The web page tried an advertising pop-up (irritating but they need to make money) which contained 'Trojan-Downloader.SWF.Gida.a':
http://v0zemili0garan0n.com/statsg.php?u
=1199391035&campaign=z00latrymy
(if you really want to try it, don't. If you really, really want to try it, I've replaced some of the letters.)
And the domain? Reasonably newly registered, through Yesnic in Korea - a company I remember well from my days in the incident response trenches. No registrant details:
Domain Name: VOZEMILIOGARANON.COM
Registrar: YESNIC CO. LTD.
Whois Server: whois.yesnic.com
Referral URL: http://www.yesnic.com
Name Server: NS1.VOZEMILIOGARANON.COM
Name Server: NS2.VOZEMILIOGARANON.COM
Name Server: NS3.VOZEMILIOGARANON.COM
Name Server: NS4.VOZEMILIOGARANON.COM
Status: ok
Updated Date: 05-dec-2007
Creation Date: 23-nov-2007
Expiration Date: 23-nov-2008
This seems to be one of the usual small bits of malware (downloaders) that then go off and fetch tons of shit that really fucks your computer. Well done, Kaspersky.
A high status advertiser for Britain's most popular daily comic? Nil out of 10 to News Group Newspapers Ltd. Hope you've made sure the cheque cashes properly.
No comments:
Post a Comment