Posts
An examination of onestepsearch.net reveals additional cause for concern. The proprietor of onestepsearch.net is Navigation Catalyst Systems, Inc.; the firm was sued by Verizon on April 15th. In that lawsuit,
"Verizon California Inc., Verizon Trademark Services LLC and Verizon Licensing Company alleged that Defendants Navigation Catalyst Systems Inc. and Basic Fusion Inc. have used an automated process to register and use over three million domain names, many of which are confusingly similar to famous or distinctive trademarks owned by others."(http://news.justia.com/cases/featured/california/cacdce/2:2008cv02463/413394/)The mass registration of typosquatting domains is a tactic often practiced by the Russian Business Network.
McAfee's Site Advisor service ties navigationcatalyst.com to qsrch.com ("When we visited this site, we found that it appears to have a business relationship with New.net, a known provider of adware, spyware or other potentially unwanted programs."). Indeed, onestepsearch.net shares both its IP address and name server with qsrch.com. Other domains at IP address 208.87.149.250 include a variety of sociopathic porn sites (teenagefucksluts.com, has.seen.godscock.net, etc.), hacker redirect sites (justgotpwned.com), typosquatter domains (blogpspot.com), disreputable medical products and unsafe download sites (01computersoftwar.biz, etc.). Waria.vg is also present; waria is a trojan egg dropper which targets Linux and Unix systems. Also, corrupt DNS entries are deliberately employed by onestepsearch.net; the reverse DNS entry for onestepsearch.net, 250.f.com, is not whoisable, and no f.com exists.
It is adviseable that you block the IP addresses as well as, the domain names associated with onestepsearch.net. DNS blocking is useful as malware domains often change IP addresses, as their owners seek to avoid IP blocking.
onestepsearch.net - 208.87.149.250
ns1.onestepsearch.net - 209.128.80.137
ns2.onestepsearch.net - 209.128.80.138
ns3.onestepsearch.net - 209.128.76.101
ns4.onestepsearch.net - 209.128.76.102
mail01.quadzemail.com - 208.87.148.231
onestepsearch.net and quadzemail.com lurk within AS40634, and you may be able to block this entire route (208.87.148.0/23), which appears to be rife with the worst malice.
