually are hosting the malware, and would want to know.
lee@dev01:~$ ping tijsi.com
PING tijsi.com (162.248.50.103) 56(84) bytes of data.
64 bytes from lightning.premiumhosting.cl (162.248.50.103): icmp_req=1
ttl=53 time=53.5 ms
64 bytes from lightning.premiumhosting.cl (162.248.50.103): icmp_req=2
ttl=53 time=48.1 ms
64 bytes from lightning.premiumhosting.cl (162.248.50.103): icmp_req=3
ttl=53 time=47.0 ms

They are also hosting the DNS at NS1.MIHOSTINGWEB.NET because
www.MIHOSTINGWEB.NET resolves to http://premiumhosting.cl/

Apologizes. I don't know how I missed that relationship on robtex. That's
what I get for investigating with my phone

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

        Please do not contact premiumhosting[.]cl about this. That is a
        (unrelated?) web host , not the domain registrar, who would

need to be

        the one to be contacted about this.

    They actually are hosting the malware, and would want to know.
    lee@dev01:~$ ping tijsi.com <http://tijsi.com>
    PING tijsi.com <http://tijsi.com> (162.248.50.103) 56(84) bytes of

data.

    64 bytes from lightning.premiumhosting.cl

<http://lightning.premiumhosting.cl> (162.248.50.103): icmp_req=1 ttl=53
time=53.5 ms

    64 bytes from lightning.premiumhosting.cl

<http://lightning.premiumhosting.cl> (162.248.50.103): icmp_req=2 ttl=53
time=48.1 ms

    64 bytes from lightning.premiumhosting.cl

<http://lightning.premiumhosting.cl> (162.248.50.103): icmp_req=3 ttl=53
time=47.0 ms

    They are also hosting the DNS at NS1.MIHOSTINGWEB.NET

<http://NS1.MIHOSTINGWEB.NET> because www.MIHOSTINGWEB.NET
<http://www.MIHOSTINGWEB.NET> resolves to http://premiumhosting.cl/

Apologizes. I don't know how I missed that relationship on robtex.

That's what I get for investigating with my phone

    > There's not much else we can do.

    How about going as much public as possible? ("The guardian" is

probably

    not interested though.) There's lots of reputation at stake and

silence

    would unavoidably "support their game".

That would probably do more harm than good. Those who don't know Jitsi

might associate it with "that malware site". As previously mentioned,
there are plenty of other things we can do.

Well on the plus side.. it is nice to know that malware authors feel
Jitisi is such a popular program and that many people will look to
download it that it is worth trying to exploit the name via a phishing
site.

I say you were on the right track myself.

_______________________________________________
dev mailing list
dev@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/dev

- --

Hey all,

Most of you probably already saw Yasen's mail here but just to make sure this thread is complete:

The scam site has now been taken down:

http://lists.jitsi.org/pipermail/dev/2014-January/019724.html
http://lists.jitsi.org/pipermail/dev/2014-January/019726.html

They still have the domain name though, so we should keep an eye out for them.

Cheers,
Emil