Forum
Comments:
-
- on Sun 08 Nov 2009
- 01:01:43 PM UTC
.....
The infection isn't always on the root. In this case, it's a file called redir.php, which redirects elsewhere to show a FAKE 404.
vURL analysis
http://vurl.mysteryfcm.co.uk/?url=1083663This URL is part of the Zeus botnet.
Regards
Steven Burn
Ur I.T. Mate Group / hpHosts
it-mate.co.uk / hosts-file.net -
- on Sun 08 Nov 2009
- 01:52:55 PM UTC
....
Ok! but when I visit hxxp://nortulls.se It´s not redirecting me with this file- redir.php and it doesn´t show me a FAKE 404. All it shows in the URL is hxxp://nortulls.se/ not hxxp://nortulls.se/redir.php.
Sorry for beeing so blunt about it, maybe it´s because I dont understand how these things work like you guys do.
-
- on Sun 08 Nov 2009
- 01:59:07 PM UTC
.....
As mentioned, it's not always the root of the site that is involved. In some cases, it's only specific *files* on the server that are part of an infection, phishing scam or whatnot.
Regards
Steven Burn
Ur I.T. Mate Group / hpHosts
it-mate.co.uk / hosts-file.net -
- on Sun 08 Nov 2009
- 09:07:07 PM UTC
perhaps
Zeus Botnet
notice the redir.php referencing:
xxxdessert.namealong with the malwareurl.com listing
-------
WOT Services Ltd. - gives us safety through Web of Trust.
WOT Community - gives us security through unity.
Thank you all
- G7W -
- on Sun 08 Nov 2009
- 09:16:07 PM UTC
Rated and commented. Thanx
Rated and commented.
Thanx for the info g7w
norrtulls.se
This site apparently was found on a Malwaredomains blacklist. Hmm, I checked the site and...nothing bad at all. it´s an autoshop in sweden.
http://www.mywot.com/en/scorecard/norrtulls.se
~You have not lived, until you´ve found something worth dying for.