| View previous topic :: View next topic |
| Author |
Message |
redwolfe_98
Corporal
Joined: Dec 16, 2003
Posts: 63
Location: South Carolina, USA
|
 Posted: Fri Dec 28, 2007 11:49 am Post subject: Geocities |
|
|
maybe this has been posted before, but i ran across this site, today, in a spam-email:
hxxp://geocities.com/KelvinOdonnell
my antivirus program went crazy when i clicked the link..
|
|
| Back to top |
|
 |
brewt
SIRT Handler
Premium Member
Joined: May 29, 2007
Posts: 792
Location: USA
|
| Posted: Fri Dec 28, 2007 3:59 pm Post subject: |
|
|
can you be more specific?
what antivirus product are you using?
presumably it gave you a warning message?
it may even have identified the virus it thinks it found.
|
|
| Back to top |
|
|
tetak
MIRT Team Lead
Premium Member
Joined: Jan 19, 2007
Posts: 5878
|
| Posted: Fri Dec 28, 2007 4:03 pm Post subject: |
|
|
The site uses code to redirect users to
which is currently down.
_________________
Got Windows XP? Help protect your PC from malware with Microsofts anti-spyware program Windows Defender.
Download it for free from http://www.microsoft.com/athome/security/spyware/software/default.mspx
Last edited by tetak on Fri Dec 28, 2007 4:08 pm, edited 1 time in total |
|
| Back to top |
|
|
brewt
SIRT Handler
Premium Member
Joined: May 29, 2007
Posts: 792
Location: USA
|
|
| Back to top |
|
|
redwolfe_98
Corporal
Joined: Dec 16, 2003
Posts: 63
Location: South Carolina, USA
|
| Posted: Fri Dec 28, 2007 6:44 pm Post subject: |
|
|
i don't have a record, now, of the things that "antivir" flagged.. i had 10 individual antivir-alerts when i opened the webpage..
i went to the "linkscanner" website and had it scan the webpage.. i think that it reported that in had numerous issues, one of which was "warezov sploit" and something about a "get splice" vulnerability..
apparently, the webpage has been taken down, now..
|
|
| Back to top |
|
|
redwolfe_98
Corporal
Joined: Dec 16, 2003
Posts: 63
Location: South Carolina, USA
|
| Posted: Sat Dec 29, 2007 3:05 am Post subject: |
|
|
| tetak wrote: | The site uses code to redirect users to
|
yes, tetak, that was the reason that i clicked the geocities-link in the first place, because i figured that it redirected to some other webpage, and i wanted to report them, for "spam", which i did.. the "swuyy.com" webpage was not down, at the time..
apparently the geocities webpage IS up, now.. here is what "linkscanner" reports when it scans the geocities webpage:
DANGEROUS: LinkScanner Online has found
[Search engine hijack]
Detail: Exploit: Warezov sploit launcher
This is actually a new obfuscation of several common exploits, the newest being SetSlice, which, at the time of initial detection, was being used to install the Warezov worm on vulnerable systems.
Risk Category: Exploit
|
|
| Back to top |
|
|
redwolfe_98
Corporal
Joined: Dec 16, 2003
Posts: 63
Location: South Carolina, USA
|
| Posted: Sun Dec 30, 2007 8:11 pm Post subject: |
|
|
i have been getting a lot of spam, lately, with links to other geocities webpages that seem to have the same "malware".. here is a link to the latest one that i got:
hxxp://geocities.com/SamSoto34
"linkscanner" says:
Exploit: Warezov sploit launcher
This is actually a new obfuscation of several common exploits, the newest being SetSlice, which, at the time of initial detection, was being used to install the Warezov worm on vulnerable systems.
i would like to know where the "warezov worm" is being downloaded from..
|
|
| Back to top |
|
|
tetak
MIRT Team Lead
Premium Member
Joined: Jan 19, 2007
Posts: 5878
|
|
| Back to top |
|
|
|
|
Forum FAQ
Search
Usergroups
Profile
Login to check your private messages
Login
