Overblog
Editer l'article Suivre ce blog Administration + Créer mon blog
7 juin 2010 1 07 /06 /juin /2010 15:51

Just after the Adobe and French CERTA advisories, I wanted to talk a lil bit about the website that is said to host the Adobe 0day.


Here is Adobe's advisory:

http://www.adobe.com/support/security/advisories/apsa10-01.html


According to Symantec (see: http://www.symantec.com/business/security_response/writeup.jsp?docid=2010-060601-3020-99, the suscpicious website is:

google-analytics. dynalias.org.


It quite clearly seems to be a fake Google Analytics portal. Not sure that it does steal user's credentials anyway...


Please note that :

- Netcraft did not warn about it (at the time of writing)

- IronPort does not detect it

- Secure Computing (trustedsource.org) does not detect it

- Firefox 3.6 does not tell anything

- internet Explorer 8 neither

and a very few AV vendors are said to be able to detect the PDF...


Here is what the website looks like:


capture_googleAnalytics_dynalias_070610.jpg


The IP address 180.149.252.136 is apparently located in Hong Kong... see:

http://www.robtex.com/dns/google-analytics.dynalias.org.html

and blacklisted at least once!


So I strongly recommend to remain prudent with that domain.




Partager cet article

Repost0

commentaires