[nsp-sec] fake av using fake review sites on 217.20.175.74
Smith, Donald
Donald.Smith at qwest.com
Tue Mar 10 16:52:58 EDT 2009
http://www.bleepingcomputer.com/forums/topic204619.html
"When we installed Anti-virus-1 in order to write our removal guide, we noticed that it added a series of entries into the Windows hosts file. These entries are:
O1 - Hosts: 217.20.175.74 www.review.2009softwarereviews.com
O1 - Hosts: 217.20.175.74 review.2009softwarereviews.com
O1 - Hosts: 217.20.175.74 a1.review.zdnet.com
O1 - Hosts: 217.20.175.74 www.d1.reviews.cnet.com
O1 - Hosts: 217.20.175.74 www.reviews.toptenreviews.com
O1 - Hosts: 217.20.175.74 reviews.toptenreviews.com"
whois -h whois.cymru.com 217.20.175.74
AS | IP | AS Name
15772 | 217.20.175.74 | WNET W-NET Ukraine
whois -h upstream-whois.cymru.com 217.20.175.74
PEER_AS | IP | AS Name
2914 | 217.20.175.74 | NTT-COMMUNICATIONS-2914 - NTT America, Inc.
9002 | 217.20.175.74 | RETN-AS ReTN.net Autonomous System
10310 | 217.20.175.74 | YAHOO-1 - Yahoo!
Sure would be nice to have this one taken down.
I don't think wnet is represented here perhaps one of their upstreams could give them a clue stick:)
H8Hz
Donald.Smith at qwest.com gcia
More information about the nsp-security
mailing list