AplusWebMaster
2010-05-11, 17:41
FYI...
TorrentReactor.net - drive-by-download - leads to exploit
- http://blogs.paretologic.com/malwarediaries/index.php/2010/05/10/torrentreactor-net-leads-to-exploit/
May 10, 2010 - "The popular website torrentreactor .net is home of a drive-by download. I tested it this morning and the exploit is still live, so please be careful... Wepawet report* indicates “Multiple Adobe Reader and Acrobat buffer overflows”... What’s happening is probably a third party advertisement site that promotes on TorrentReactor has been compromised... The malicious PDF is detected by 6/40 vendors on VirusTotal**..."
* http://wepawet.iseclab.org/view.php?hash=1698072b7a5718dae7b1049ffe4aab2a&t=1273513777&type=js
** http://www.virustotal.com/analisis/8c2137d9f0775373c88046f6474b3859010a8598a67722670f9e5f8488390a1b-1273512771
File 9E5F92DB78287D690C62AD9DBD6CAA64. received on 2010.05.10 17:32:51 (UTC)
Result: 6/40 (15.00%)
- http://ddanchev.blogspot.com/2010/05/torrentreactornet-serving-crimeware.html
May 11, 2010 - "...appears to be taking place through a malicioud ad serving exploits using the NeoSploit kit, which ultimately drops a ZeuS crimeware sample hosted within a fast-flux botnet..."
- http://google.com/safebrowsing/diagnostic?site=TorrentReactor.net/
"... last time Google visited this site was on 2010-05-15, and the last time suspicious content was found on this site was on 2010-05-13. Malicious software includes 13 trojan(s), 10 exploit(s). Successful infection resulted in an average of 1 new process(es) on the target machine. Malicious software is hosted on 16 domain(s), including netping.dyndns.dk/, endroiturlredirect.com/, burgsiutrehosa.com/. 13 domain(s) appear to be functioning as intermediaries for distributing malware to visitors of this site, including fulldls.com/, shtraff.ignorelist.com/, yieldmanager.com/..."
:mad:
TorrentReactor.net - drive-by-download - leads to exploit
- http://blogs.paretologic.com/malwarediaries/index.php/2010/05/10/torrentreactor-net-leads-to-exploit/
May 10, 2010 - "The popular website torrentreactor .net is home of a drive-by download. I tested it this morning and the exploit is still live, so please be careful... Wepawet report* indicates “Multiple Adobe Reader and Acrobat buffer overflows”... What’s happening is probably a third party advertisement site that promotes on TorrentReactor has been compromised... The malicious PDF is detected by 6/40 vendors on VirusTotal**..."
* http://wepawet.iseclab.org/view.php?hash=1698072b7a5718dae7b1049ffe4aab2a&t=1273513777&type=js
** http://www.virustotal.com/analisis/8c2137d9f0775373c88046f6474b3859010a8598a67722670f9e5f8488390a1b-1273512771
File 9E5F92DB78287D690C62AD9DBD6CAA64. received on 2010.05.10 17:32:51 (UTC)
Result: 6/40 (15.00%)
- http://ddanchev.blogspot.com/2010/05/torrentreactornet-serving-crimeware.html
May 11, 2010 - "...appears to be taking place through a malicioud ad serving exploits using the NeoSploit kit, which ultimately drops a ZeuS crimeware sample hosted within a fast-flux botnet..."
- http://google.com/safebrowsing/diagnostic?site=TorrentReactor.net/
"... last time Google visited this site was on 2010-05-15, and the last time suspicious content was found on this site was on 2010-05-13. Malicious software includes 13 trojan(s), 10 exploit(s). Successful infection resulted in an average of 1 new process(es) on the target machine. Malicious software is hosted on 16 domain(s), including netping.dyndns.dk/, endroiturlredirect.com/, burgsiutrehosa.com/. 13 domain(s) appear to be functioning as intermediaries for distributing malware to visitors of this site, including fulldls.com/, shtraff.ignorelist.com/, yieldmanager.com/..."
:mad: