suspicious site

Discussion in 'Computer Security' started by Rick Merrill, Jan 24, 2008.

  1. Rick Merrill

    Rick Merrill Guest

    how do you check out something like this?

    volny.cz/svhgjtt/dental-plan.html
     
    Rick Merrill, Jan 24, 2008
    #1
    1. Advertising

  2. David H. Lipman, Jan 24, 2008
    #2
    1. Advertising

  3. Rick Merrill

    Rick Merrill Guest

    David H. Lipman wrote:
    > From: "Rick Merrill" <>
    >
    > | how do you check out something like this?
    > |
    > | volny.cz/svhgjtt/dental-plan.html
    >
    > It is a malware related web site that uses VBS/Psyme to download a Renos trojan and a
    > ByteVerify exploit to install a rogue anti malware utility called Spy-Shredder.
    >
    >


    I didn't know about 'byteverify' but it appears to be a highjacked site,
    but 'from whom' it was highjacked i couldn't tell. Is the whole 'cz'
    domain not to be trusted?
     
    Rick Merrill, Jan 24, 2008
    #3
  4. From: "Rick Merrill" <>


    | I didn't know about 'byteverify' but it appears to be a highjacked site,
    | but 'from whom' it was highjacked i couldn't tell. Is the whole 'cz'
    | domain not to be trusted?

    The ByteVerify is a Java exploit.

    Example McAfee log...
    5/5/2007 6:58:39 PM Deleted (Clean failed) DLIPMAN-1\lipman
    D:\temp\jar_cache30809.tmp\JAR_CACHE30809.TMP Exploit-ByteVerify

    It is NOT a hijacked site. It is purposefully malicious.
    I can not state that all .CZ (Czech Republic) Domains can not be trusted.

    --
    Dave
    http://www.claymania.com/removal-trojan-adware.html
    Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
     
    David H. Lipman, Jan 24, 2008
    #4
  5. Rick Merrill

    Sebastian G. Guest

    David H. Lipman wrote:


    > D:\temp\jar_cache30809.tmp\JAR_CACHE30809.TMP Exploit-ByteVerify
    >
    > It is NOT a hijacked site. It is purposefully malicious.
    > I can not state that all .CZ (Czech Republic) Domains can not be trusted.


    But what we can tell for sure is that the owner is horribly stupid. The Byte
    Verifier vulnerability was, well, Java JDK 1.1? Even the similiar-to-Java-
    but-not-actually-Java-VM that Microsoft shipped with Windows 2000 and XP was
    already at JDK 1.2 level, not vulnerable to this thing.

    I still wonder how this thing is still in usage, even though the most stupid
    bad guy would recognize an infection rate of essentially zero.
     
    Sebastian G., Jan 25, 2008
    #5
  6. From: "Sebastian G." <>


    |
    | But what we can tell for sure is that the owner is horribly stupid. The Byte
    | Verifier vulnerability was, well, Java JDK 1.1? Even the similiar-to-Java-
    | but-not-actually-Java-VM that Microsoft shipped with Windows 2000 and XP was
    | already at JDK 1.2 level, not vulnerable to this thing.
    |
    | I still wonder how this thing is still in usage, even though the most stupid
    | bad guy would recognize an infection rate of essentially zero.

    Exploit-ByteVerify is rather generic. Many newer versions of Sun Java were also vulnerable.
    There have been many variants to ByteVerify and they seem to increase.

    --
    Dave
    http://www.claymania.com/removal-trojan-adware.html
    Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
     
    David H. Lipman, Jan 25, 2008
    #6
  7. Rick Merrill

    Sebastian G. Guest

    David H. Lipman wrote:


    > | But what we can tell for sure is that the owner is horribly stupid. The Byte
    > | Verifier vulnerability was, well, Java JDK 1.1? Even the similiar-to-Java-
    > | but-not-actually-Java-VM that Microsoft shipped with Windows 2000 and XP was
    > | already at JDK 1.2 level, not vulnerable to this thing.
    > |
    > | I still wonder how this thing is still in usage, even though the most stupid
    > | bad guy would recognize an infection rate of essentially zero.
    >
    > Exploit-ByteVerify is rather generic. Many newer versions of Sun Java were also vulnerable.



    Hm? I've followed through the release notes of every version of Sun's Java
    VM since JDK 1.2 and I'm very sure that they never mentioned any security
    vulnerability in the bytecode verifier. Not even after they changed the
    class format for helping implement the much simpler and more secure
    SSA-based verifier.

    > There have been many variants to ByteVerify and they seem to increase.


    According to my analysis, it's the same old disfunctional crap from '98.
     
    Sebastian G., Jan 25, 2008
    #7
  8. Rick Merrill

    blackhat Guest

    On Jan 23, 7:20 pm, Rick Merrill <>
    wrote:
    > how do you check out something like this?
    >
    > volny.cz/svhgjtt/dental-plan.html


    You don't, just stay away from it
     
    blackhat, Jan 26, 2008
    #8
  9. Rick Merrill

    Casper Guest

    Rick Merrill brought next idea :
    > how do you check out something like this?
    >
    > volny.cz/svhgjtt/dental-plan.html


    I use a text browser like Lynx to go to suspicious sites
    (there is also a lynx for windows)
     
    Casper, Feb 1, 2008
    #9
  10. Rick Merrill

    Todd H. Guest

    Rick Merrill <> writes:

    > how do you check out something like this?
    >
    > volny.cz/svhgjtt/dental-plan.html


    Curl would pull the html down and dump it in a text file -- handy
    commandline tool.

    --
    Todd H.
    http://www.toddh.net/
     
    Todd H., Feb 1, 2008
    #10
  11. Rick Merrill

    paul Guest

    On Feb 1, 9:25 pm, (Todd H.) wrote:
    > Rick Merrill <> writes:
    > > how do you check out something like this?

    >
    > > volny.cz/svhgjtt/dental-plan.html

    >
    > Curl would pull the html down and dump it in a text file -- handy
    > commandline tool.
    >
    > --
    > Todd H.http://www.toddh.net/


    www.siteadvisor.com
     
    paul, Feb 5, 2008
    #11
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. boris
    Replies:
    16
    Views:
    797
    Andrew Clover
    Oct 18, 2004
  2. Joe

    Suspicious script

    Joe, Sep 9, 2003, in forum: Computer Support
    Replies:
    2
    Views:
    621
  3. wgreene
    Replies:
    5
    Views:
    641
    Plato
    Jul 31, 2004
  4. John Black

    suspicious application in task manager?

    John Black, Jun 29, 2005, in forum: Computer Security
    Replies:
    3
    Views:
    552
    Winged
    Jul 1, 2005
  5. Sam

    Suspicious Icons on Desktop

    Sam, Apr 30, 2006, in forum: Computer Security
    Replies:
    36
    Views:
    3,124
Loading...

Share This Page