|
|
|
|
01-24-2008, 12:20 AM
|
#1 |
suspicious site
how do you check out something like this?
volny.cz/svhgjtt/dental-plan.html Rick Merrill |
|
|
|
01-24-2008, 12:39 AM
|
#2 |
|
Posts: n/a
|
Re: suspicious site
From: "Rick Merrill" <>
| how do you check out something like this? | | volny.cz/svhgjtt/dental-plan.html It is a malware related web site that uses VBS/Psyme to download a Renos trojan and a ByteVerify exploit to install a rogue anti malware utility called Spy-Shredder. -- Dave http://www.claymania.com/removal-trojan-adware.html Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp David H. Lipman |
|
|
|
01-24-2008, 05:17 PM
|
#3 |
|
Posts: n/a
|
Re: suspicious site
David H. Lipman wrote:
> From: "Rick Merrill" <> > > | how do you check out something like this? > | > | volny.cz/svhgjtt/dental-plan.html > > It is a malware related web site that uses VBS/Psyme to download a Renos trojan and a > ByteVerify exploit to install a rogue anti malware utility called Spy-Shredder. > > I didn't know about 'byteverify' but it appears to be a highjacked site, but 'from whom' it was highjacked i couldn't tell. Is the whole 'cz' domain not to be trusted? Rick Merrill |
|
|
|
01-24-2008, 11:12 PM
|
#4 |
|
Posts: n/a
|
Re: suspicious site
From: "Rick Merrill" <>
| I didn't know about 'byteverify' but it appears to be a highjacked site, | but 'from whom' it was highjacked i couldn't tell. Is the whole 'cz' | domain not to be trusted? The ByteVerify is a Java exploit. Example McAfee log... 5/5/2007 6:58:39 PM Deleted (Clean failed) DLIPMAN-1\lipman D:\temp\jar_cache30809.tmp\JAR_CACHE30809.TMP Exploit-ByteVerify It is NOT a hijacked site. It is purposefully malicious. I can not state that all .CZ (Czech Republic) Domains can not be trusted. -- Dave http://www.claymania.com/removal-trojan-adware.html Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp David H. Lipman |
|
|
|
01-25-2008, 12:12 AM
|
#5 |
|
Posts: n/a
|
Re: suspicious site
David H. Lipman wrote:
> D:\temp\jar_cache30809.tmp\JAR_CACHE30809.TMP Exploit-ByteVerify > > It is NOT a hijacked site. It is purposefully malicious. > I can not state that all .CZ (Czech Republic) Domains can not be trusted. But what we can tell for sure is that the owner is horribly stupid. The Byte Verifier vulnerability was, well, Java JDK 1.1? Even the similiar-to-Java- but-not-actually-Java-VM that Microsoft shipped with Windows 2000 and XP was already at JDK 1.2 level, not vulnerable to this thing. I still wonder how this thing is still in usage, even though the most stupid bad guy would recognize an infection rate of essentially zero. Sebastian G. |
|
|
|
01-25-2008, 12:35 AM
|
#6 |
|
Posts: n/a
|
Re: suspicious site
From: "Sebastian G." <>
| | But what we can tell for sure is that the owner is horribly stupid. The Byte | Verifier vulnerability was, well, Java JDK 1.1? Even the similiar-to-Java- | but-not-actually-Java-VM that Microsoft shipped with Windows 2000 and XP was | already at JDK 1.2 level, not vulnerable to this thing. | | I still wonder how this thing is still in usage, even though the most stupid | bad guy would recognize an infection rate of essentially zero. Exploit-ByteVerify is rather generic. Many newer versions of Sun Java were also vulnerable. There have been many variants to ByteVerify and they seem to increase. -- Dave http://www.claymania.com/removal-trojan-adware.html Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp David H. Lipman |
|
|
|
01-25-2008, 02:47 AM
|
#7 |
|
Posts: n/a
|
Re: suspicious site
David H. Lipman wrote:
> | But what we can tell for sure is that the owner is horribly stupid. The Byte > | Verifier vulnerability was, well, Java JDK 1.1? Even the similiar-to-Java- > | but-not-actually-Java-VM that Microsoft shipped with Windows 2000 and XP was > | already at JDK 1.2 level, not vulnerable to this thing. > | > | I still wonder how this thing is still in usage, even though the most stupid > | bad guy would recognize an infection rate of essentially zero. > > Exploit-ByteVerify is rather generic. Many newer versions of Sun Java were also vulnerable. Hm? I've followed through the release notes of every version of Sun's Java VM since JDK 1.2 and I'm very sure that they never mentioned any security vulnerability in the bytecode verifier. Not even after they changed the class format for helping implement the much simpler and more secure SSA-based verifier. > There have been many variants to ByteVerify and they seem to increase. According to my analysis, it's the same old disfunctional crap from '98. Sebastian G. |
|
|
|
01-26-2008, 06:32 PM
|
#8 |
|
Posts: n/a
|
Re: suspicious site
On Jan 23, 7:20*pm, Rick Merrill <rick0.merr...@NOSPAM.gmail.com>
wrote: > how do you check out something like this? > > volny.cz/svhgjtt/dental-plan.html You don't, just stay away from it blackhat |
|
|
|
02-01-2008, 04:02 PM
|
#9 |
|
Posts: n/a
|
Re: suspicious site
Rick Merrill brought next idea :
> how do you check out something like this? > > volny.cz/svhgjtt/dental-plan.html I use a text browser like Lynx to go to suspicious sites (there is also a lynx for windows) Casper |
|
|
|
02-01-2008, 04:25 PM
|
#10 |
|
Posts: n/a
|
Re: suspicious site
Rick Merrill <> writes:
> how do you check out something like this? > > volny.cz/svhgjtt/dental-plan.html Curl would pull the html down and dump it in a text file -- handy commandline tool. -- Todd H. http://www.toddh.net/ Todd H. |
|
|
 |
| Thread Tools | Search this Thread |
|
|
Similar Threads
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| Netflix Business Model | Gary | DVD Video | 59 | 12-09-2004 08:10 PM |
