« previous next »
Pages: [1]   Go Down

Author Topic: Something evil on 95.168.177.144: reddingtaxcm.com and inferno.name  (Read 5650 times)

0 Members and 1 Guest are viewing this topic.

August 11, 2011, 11:03:47 pm
Read 5650 times

MysteryFCM

  • Administrator
  • Hero Member
  • Offline
  • *****
  • 1693
  • Personal Text
    Phishing Phanatic
    • I.T. Mate
Something evil on 95.168.177.144: reddingtaxcm.com and inferno.name
Something evil on 95.168.177.144: reddingtaxcm.com and inferno.name

Quote
reddingtaxcm.com is a legitimate domain that is registered at GoDaddy and has been hijacked to serve up malware, hosted on 95.168.177.144 (NetDirekt, Germany but more below..).

The malware appears to be a variant of Vundo / Virtumundo, the infection mechanism looks to be some sort of injection attack on third party sites.

Although the IP 95.168.177.144 is allocated to NetDirekt (now Leaseweb Germany), it belongs to part of a range suballocated to inferno.name of Serbia (apparently also known as v3Servers.net). Inferno featured recently in this blog with another similar malware attack, that time on 95.168.178.206. 95.168.177.0/4 seems to be full of (possibly fake) pharma sites.

Read more:
http://blog.dynamoo.com/2011/08/something-evil-on-95168177144.html
Logged
Regards

Steven Burn
I.T. Mate / hpHosts
it-mate.co.uk / hosts-file.net
Pages: [1]   Go Up
« previous next »