Editer l'article Suivre ce blog Administration + Créer mon blog
7 juin 2010 1 07 /06 /juin /2010 15:51

Just after the Adobe and French CERTA advisories, I wanted to talk a lil bit about the website that is said to host the Adobe 0day.

Here is Adobe's advisory:


According to Symantec (see: http://www.symantec.com/business/security_response/writeup.jsp?docid=2010-060601-3020-99, the suscpicious website is:

google-analytics. dynalias.org.

It quite clearly seems to be a fake Google Analytics portal. Not sure that it does steal user's credentials anyway...

Please note that :

- Netcraft did not warn about it (at the time of writing)

- IronPort does not detect it

- Secure Computing (trustedsource.org) does not detect it

- Firefox 3.6 does not tell anything

- internet Explorer 8 neither

and a very few AV vendors are said to be able to detect the PDF...

Here is what the website looks like:


The IP address is apparently located in Hong Kong... see:


and blacklisted at least once!

So I strongly recommend to remain prudent with that domain.

Partager cet article