Author Topic: www.profilex-usa.com  (Read 3730 times)

0 Members and 1 Guest are viewing this topic.


August 05, 2009, 04:49:10 pm
Reply #1

cleanmx

  • Special Members
  • Hero Member

  • Offline
  • *

  • 3405
    • Spam-Filter Anti-Spam Virenschutz - CLEAN MX Managed Anti-Spam Service ist die Lösung für Ihr Spam-Problem
hi

network-owner already informed by me...

http://support.clean-mx.de/clean-mx/viruses.php?domain=profilex-usa.com&sort=first%20desc

this has bee the 2nd impact for this domain.

seems to be a small hosting company in Germany...


-- gerhard

August 05, 2009, 04:58:37 pm
Reply #2

SysAdMini

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 3335
hi

network-owner already informed by me...


Thanks. I had already started writing an e-mail to the company.
Ruining the bad guy's day

August 05, 2009, 06:16:40 pm
Reply #3

cleanmx

  • Special Members
  • Hero Member

  • Offline
  • *

  • 3405
    • Spam-Filter Anti-Spam Virenschutz - CLEAN MX Managed Anti-Spam Service ist die Lösung für Ihr Spam-Problem
hi

be shure, every active case in our database, and you know we sync in mdl .... will be notified !

-- gerhard

here our automatic complain for this case...

Quote
Dear abuse team,

please help to close these offending viruses sites(1) so far.

status: As of 2009-08-05 17:53:03 CEST
http://support.clean-mx.de/clean-mx/viruses.php?email=alf@ALL.DE&response=alive

(for full uri, please scroll to the right end ...

You may also subscribe to our MalwareWatch list http://lists.clean-mx.com/cgi-bin/mailman/listinfo/viruswatch

This information has been generated out of our comprehensive real time database, tracking worldwide viruses URI's

most likely also affected pages for these ip may be found via passive dns
please have a look on these other domains correlated to these ip
example: see  http://www.bfk.de/bfk_dnslogger.html?query=212.42.245.99

If your review this list of offending site, please do this carefully, pay attention for redirects also!
Also, please consider this particular machines may have a root kit installed !
So simply deleting some files or dirs or disabling cgi may not really solve the issue !

Advice: The appearance of a Virus Site on a server means that
someone intruded into the system. The server's owner should
disconnect and not return the system into service until an
audit is performed to ensure no data was lost, that all OS and
internet software is up to date with the latest security fixes,
and that any backdoors and other exploits left by the intruders
are closed. Logs should be preserved and analyzed and, perhaps,
the appropriate law enforcement agencies notified.

DO NOT JUST DELETE THE FILES. IF YOU DO NOT FIX THE SECURITY
PROBLEM, THEY WILL BE BACK!

You may forward my information to law enforcement, CERTs,
other responsible admins, or similar agencies.

+-----------------------------------------------------------------------------------------------

|id      ip      |domain      |Url|
+-----------------------------------------------------------------------------------------------
|136272   TR/Spy.71680.15   212.42.245.99   profilex-usa.com   http://www.profilex-usa.com/confidecial-uid.exe
+-----------------------------------------------------------------------------------------------


Your email address has been pulled out of whois concerning this offending network block(s).
If you are not concerned with anti-fraud measurements, please forward this mail to the next responsible desk available...


If you just close(d) these incident(s) please give us a feedback, our automatic walker process may not detect a closed case

explanation of virusnames:
==========================
unknown_html_RFI_php   not yet detected by scanners as RFI, but pure php code for injection
unknown_html_RFI_perl   not yet detected by scanners as RFI, but pure perl code for injection
unknown_html_RFI_eval   not yet detected by scanners as RFI, but suspect javascript obfuscationg evals
unknown_html_RFI   not yet detected by scanners as RFI, but trapped by our honeypots as remote-code-injection
unknown_html   not yet detected by scanners as RFI, but suspious, may be in rare case false positive
unknown_exe   not yet detected by scanners as malware, but high risk!
all other names   malwarename detected by scanners
==========================


yours

Gerhard W. Recher
(Geschäftsführer)

NETpilot GmbH

Wilhelm-Riehl-Str. 13
D-80687 München

Tel: ++49 89 547182 0
Fax: ++49 89 547182 33
GSM: ++49 171 4802507

Handelsregister München: HRB 124497

w3: http://www.clean-mx.de
e-Mail:   mailto:abuse@clean-mx.de
PGP-KEY:   Fingerprint: A4E317B6DC6494DCC9616366A75AB34CDD0CE552 id: 0xDD0CE552
Location: http://www.clean-mx.de/downloads/abuse-at-clean-mx.de.pub.asc