Avast WEBforum

Other => Viruses and worms => Topic started by: polonus on June 25, 2013, 04:09:38 PM

Title: SimpleTDS go.php IDS alert...exploit kit as a service...
Post by: polonus on June 25, 2013, 04:09:38 PM: See: http://urlquery.net/report.php?id=3320794 and http://urlquery.net/report.php?id=3255628
Read about this being part of the RedKit Exploit Kit here: http://ondailybasis.com/blog/?p=1236 link article author = D.L.
Avast detects this object as HTNL:Iframe-inf
see analysis here: http://labs.sucuri.net/?details=124.217.249.45
and read here: http://research.zscaler.com/2011/05/why-blackhole-exploit-kit-is-rising.html (renamed Blackhole to Incognito exploit kit)...

polonus
Title: Re: SimpleTDS go.php IDS alert...exploit kit as a service...
Post by: polonus on June 25, 2013, 07:40:32 PM: Another php threat = IDS alerts for ET CURRENT_EVENTS c3284d Malware Network Compromised Redirect (comments 3)
See: http://urlquery.net/report.php?id=3118104
See: http://doc.emergingthreats.net/bin/view/Main/2015052
Read: http://stopmalvertising.com/malware-reports/the-c3284d-malware-network-stats.php.html
avast detects as JS;Iframe-UC[Trj], so we have protection...

polonus

SMF 2.0.18 | SMF © 2015, Simple Machines