[nsp-sec] iframe on OpenX server: similar experiences exploit experiences with AS6851

Peter Moody pmoody at google.com
Wed Aug 18 16:37:49 EDT 2010 

On Wed, Aug 18, 2010 at 12:33 PM, Carles Fragoso <cfragoso at cesicat.cat>wrote:

> ----------- nsp-security Confidential --------
>
> Hi,
>
> One well-known website here in Catalonia has been recently infected with an
> iframe on its OpenX Ad server that was pointing to 85.234.190.64. I still
> don't have the complete info to share.
>
> Anyone has had similar experiences with this AS6851 (ATECH-SAGADE)?
>
> ---
> 6851    | 85.234.190.64    | BKCNET _SIA_ IZZI
>
> inetnum:         85.234.190.0 - 85.234.191.255
> netname:         ATECH-SAGADE
> descr:           Sagade Ltd.
> descr:           Latvia, Rezekne, Darzu 21
> descr:           +371 20034981
> remarks:         abuse-mailbox: piotrek89 at gmail.com
> country:         LV
> admin-c:         TMCD111-RIPE
> tech-c:          TMCD111-RIPE
> status:          ASSIGNED PA
> mnt-by:          AS6851-MNT
> source:          RIPE # Filtered
> --
>
> I have seen several references already:
>
>  http://blog.dynamoo.com/2010/05/evilness-sagade-ltd-atech-sagade.html
>
> http://www.computersecurityarticles.info/security/exploits-malware-and-scareware-courtesy-of-as6851-bkcnet-sagade-ltd/
>
> http://ddanchev.blogspot.com/2010/07/exploits-malware-and-scareware-courtesy.html
>
> Abuse mailbox is a gmail account. If it is feasible, anyone from Google
> could take a look into this?
>

abuse contact for an iffy AS/domain is too thin of a reason for the gmail
folks to act on an account.

Sorry.

Cheers,
peter


> Warm regards,
>
> --
> Carlos Fragoso
> Incident Response Manager (CESICAT-CERT)
>
>
>
> _______________________________________________
> nsp-security mailing list
> nsp-security at puck.nether.net
> https://puck.nether.net/mailman/listinfo/nsp-security
>
> Please do not Forward, CC, or BCC this E-mail outside of the nsp-security
> community. Confidentiality is essential for effective Internet security
> counter-measures.
> _______________________________________________
>



-- 
Peter Moody      Google    1.650.253.7306
Network Security Engineer  pgp:0xC3410038

More information about the nsp-security mailing list