thesource.ofallevil.com has a DNS CNAME that resolves to microsoft.com's IP address. Apparently, somebody registered the domain in 2002. I don't really recall any initial stories about it, but am sort of intrigued that it could stay around for 5 years without some sort of legal action. I wonder if the practical joker has ever been "outed". Anyone know? (I came across it while doing a search on RMS and MOM).
Update: Thomas asks below "What legal action would that be?" It is a fair question. I suspect that there are a number of legal actions that would provide subpoena authority to at least find out who is behind it all. And though IANAL, I do have reason to believe that if the owner were, say, Apple, there would be plenty of opportunity for legal action. Also, if the owner has some way to make money from it (by being paid by Sun, for example), then the same possibilities exist.
If it is just a practical joke (which seems like the most probable case), it is unlikely that there is anything that could be done, except unmask the joker.
of
Uh... what legal action would that be? A DNS name is no different than a bookmark, tag, or (for that matter) a Google search term like "evil empire" pinned to Microsoft.
Posted by: Thomas Ptacek | March 25, 2007 at 03:12 PM
@Thomas - Good point. I am not sure what legal action, but a simple lawsuit for some type of fraud might at least unmask the joker.
My initial reaction is that it *is* different from the items you mentioned, but you may be right - I'll have to think about it some more.
Posted by: Pete | March 25, 2007 at 06:13 PM
As far as I can see, it's a website with duplicated MS copyrighted stuff. And partially redirecting to (stealing bandwith from) MS itself: in the pages some MS css and js files are used (see source code), for instance:
css.microsoft.com/library/toolbar/3.0/quicklinks/en-us/ql.css
img.microsoft.com/downloads/loc/en/main.css
js.microsoft.com/library/svy/broker.js
I'm not technical enough to analyze what is happening if the "Validation Required" button "Continue" is clicked (sending personal pc data to ofallevil.com?). They say: "As described in our privacy statement, Microsoft will not use the information collected during validation to identify or contact you." - That will be correct, if the data are harvested by ofallevil.com and used by ofallevil.com and partners! Phishing?
I've the same lack of technical know-how about what will be downloaded (didn't try!): maybe not the original MS files, but spyware / malware alternatives?
Anyway, I found that the IP Address: 69.64.38.157 (see www.who.is/whois-com/ip-address/ofallevil.com/ ) is the same IP used for 38 other websites / domain names (!); (see www.seologs.com/ip-domains.html ).
The others are commercial sites, so I guess it's not a joke, but at least a Search Engine Optimization trick.
PS:
I Googled the ofallevil page by searching for info about "activate.exe", one of the downloading files. According to Spyware.net (www.fbmsoftware.com/spyware-net/Process/Activate_exe/3001/) that file is or can be a Trojan.
Posted by: googleboy | April 25, 2007 at 08:34 PM
O, forgotten to mention: also theroot.ofallevil.com/ is existing, which is a duplicate of ... Verisign.
And: a site search in Google (site:ofallevil.com) is giving ... 113.000 pages living behind ofallevil.com. - And a normal Google to ofallevil.com is giving 217.000 pages: they are rather quoted by people who refer to it as real MS pages with solutions for problems...
Posted by: googleboy | April 25, 2007 at 09:10 PM
IANAL, but the Mrs. is.
Her comments were that Internet libel case law was, for the most part, still a very new subj. for the courts. It's not inconceivable that Microsoft could sue for libel, but they must _prove_ damages (the most difficult part of *any* libel case). And most of the time a large corporation is held to a higher standard of proof for showing damages.
My $.02 - It's much more likely that the bad press suing the owner of the domain name > whatever damage it is currently causing.
Posted by: Alex | September 10, 2007 at 05:44 AM
I believe that Microsoft could block access to their site from those using the thesource.ofallevil.com.
HTTP 1.1 sends the site's name in the "host" field. Apache (and probably IIS) can be configured to redirect anyone visiting via the evil DNS name.
Posted by: Jason Macpherson | September 10, 2007 at 09:49 AM
good scam hehe
Posted by: peace | February 07, 2008 at 03:45 AM
Probably no legal ramifications in the United States. Singapore, on the other hand ...
Posted by: Anti-Free-Speecher | April 08, 2008 at 01:33 PM
This is the most perplexing thing I have seen on the web to-date. Nobody has been able to solve the whole mystery. 6 years later, it's still being talked about. Great post!
Posted by: geekEleet | September 06, 2008 at 04:34 PM
What a set of scammers, that is bad, bad, bad!
Posted by: Spyware Free Removal | September 08, 2008 at 03:33 PM
Only problem is the Joke is getting a little stale.
With Google going nuts getting into everything like they are they might be the better joke for the next 6 years.
Posted by: ecards | October 01, 2008 at 03:15 PM