www.911traff.com/exploits

[Doga]

This would be the 2nd time i have got this www. 911traff.com/exploits Trojan and i can't figure out where it's coming from or how i got it.  How i found out that i had it first was from a program called PeerBlock and when i try to connect to Raidcall voice chat it gave me the warning. The only way i could find this was from an online viurs scanner called eset online scanner and they found 8 Trojans. So i want to let you guys know about this Trojan/viruse so you can add it to your list and keep us safe. No single virus scanner can find all the virus's that's why it's so important to post about it or report it to you guys. Could you please let me know any information about this Trojan and how I'm getting it. Thank you for your time.


 

[Pondus]

Sucuri scanner   http://sitecheck.sucuri.net/results/http://www.911traff.com/

VirusTotal HTML scan
https://www.virustotal.com/file/1d1895ff78921cb55958082dcb69b62bf1a301062a49d691456310915e9e565a/analysis/1332064741/

[!Donovan]

The -dsnextgen.com site sounds familiar, like I've done a report on it before...

Also see: http://www.siteadvisor.com/sites/911traff.com/msgpage
And: http://zulu.zscaler.com/submission/show/d0c2f462f49a24f183378cb36850ca02-1332074188 (on iframed site)

Edit: Found something from December: http://forum.avast.com/index.php?topic=90609.0
and a post from Polonus: http://forum.avast.com/index.php?topic=61889.msg523163#msg523163

I think suspicious in my eyes.

[Sirmer]

Hello,
sorry but unfortunately this site won't be blocked. Problem is that this site is parking site and there is no way how to correctly block it.

[polonus]

Agree that avast cannot block a parking site:  htxp://www.dsnextgen.com,
but the individual user can do so freely in his local hosts file
or even via a script blocking extension or within "Blocker"extension inside Chrome for instance,

But this code could be flagged by avast: http://www.google.com/safebrowsing/diagnostic?site=www.911traff.com/trf/traf.php
See attached...

That is true for 'htxp:/www.911traff.com/trf/traf.php
     status: (referer=htxp:/twitter.com/trends/)failure: nonnumeric port
Location: htxp://www.dsnextgen.com/?design_id=4&domainname=information.com&a_id=14840
Server: Oversee Turing v1.0.0
Content-Length: 917
Content-Type: text/html
Keep-Alive: timeout=3, max=97
Here is the IP range that should be blocked: hxtp://www.bizimbal.com/odb/details.html?id=694545
Range block: 69.43.160.0 - 69.43.160.255
69.43.160.0/24
See: htxp://zulu.zscaler.com/submission/show/3cd175bc2f82e0b7ee3e128d76081787-1332507104
Bright Cloud high risk index is red 10 High Risk
There is a high probability that the user will be exposed to malicious links or payloads.
Cat. Malware site
And this should recently be blocked htxp://www.bizimbal.com/odb/details.html?id=823024 (Found via a Webbug request for hXtp://www.911traff.com)
Also high risk index is red 10 High Risk
There is a high probability that the user will be exposed to malicious links or payloads.
These are Iframe php attacks, come via legit logins that have been snatched from locally exploited machines via o.a. buggy software exploits (Joomla etc.).
Take care you have a decent pop-up blocker running in the browser, like Better Pop Up Blocker inside Chrome for instance,

polonus