Something evil on 95.168.177.144: reddingtaxcm.com and .....

Discussions of all Adware-Spyware-Malware related topics to include all security products users may have concerns with.

Moderators: Admin Team, Moderators

User avatar
MysteryFCM
Site Admin
Site Admin
Posts: 3721
Joined: Sun May 15, 2005 12:42 pm
Location: Newcastle, UK
Contact:

Something evil on 95.168.177.144: reddingtaxcm.com and .....

Postby MysteryFCM » Thu Aug 11, 2011 4:04 pm

Something evil on 95.168.177.144: reddingtaxcm.com and inferno.name

reddingtaxcm.com is a legitimate domain that is registered at GoDaddy and has been hijacked to serve up malware, hosted on 95.168.177.144 (NetDirekt, Germany but more below..).

The malware appears to be a variant of Vundo / Virtumundo, the infection mechanism looks to be some sort of injection attack on third party sites.

Although the IP 95.168.177.144 is allocated to NetDirekt (now Leaseweb Germany), it belongs to part of a range suballocated to inferno.name of Serbia (apparently also known as v3Servers.net). Inferno featured recently in this blog with another similar malware attack, that time on 95.168.178.206. 95.168.177.0/4 seems to be full of (possibly fake) pharma sites.


Read more:
http://blog.dynamoo.com/2011/08/somethi ... 77144.html
Regards

Steven Burn
I.T. Mate / hpHosts
it-mate.co.uk / hosts-file.net

Keeping it FREE!

Return to “Countermeasures Discussions\News”

Who is online

Users browsing this forum: No registered users and 6 guests