Re: [Full-disclosure] find11.html



Seen (links to) 90 separate web servers... no obvious commonalities between them.


On May 31, 2011, at 5:06 AM, Giles Coochey wrote:

On Tue, May 31, 2011 05:16, Daniel Hood wrote:
Anyone else seen this going around?

I've got a couple of links coming through for this via hacked email
accounts. Looks like its installing FakeAV.

Links include:
www [dot] epo4 [dot] com [slash] find11.html

Redirects to safetylife2011.org, IP is 173.162.218.161

AVG intercepted a threat on my Virtual Box Lab from 188.229.89.137 as
"Exploit Rogue Scanner (type 1652)"



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/



Relevant Pages