Blog for hpHosts, and whatever else I feel like writing about ....

Thursday, 11 August 2011

Alert: criminality and malware - again

Something evil on and is a legitimate domain that is registered at GoDaddy and has been hijacked to serve up malware, hosted on (NetDirekt, Germany but more below..).

The malware appears to be a variant of Vundo / Virtumundo, the infection mechanism looks to be some sort of injection attack on third party sites.

Although the IP is allocated to NetDirekt (now Leaseweb Germany), it belongs to part of a range suballocated to of Serbia (apparently also known as Inferno featured recently in this blog with another similar malware attack, that time on seems to be full of (possibly fake) pharma sites.

Read more:

The sooner Leaseweb/NetDirekt boot Inferno, the better (they're well known for their involvement with criminals, so quite why it's not been done yet is beyond me).


kygeek said...

i concur with this recent malware attack on a customer of mine originating from which is a block of singlehop ip's in the US. Sent mail to their abuse department. we will see how it goes.

hunter c said...

I got an 'attack' from Mcfee blocked it apparently. My computer had a meltdown yesterday.

hunter c said...

I had an 'attack' from yesterday. My computer has had a meltdown aswell. Did a 24 hour restore on it and its back to normal after the antivirus download.