Author Topic: Something evil on and  (Read 5650 times)

0 Members and 1 Guest are viewing this topic.

August 11, 2011, 11:03:47 pm
Read 5650 times


  • Administrator
  • Hero Member

  • Offline
  • *****

  • 1693
  • Personal Text
    Phishing Phanatic
    • I.T. Mate
Something evil on and

Quote is a legitimate domain that is registered at GoDaddy and has been hijacked to serve up malware, hosted on (NetDirekt, Germany but more below..).

The malware appears to be a variant of Vundo / Virtumundo, the infection mechanism looks to be some sort of injection attack on third party sites.

Although the IP is allocated to NetDirekt (now Leaseweb Germany), it belongs to part of a range suballocated to of Serbia (apparently also known as Inferno featured recently in this blog with another similar malware attack, that time on seems to be full of (possibly fake) pharma sites.

Read more:

Steven Burn
I.T. Mate / hpHosts /