Michał „devnull” Steglinski podesłał nam (dzięki!) wiadomość, która otrzymał ostatnio, która jest oczywiście próbą nakłonienia użytkownika do odwiedzenia witryny, która go zaatakuje. Zalecamy oznaczanie takich wiadomości jako spam i usuwanie! I ciekawostka techniczna od Michała: Email został wyslany z IP: 111.221.1.138, ktorego lokalizacja wskazuje na Bangladesz :)
od: RonnieElmes@mail.com
temat: Don’t forget about meeting tomorrow
tresc:
Don’t forget this report for meeitng toomrrow.
See attached file. (Internet Explorer file)Report.html
Sam załącznik zaś kieruje nas pod adres: http__hamasutra_ru:8080_forum_links_column.php, która w tej chwili jest już wyłączona ale jest oznaczona w systemie Google Safe Browsing jako infekująca odwiedzających:
Safe Browsing
Diagnostic page for hamasutra.ruWhat is the current listing status for hamasutra.ru?
Site is listed as suspicious – visiting this web site may harm your computer.
Part of this site was listed for suspicious activity 1 time(s) over the past 90 days.
What happened when Google visited this site?
Of the 2 pages we tested on the site over the past 90 days, 1 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2012-12-02, and the last time suspicious content was found on this site was on 2012-12-02.
Malicious software includes 1 trojan(s). Successful infection resulted in an average of 4 new process(es) on the target machine.
This site was hosted on 4 network(s) including AS24496 (GNET), AS24514 (MYREN), AS8560 (SCHLUND).
Has this site acted as an intermediary resulting in further distribution of malware?
Over the past 90 days, hamasutra.ru did not appear to function as an intermediary for the infection of any sites.
Has this site hosted malware?
Yes, this site has hosted malicious software over the past 90 days. It infected 2 domain(s), including wartabeta.com/, olindafree.blogspot.com/.
How did this happen?
In some cases, third parties can add malicious code to legitimate sites, which would cause us to show the warning message.
Jeden komentarz do
5 grudnia, 2012 o godzinie 08:12
Hakerzy z Bangladeszu atakują :D A tak na poważnie to uważajmy, nie klikajmy w takie głupie linki.