Blog for hpHosts, and whatever else I feel like writing about ....

Thursday 9 July 2009

microsotf.cn and myb88.com back in exploits

DNS-BH has reported that microsotf.cn and myb88.com are back doing exploits folks. This would be a great time to go through your sites codes and check you're properly filtering user input/querystrings etc, and of course, changing FTP etc passwords frequently is always a good idea (though you must ensure the machine you do this from is clean as it's going to be a waste of time if it's infected with for example, a keylogger).

Ref:
http://www.malwaredomains.com/wordpress/?p=543

microsotf.cn is currently returning 127.0.0.1 according to OpenDNS, even after a cache check, but was previously at 91.212.198.37 (NEVAL - AS49314), which is hosting all sorts of malicious goodness;

http://hosts-file.net/?s=91.212.198.37&view=matches

/edit

My friend from DNS-BH pointed out that Google's diagnostics last visited microsotf.cn today and last found malware today;

http://www.google.com/safebrowsing/diagnostic?site=http://microsotf.cn/&hl=en

I've got it on monitoring, so I'll know when it starts resolving properly again. I've checked with the guys from OpenDNS, and the domain's name servers are returning 127.0.0.1, so it looks like they're trying to evade something .... they'll be back (again), they always are.

No comments: