Latest sources says that Inoxmovies.com was infected.
The source code for http://www.inoxmovies.com contains references to . A Google search for "" gives
jyothylaboratories.com as one of the results. Apparently making
detergents and showing movies doesn't involve securing corporate
websites.
Another search for intext:".info/ur.php>" shows a lot more
domains that have a similar naming convention (eg: http://google-stats45.info/ur.php)
and which are marked as suspicious by Google Safe Browsing.
A lookup on the URL gives the IP 77.78.239.63, which is presumably
located in the Republic of Moldova (which is is a landlocked country
in Eastern Europe, located between Romania to the west and Ukraine to
the north, east and south - src:Wikipedia.com) and is hosted with an
ISP called Maxhosting-services. Another IP Geo Location result puts it
in Bosnia And Herzegovina. The domain is registered as ruslan7777.com
by this dude called Avaris Pinofopoulos (src:
http://www.malwareurl.com/listing.php?ip=77.78.239.63). Another search
puts the registrant to be Vasea Petrovich, who stays (or works) in
Varlaam, Moscow, Postal Code 76549.
Google says the google-stats55.info site is clean (http://
www.google.com/safebrowsing/diagnostic?site=http://google-stats55.info).
It also says that the site acted as an intermediary for the infection
of 3 sites. Im not trusting them on this one.
Proceeding further on Inoxmovies.com takes you to a fake antivirus
software site that shows how it has scanned your computer and found
several infections in My Computer.
Thanks to Riyaz Ahamed for researching on this topic..!
The source code for http://www.inoxmovies.com contains references to . A Google search for "" gives
jyothylaboratories.com as one of the results. Apparently making
detergents and showing movies doesn't involve securing corporate
websites.
Another search for intext:".info/ur.php>" shows a lot more
domains that have a similar naming convention (eg: http://google-stats45.info/ur.php)
and which are marked as suspicious by Google Safe Browsing.
A lookup on the URL gives the IP 77.78.239.63, which is presumably
located in the Republic of Moldova (which is is a landlocked country
in Eastern Europe, located between Romania to the west and Ukraine to
the north, east and south - src:Wikipedia.com) and is hosted with an
ISP called Maxhosting-services. Another IP Geo Location result puts it
in Bosnia And Herzegovina. The domain is registered as ruslan7777.com
by this dude called Avaris Pinofopoulos (src:
http://www.malwareurl.com/listing.php?ip=77.78.239.63). Another search
puts the registrant to be Vasea Petrovich, who stays (or works) in
Varlaam, Moscow, Postal Code 76549.
Google says the google-stats55.info site is clean (http://
www.google.com/safebrowsing/diagnostic?site=http://google-stats55.info).
It also says that the site acted as an intermediary for the infection
of 3 sites. Im not trusting them on this one.
Proceeding further on Inoxmovies.com takes you to a fake antivirus
software site that shows how it has scanned your computer and found
several infections in My Computer.
Thanks to Riyaz Ahamed for researching on this topic..!
|
Post a Comment