There is no "ml-works.net". It doesn't exist. There is however,
"m.l-works.net", the mobile subdomain of L-Works. Anyway, the L-Works
website is definitely infected. It is not those cab files, it is a
<script src> tag for malicious JavaScript code. I took a quick look at
the JavaScript code. It basically checks for a cookie, and if not in
existence, will redirect you to that malicious website. (suitcase52td
dot net). If you are using an anti-virus program that blocks the
trojan horse from being downloaded (I use Avast), and you refresh the
page, you should no longer be getting notifications from your
anti-virus software, because of the cookie being added.

I know for a fact Liam uses BlueHost. I'm going to guess someone
cracked a password, and added a <script src> tag to his webpages.
Removing this <script src> tag should fix the problem.


On Fri, May 7, 2010 at 6:51 PM, Hayri Tulumcu <ha...@ka-net.dk> wrote:
> Hello Gamers! I am afraid that L-Works.net is infected with a spyware! When I 
> go into www.l-
> works.net, there will be a dialogue up and says that my computer is infected, 
> but I know that it
> is not ! I have found out through a program that can download stuff off a 
> website that the
> spyware located on the page is retrieved from the address: ! it also
> downloads two files as: http://ml-works.net/archery_sp.cab and the second 
> file as: http://ml-
> works.net/archery_ppc.cab! It is not possible to download the free game more 
> and it is not
> possible to retrieve all the other games more! and no it's not a joke! so are 
> aware of it!
> ---

Gamers mailing list __ Gamers@audyssey.org
If you want to leave the list, send E-mail to gamers-unsubscr...@audyssey.org.
You can make changes or update your subscription via the web, at
All messages are archived and can be searched and read at
If you have any questions or concerns regarding the management of the list,
please send E-mail to gamers-ow...@audyssey.org.

Reply via email to