Malicious .biz site and browser vulnerabilities

This from as well… A user visited a webpage and got redirected to hxxp:// (tt changed to xx to protect anyone from getting there…)

Among other things… the page was obfuscated and many malicious bits of software loaded through javascript…. such as hxxp:// and hxxp:// and hxxp:// and some sort of loaderadv443.jar and…

It looks like a bunch of malicious software trying to exploit a variety of vulnerabilities (old and new). Apparently this isn’t a new way of getting these installed (they found 9 DNS names have been used in the last week) – and all have been used by an machine at

They’ve tried contacting the ISP and for fun infected a VMware virtual machine. More than 50 files were pulled down from all over.

Not that Firefox is invincible, but … most exploits in the wild affect unpatched Internet Explorer vulnerabilities which is why I usually recommend Firefox…

   Send article as PDF   

Similar Posts