Classic tip · Classic
Malicious .biz site and browser vulnerabilities
This from incidents.org as well... A user visited a webpage and got redirected to hxxp://iframebiz.biz/dl/adv443.php (tt changed to xx to protect anyone from getting there...) Among other things... t…
This from incidents.org as well... A user visited a webpage and got redirected to hxxp://iframebiz.biz/dl/adv443.php (tt changed to xx to protect anyone from getting there...)
Among other things... the page was obfuscated and many malicious bits of software loaded through javascript.... such as hxxp://iframebiz.biz/dl/adv443/sploit.anr and hxxp://iframebiz.biz/dl/loadadv443.exe and hxxp://iframebiz.biz/dl/adv443.hta and some sort of loaderadv443.jar and... http://iframebiz.biz/dl/adv443/x.chm
It looks like a bunch of malicious software trying to exploit a variety of vulnerabilities (old and new). Apparently this isn't a new way of getting these installed (they found 9 DNS names have been used in the last week) - traffsale.biz iframesite.biz iframetraff.biz toolbartraff.biz buytraff.biz iframecash.biz toolbarurl.biz iframebiz.biz and toolbarbiz.biz all have been used by an machine at 81.9.5.10
They've tried contacting the ISP and for fun infected a VMware virtual machine. More than 50 files were pulled down from all over.
Not that Firefox is invincible, but ... most exploits in the wild affect unpatched Internet Explorer vulnerabilities which is why I usually recommend Firefox...