Hi everyone.
First post from me even though I signed up over a year ago and followed the old 606 forums mostly as a phantom, but had one or two posts on the old 606 before it closed.
Anyway the reason for my post is that I've been informed from my computer services that my computer was infected with a Trojan from a link about Norwich City football club. Because I'm a scientist I use Linux which usually means no problem but this one could exploit even Linux systems!? It was probably from an external website posted on here, and I'll post the response from my computer services below.
I was completely unaware and so thought it prudent to tell everyone here not only to be careful with links but to check their computer for possible malware.
Looking more closely we can see the requests were made by a Linux
system as the result of a malicious link from a website about Norwich
City football team:
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:10.0.6) Gecko/20120717
Firefox/10.0.6
The requested/redirected site has a poor reputation and is likely to
be hosting malware in particular the Blackhole exploit kit:
http://www.malwaredomainlist.com/mdl.php?search=141.8.224.25
http://www.mywot.com/en/scorecard/141.8.224.25
It is likely that what we observed was only the redirection to the
exploit site and not post-exploit behaviour - but Blackhole
specifically serves exploits based on OS and is known to include Linux.
First post from me even though I signed up over a year ago and followed the old 606 forums mostly as a phantom, but had one or two posts on the old 606 before it closed.
Anyway the reason for my post is that I've been informed from my computer services that my computer was infected with a Trojan from a link about Norwich City football club. Because I'm a scientist I use Linux which usually means no problem but this one could exploit even Linux systems!? It was probably from an external website posted on here, and I'll post the response from my computer services below.
I was completely unaware and so thought it prudent to tell everyone here not only to be careful with links but to check their computer for possible malware.
Looking more closely we can see the requests were made by a Linux
system as the result of a malicious link from a website about Norwich
City football team:
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:10.0.6) Gecko/20120717
Firefox/10.0.6
The requested/redirected site has a poor reputation and is likely to
be hosting malware in particular the Blackhole exploit kit:
http://www.malwaredomainlist.com/mdl.php?search=141.8.224.25
http://www.mywot.com/en/scorecard/141.8.224.25
It is likely that what we observed was only the redirection to the
exploit site and not post-exploit behaviour - but Blackhole
specifically serves exploits based on OS and is known to include Linux.
