Overblog
Editer l'article Suivre ce blog Administration + Créer mon blog
26 mars 2010 5 26 /03 /mars /2010 23:07
Once again, I was not even expecting to get a sample that way...

Here is the
message I received on one of the Skype accounts I use as 'honeypots' (one day ago):

MSG_Skype_dreams-lady.com_250310.jpg 


I never requested in any way to receive such ads!

Okay so let's go to 'dreams-lady'. To be honest, at this point, I was really expecting a malicious website, or even a fake portal to steal my CB number...
Sometimes the habit does not help you out at 100%...

However, I was surprised to see the website that responds to dreams-lady. Here is a screenshot:
dreams-lady.com_250310-copie-1.jpg


Looks really like a kindda russian version of meetic, huh? just kidding.

Just in case of, I had a look at the WhoIs. And there came an unexpected surprise:
http://www.domaincrawler.com/domains/view/dreams-lady.com
 
Wow,
IP located in China? seems weird.  
Any other information provided by the WhoIs looks relevant to a russian origin.

Just a thought... let's see the
IP reputation...
An old tool: 
http://www.dnsbl.info/dnsbl-database-check.php
Bingo...!
59.53.91.107 listed! And I do trust SpamHaus' lists.

But that's not all. The IP address really seems to be a chineese one: 
http://www.ip-adress.com/whois/59.53.91.107

Okay then, russian domain name, chineese IP... still looks strange to me.

But the IP address reveals other interesting details:
http://support.clean-mx.de/clean-mx/viruses.php?sort=firstseen%20desc&review=59.53.91.107
Listed because I is said to host a malware.

And guess what... ESET confirms it (access blocked while accessing it)

 

Partager cet article

Repost0

commentaires