« previous next »
Pages: [1]   Go Down

Author Topic: fake av 2 websites.  (Read 2645 times)

0 Members and 1 Guest are viewing this topic.

chabbo

  • Guest
fake av 2 websites.
« on: March 03, 2012, 02:36:59 PM »
xxp.srv23.foreclosurecities.uni.me/scan/?affid=n7Hn-C9kShc fake av 1


xxp.update74.correctionsboard.uni.me/scan/?affid=SpVNIzVlG0g fake av 2


Logged

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37527
  • Not a avast user
Re: fake av 2 websites.
« Reply #1 on: March 03, 2012, 03:27:22 PM »
« Last Edit: March 03, 2012, 03:33:39 PM by Pondus »
Logged

Offline !Donovan

  • Web Analyst
  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 2219
    • The WAR Against Malware
Re: fake av 2 websites.
« Reply #2 on: March 03, 2012, 03:37:46 PM »
To add to that, these sites redirect to randomly generated sites that redirect to sites that redirect to sites
and so forth until the site hosting the malware is received. A dirty tactic, if you ask me.
Logged
Familiarize Yourself! | Educate Yourself! | Beautify Yourself! | Scan Yourself!
"People who say it cannot be done should not interrupt those who are doing it."

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33897
  • malware fighter
Re: fake av 2 websites.
« Reply #3 on: March 03, 2012, 04:18:55 PM »
Well additionally to the random redirects, the malware when found only was responsive for a couple of hours at the utmost. Most instances are dead now or already made available through other paths. Because of the redirectional path shown by the Zscaler Zulu scanner you can understand why user scanning and user reporting is so vital. This is what I find for the AS this IP is on: AS15685
CURRENTLY ONLINE
HE Index: 66.1 
HE Rank: 287 

AS Name: CASABLANCA-AS Casablanca INT Autonomous system
IPs allocated: 90880
Blacklisted URLs: 483

Hosts...
...malicious URLs? Yes 
...badware? Yes 
...botnet C&C servers? Yes 
....Current Events? Yes 

Quite some snakepit to land at,

polonus
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Left123

  • There Is No Patch For Human Stupidity.
  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 1048
  • Proud Community Member&Helper.
Re: fake av 2 websites.
« Reply #4 on: March 03, 2012, 04:57:21 PM »
Logged
AMD Athlon(tm) X2 Dual-Core Processor 4200+ - 2.20 GHz,3,00 GB RAM -
Browser:Mozilla Firefox +WOT - SoftWare:CCleaner - Windows 7 32 bit
No Anti-Virus

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33897
  • malware fighter
Re: fake av 2 websites.
« Reply #5 on: March 03, 2012, 06:07:52 PM »
Hi posters in this thread,

Here you have an example of similar malware, that has been closed now: htxp://zulu.zscaler.com/submission/show/aece2cc37570568820369325cfca7ad7-1330794333
First seen 2012-03-01 04:30:05 Closed 2012-03-01 05:12:00
Still suspicious,

polonus
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!
Pages: [1]   Go Up
« previous next »