FYI...
TorrentReactor.net - drive-by-download - leads to exploit
- http://blogs.paretologic.com/malware...ds-to-exploit/
May 10, 2010 - "The popular website torrentreactor .net is home of a drive-by download. I tested it this morning and the exploit is still live, so please be careful... Wepawet report* indicates “Multiple Adobe Reader and Acrobat buffer overflows”... What’s happening is probably a third party advertisement site that promotes on TorrentReactor has been compromised... The malicious PDF is detected by 6/40 vendors on VirusTotal**..."
* http://wepawet.iseclab.org/view.php?...513777&type=js
** http://www.virustotal.com/analisis/8...a1b-1273512771
File 9E5F92DB78287D690C62AD9DBD6CAA64. received on 2010.05.10 17:32:51 (UTC)
Result: 6/40 (15.00%)
- http://ddanchev.blogspot.com/2010/05...crimeware.html
May 11, 2010 - "...appears to be taking place through a malicioud ad serving exploits using the NeoSploit kit, which ultimately drops a ZeuS crimeware sample hosted within a fast-flux botnet..."
- http://google.com/safebrowsing/diagn...ntReactor.net/
"... last time Google visited this site was on 2010-05-15, and the last time suspicious content was found on this site was on 2010-05-13. Malicious software includes 13 trojan(s), 10 exploit(s). Successful infection resulted in an average of 1 new process(es) on the target machine. Malicious software is hosted on 16 domain(s), including netping.dyndns.dk/, endroiturlredirect.com/, burgsiutrehosa.com/. 13 domain(s) appear to be functioning as intermediaries for distributing malware to visitors of this site, including fulldls.com/, shtraff.ignorelist.com/, yieldmanager.com/..."