| Jun 23 @ 10:31 PM |
Beware Hidden Malware
|
|
sealacamp
Posts: 2,800
|
FYI I was just checking out some information on rare coins and a link I hit in the site attacked me with three types of malware. Thank God I have good protection or else it would have been a disaster. These were very aggressive. I have reported this site to the appropriate authorities but I thought I might give some of you technically minded people a heads up. I would never has suspected this from such a site. The site is "http://www.sellcoins.com/coins.htm". And the attack types were VBS:Malware-gen two times and SWF:Downloader [Trj] one time. These are from the AVAST log file BTW. So y'all be careful out there you never know when someone will have a hidden attack waiting for you.
S
|
|
  |
|
| Jun 25 @ 10:31 PM |
Beware Hidden Malware |
|
mystery2u888
Posts: 4,544
|
 Thanks Seal.......good information....to know......
|
| |
|
| Jun 26 @ 1:00 AM |
Beware Hidden Malware
|
|
Philippe_Robert
Posts: 76
|
Seal,
which actual link caused the attack?
I ask since the site is still up and running.
Who are the people to report such things? TIA
Yes, it's the technically minded people that need the heads up, as it is... the rest of people can handle it A-okay.... 
|
|
| |
|
| Jun 26 @ 6:17 AM |
Beware Hidden Malware |
|
sealacamp
Posts: 2,800
|
This is the actual link Robert that was inside the site. If I am not mistaken a site like that is not shut down rather it is flagged as a site known to be carriers of an infection.
http://www.heiheinn.cn/new.htm
My point was that you can be attacked when you least expect it from a source that shouldn't be considered a risk in the first place.
S
|
| |
|
| Jun 26 @ 7:36 AM |
Beware Hidden Malware
|
|
capobeachguy
Posts: 3,099
|
Isn't it exciting that there are people who have nothing better to do with their miserable little lives than write adware, malware, spyware, viruses, trojans, etc.?
A$$holes!!! 
|
|
| |
|
| Jun 26 @ 3:39 PM |
Beware Hidden Malware |
|
Philippe_Robert
Posts: 76
|
Sealacamp,
http://www.heiheinn.cn/new.htm
Ok , that one has an attack  but I could reproduce an attack on the originally mentioned site.
I always thought it is to the best interest of the anti-virus, anti-spam, etc. companies that virus and such exploitation annoyances occur to increase bottom-line revenue; however, I am sure there would be your common computer expert who exploit vulnerabilities for status among the respective computer community. (ie,Robert Morris )
My main concern is who do we (as web users) report this type of activity? What specifc agency do you suggest I (we) contact? private or government agency? TIA
[Edited on 6/26/2008 3:51 PM]
|
| |
|
| Jun 27 @ 2:04 PM |
Beware Hidden Malware
|
|
Philippe_Robert
Posts: 76
|
When you first posted that link (and I clicked on it, my firewall reported an attack); but now www.heiheinn.cn/new.htm is no longer valid and the domain has been taken down (or server is offline) as my browser times-out when trying the link today.
However, a domain lookup shows:
Registrar: China NIC
Nameservers: ns1.dns.com.cn, ns2.dns.com.cn
Status: ok
Created: 2008-06-15 18:26
Expires: 2009-06-15 18:26
IP Address:
Warning: Invalid argument supplied for foreach() in /var/www/vhosts/coolwhois.com/htdocs/display.php on line 181
Domain Name: heiheinn.cn
ROID: 20080615s10001s92993498-cn
Domain Status: ok
Registrant Organization: ����
Registrant Name: ���
Administrative Email: {email address removed}
Sponsoring Registrar: å??京æ?°ç½?äº?è??ç§?æ??æ??é??å?¬å?¸
Name Server:ns1.dns.com.cn
Name Server:ns2.dns.com.cn
Registration Date: 2008-06-15 18:26
Expiration Date: 2009-06-15 18:26
FWIW: Do a google search on "heiheinn.cn" and you'll be surprised how many results show the actual imbedded script to execute this malware site.
[Edited on 6/27/2008 2:06 PM]
|
|
| |
|
| Jun 27 @ 2:05 PM |
Beware Hidden Malware |
|
Philippe_Robert
Posts: 76
|
Seal, who was the reporting agency that you used again?
[Edited on 6/27/2008 2:12 PM]
|
| |
|
| Jul 3 @ 1:22 AM |
Beware Hidden Malware
|
|
mystery2u888
Posts: 4,544
|
 oohh good more information on this ...............I love it...... 
|
|
| |
|
| Jul 3 @ 7:58 AM |
Beware Hidden Malware |
|
sealacamp
Posts: 2,800
|
My main concern is who do we (as web users) report this type of activity?
Robert I reported this to Google as it was in the top of their list of coin collector sites. After discussing this with a few other people a couple of theories rose to the surface. One is that this is a collector that got a bad deal and is out to damage any and all collectors for personal reasons. The other is that someone just wants to damage the site that hosts these links. After all each link is a posted coin from collectors trying to sell their collections. So I guess as long as you disguise it appropriately you could post anything you like. Any way it would seem that Google disabled the site or someone pulled that malware out of the server on the Chinese end.
You know I just finished a security class where we had to look up all sorts of daily attacks and most of them were from a Chinese source. Bad hoo doo going on there for sure. I didn't check the domain name since I was just glad to keep my computer from being absconded but it does not surprise me that it came from a Chinese source.
If you need that link for reporting a bad site that Google hosts this is the link.
Report Malware
S
|
| |
|
| Jul 3 @ 3:07 PM |
Beware Hidden Malware
|
|
mystery2u888
Posts: 4,544
|
Thank you seal always good information from you guys to get 
|
|
| |
|
|