Blog for hpHosts, and whatever else I feel like writing about ....

Wednesday, 22 June 2011

Part 3: Interserver, malware, and the Scottish weather

Well, the bad guys tried fooling everyone by changing the filename yet again (sorry Mr Bad Guy - we're not that stupid).

You'll remember that they were using HostNOC as of the latest incarnations, and I both e-mailed, and phoned HostNOC on the 20th, the day the move was made, and the person I spoke to advised me they were giving the customer a 24 hour warning. 3 days later, and it was still online, still serving malicious content.

I've just phoned HostNOC yet again, and they're finally taking it offline, advising me the entire account would be suspended within the next 5 mins (and yes HostNOC, I'll be verifying that).

Sadly, it seems Interserver STILL haven't taken action, as .38 is STILL spewing the malicious file (again, with the new filename);

Seems it's polymorphic too, as I've recorded 2 pull downs of the file, with 2 different MD5s;


So Interserver, what's your excuse?


Part 2: Interserver, malware, and the Scottish weather

Interserver, malware, and the Scottish weather

No comments: