Firefox gets another update

Published: 2009-04-27
Last Updated: 2009-04-28 12:20:32 UTC
by Joel Esler (Version: 4)
0 comment(s)

Didn't I just post about Firefox getting updated?  Well, I'm not complaining, good for Mozilla. 

Looks like a memory corruption bug that was introduced in 3.0.9.  In particular the users of HTML Validator (a Firefox add-on) were receiving crashes, and upon further review of the situation, Mozilla found the mem corruption bug. 

Anyway, here's the security announcement from Mozilla.  Time to update, again.

-- Joel Esler

http://www.joelesler.net

http://twitter.com/joelesler

Keywords:
0 comment(s)

Swine Flu (Mexican Flu) related domains

Published: 2009-04-27
Last Updated: 2009-04-28 00:07:25 UTC
by Johannes Ullrich (Version: 1)
0 comment(s)

This is a first cut of a list of "Swine Flu" related domains. In Europe, this flu is usually refered to as "Mexican Flu". Right now none of the domains is spreading  malware or running donation scams. One appears to seel questionable pharmaceuticals (symptoms-of-swine-flu.com). The rest are either just parked, or offer some kind of information and may try to make some money with Google ads. Lots of the "information" is very minimal/incomplete/hype, but this classification is beyond a quick scan of the content.

Please let us know if you come across anything of interest. (use our contact page)

The list comes from Bojan's passive DNS system. (he will talk about this at SANSFIRE in June... don't miss it ).

h1n1swineflu.com			links to birdflu site (google ads)
human-swine-influenza.com		under construction
humanswineflu.com			same as h1n1swineflu.com
pandemicswineflu.com			same as h1n1swineflu.com
swine-flu-info.co.nz			info site (google ads)
swine-flu-information.com		info site (google ads)
swine-flu-news.com			info site (google ads)
swine-flu-symptoms.com			info site
swine-flu-symptoms.info			info site (link to google ads)
swine-flu-vaccine.sdfgdfd.us		junk search / link site
swine-flu.info				godaddy parked
swine-flu.net				godaddy parked
swine-flu.org				godaddy parked
swine-influenza-news.org		info site (google ads)
swineflu-symptoms.com			godaddy parked
swineflu.biz				same as h1n1swineflu.com
swineflu.info				same as h1n1swineflu.com
swineflu.us				same as h1n1swineflu.com
swineflubase.com			under construction (wordpress site)
swineflublog.com			info site (google ads)
swinefludrugs.com			same as h1n1swineflu.com
swinefluforum.com			swineflu.org, forum
swineflumaps.com			info site (google ads)
swineflupost.com			under construction
swinefluprecaution.com			godaddy parked
swinefluprecautions.com			godaddy parked
swineflusymptoms.net			directory index / under construction
swineflusymptoms.us			info site / onclose ads
swineflusymtoms.com			unrelated info / ebay ads / amazon ads
swineflusyptoms.com			godaddy parked
swineflusyptoms.net			godaddy parked
swineflutv.com				same as h1n1swineflu.com
swinefluvaccine.info			godaddy parked
swinefluvaccines.com			same as h1n1swineflu.com
swinefluvirussymptoms.com		godaddy parked
swineinfluenzasymptoms.com		junk site / parked
symptoms-of-swine-flu.com		pharma ad, tamiflu UK (legit?)
symptoms-of-swine-flu.info		info site (google ads)
theswineflu.com				parked/ads
theswineflusymptoms.com			info site (google ads)

 

 

------
Johannes B. Ullrich, Ph.D.
SANS Technology Institute     Follow johullrich on twitter

0 comment(s)

Comments

What's this all about ..?
password reveal .
<a hreaf="https://technolytical.com/">the social network</a> is described as follows because they respect your privacy and keep your data secure:

<a hreaf="https://technolytical.com/">the social network</a> is described as follows because they respect your privacy and keep your data secure. The social networks are not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go.

<a hreaf="https://technolytical.com/">the social network</a> is not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go. The social networks only collect the minimum amount of information required for the service that they provide. Your personal information is kept private, and is never shared with other companies without your permission
https://thehomestore.com.pk/
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> public bathroom near me</a>
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> nearest public toilet to me</a>
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> public bathroom near me</a>
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> public bathroom near me</a>
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> nearest public toilet to me</a>
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> public bathroom near me</a>
https://defineprogramming.com/
https://defineprogramming.com/
Enter comment here... a fake TeamViewer page, and that page led to a different type of malware. This week's infection involved a downloaded JavaScript (.js) file that led to Microsoft Installer packages (.msi files) containing other script that used free or open source programs.
distribute malware. Even if the URL listed on the ad shows a legitimate website, subsequent ad traffic can easily lead to a fake page. Different types of malware are distributed in this manner. I've seen IcedID (Bokbot), Gozi/ISFB, and various information stealers distributed through fake software websites that were provided through Google ad traffic. I submitted malicious files from this example to VirusTotal and found a low rate of detection, with some files not showing as malware at all. Additionally, domains associated with this infection frequently change. That might make it hard to detect.
https://clickercounter.org/
Enter corthrthmment here...

Diary Archives