Just after the Adobe and French CERTA advisories, I wanted to talk a lil bit about the website that is said to host the Adobe 0day.
Here is Adobe's advisory:
According to Symantec (see: http://www.symantec.com/business/security_response/writeup.jsp?docid=2010-060601-3020-99, the suscpicious website is:
It quite clearly seems to be a fake Google Analytics portal. Not sure that it does steal user's credentials anyway...
Please note that :
- Netcraft did not warn about it (at the time of writing)
- IronPort does not detect it
- Secure Computing (trustedsource.org) does not detect it
- Firefox 3.6 does not tell anything
- internet Explorer 8 neither
and a very few AV vendors are said to be able to detect the PDF...
Here is what the website looks like:
The IP address 22.214.171.124 is apparently located in Hong Kong... see:
and blacklisted at least once!
So I strongly recommend to remain prudent with that domain.