Hi malware fighters,
Good that avast is on top of this, here some further info:
block *.beladen.net
Mass compromises are certainly nothing new. They regularly take place,
because attackers commonly use server-side vulnerabilities in an automated way
to infiltrate legitimate Web sites and inject them with malicious code.
The challenge in these kinds of attacks, from a security firm prespective,
is to recognize malicious patterns in legitimate Web sites (they're usually obfuscated),
and then research the exploit sites those attacks lead to. Read more here:
Beladen.net is full of various attacks and after a successful exploitation,
a malicious file will be run on the infected computer.
The exploit also uses the ‘typo-squatter’ domain with a similar name to
the legitimate Google Analytics domain (google-analytics.com),
redirecting users to beladen.net.
Beladen also had a low anti-virus detection rate.
At the time the attack was first reported,
only four out of 40 anti-virus vendors had reported the threat.
He also said that if an exploit didn’t work on a machine,
the attack would also try to download rogue anti-virus software,
in order to dupe users in downloading a trojan.
securitylabs.websense.com/content/Blogs/3408.aspx
Due to some manipulation of the dns process beladen.net makes
everytime new subdomains and referral dns servers.
Trying to block each of them can't be done.
So look at these example and just block anything connected to it
Edited by me for security reasons:
when the problem comes up you're redirected to 7914421.beladen.n*t
and after that you've redirected to hxtp://scan4top.com/22/?uid=keyin that disguise like ...
wxw.vbulletin.com/forum/showthread.php?p=1735111 - 97k -
I spotted this last night, e.g.: h x t p://0e6047.beladen.net/t/m1002z188371.html
appeared down left and redirecting to h x t p://scan4note.com/22/?uid= ...
wxw.hondenforum.nl/phpBB2/viewtopic.php?p=3378096&sid=
Próba wlamania do mojego komputera podjeta przez tzvx.beladen.n*t
Tried to connect to my computer:
(91.207.61.40,80) 30.04.2009 00:08:16 zostala zablokowana. ... (was blocked)
f*lieton102.bloog.pl/kat,0,m,4,r,2009,index.html
polonus