| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20110602153958.GB19621@foo.fgeek.fi> Date: Thu, 2 Jun 2011 18:39:58 +0300 From: Henri Salo <henri@...v.fi> To: full-disclosure@...ts.grok.org.uk Subject: Re: find11.html On Tue, May 31, 2011 at 01:16:48PM +1000, Daniel Hood wrote: > Anyone else seen this going around? > > I've got a couple of links coming through for this via hacked email > accounts. Looks like its installing FakeAV. > > Links include: > www [dot] epo4 [dot] com [slash] find11.html > > I can't seem to find anything on google about it yet though. > > Dan Could someone share the sample with me? It seem that for me the domain does not resolv. Resolving safetylife2011.org... failed: Name or service not known. Bit strange.. foo@bar:~$ host safetylife2011.org safetylife2011.org has address 84.127.74.15 safetylife2011.org has address 71.37.32.247 safetylife2011.org has address 82.159.38.56 safetylife2011.org has address 85.84.60.87 safetylife2011.org has address 46.223.138.2 (TCP 80 not responding) Every online host is running nginx 0.8.54 web server. Best regards, Henri Salo _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists