Jump to content

Nasty Payload


dra007
 Share

Recommended Posts

Thought I'd have a look (if it is evil, it wouldn't hurt my Mac), but the link has gone 404. My guess is that it was evil.
<Chortle> We've not seen you over in Hello, I'm a Mac Ric.

A few hours later, as said, LinkScanner seemed to make the connection okay. The SiteAdvisor page is (no doubt) reading a cache and just the top level "page" but LS is live (second chance, right now).

Link to comment
Share on other sites

Using safe/secure tools to browse the 'front' page, there is nothing there to spark an issue. It is an "adult" site, based on words buried in the HTML ... worst case, something like a hack from a competior, dropping this 'special' file on that web page, then sending out the spew to 'advertise' it .... the 'outage' was while the web-site owner was 'fixing it' ...????

Looking at the total garbage in your spam e-mail, can't help but wonder just why anyone would follow the link in the first place ...????

Link to comment
Share on other sites

Wazoo, I did not see that crap till after parsing. All you see in IE is a graphic saying Internet explorer version seven beta. And the sender looks like Microsoft. Clicking on it actually downloads two programs, both very small. One is called microsoft IE with an .exe extention. They were not recognized as viruses or malware by any of my programs. I am still worried. I got two of these one came through a russian ISP, and this one through a Dutch. That is what raised the flags. I suspect you have to trigger the *.exe file to get the real surprize and that itself could be some kind of re-direct.

Edited by dra007
Link to comment
Share on other sites

<Chortle> We've not seen you over in Hello, I'm a Mac Ric.

I know a Holy War when I see it. I've owned Macs since 1985, and they work well for me. They work even better now that they use OS X (which is BSD at heart, inherently very secure).

Everyone else can use whatever they like so far as I'm concerned (although I'd prefer they kept these machines out of the botnets).

LinkScanner seems to find nothing wrong with it (which is not conclusive of course). SiteAdvisor says the front page/page referenced by the domain name is clear, you are invited to submit any "downloads" for testing there. I guess you Googled? I haven't.

I recall that some of the porn spammers used to distribute their porn dialers in this form (as EXE files downloaded directly via HTTP URL), although the site that used to provide all these customized dialers seems to have gone toes-up last I knew about it.

-- rick

Link to comment
Share on other sites

Well, seems there might be some cause for concern: Beware fake IE 7 downloads - "There is spam out there that tries to get you to download IE 7. It's fake, of course. When you click on the image, you are then offered to download a trojan (Sunbelt Sandbox analysis here, VirusTotal results here). Antivirus coverage is mediocre."

[link noted from the posting of the ever-vigilant john s. smith in news.grc.com group .spyware]

Edited by Farelf
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...