Silent noise - about spam, trojans and other nasty stuff

Just in case I forget.

inetnum:        213.155.22.192 - 213.155.22.199
netname:        singhajeet3
descr:          singhajeet3 - Singh Ajeet
country:        UA
admin-c:        SA5766-RIPE
tech-c:         SA5766-RIPE
status:         ASSIGNED PA
mnt-by:         MNT-HOSTINGUA
source:         RIPE # Filtered

person:         Singh Ajeet
address:        34203, Florida, United States, Bradenton, 1901 60th Place E. Suite L4257
abuse-mailbox:  abuse@hosting.ua
phone:          +380487281518
nic-hdl:        SA5766-RIPE
source:         RIPE # Filtered

To start in the middle:
New version of a known malware (or scareware, rogue security software or whatever you prefer to call it) called MalwareDoc, hosted at malware-doc. com.

The file downloaded is called MDSetup.exe, VirusTotal score is 0/39.

A present from the same gang using the name "AntispyKnight".

This is going to be a bit messy.

The starting point

It all started with a spam:
"How many girls you will be able to do happy eating one only pill!"

I earlier briefly mentioned that I was following some child porn trails (http://www.matchent.com/wpress/?q=node/355 - Google is your friend?).
I did follow the trail, but I hate this kind of stuff. Angry and sad are a couple of words I could use to describe my own feelings when I stumble over it. But those words are not strong enough, I'm not good with words.

This is a relatively short description of what I found.
I will not mention specific child porn domains, only some facts about the paymentprocessor.

Avalonpay Inc. is the name of (one of) the new child porn paymentprocessor.