aaron9615
(Aaron9615)
1
Just FYI to everyone I was dealing with a trojan infection today, its payload was a screen saver ad. The web address was
httpx://cdn.optmd.com/V2/41975/113830/index.html?g=Af////8=&r=wwxw.apples4teacher.com/holidays/spring/first-day-of-spring.html
The hyperlink has been removed so no accidental clicks. My best guess is once the user has the malware which is displayed as one of those awesome animated screen savers… :^( they would click on its link and that would download the other part of the unknown payload. Both of these websites have been added to our web filters. I would definitly reccommend everyone block it. Have a good one everyone one. Be safe out there. PS attached is a picture of the ad for visual identification.
11-14-2010 Just added another one from one out our forms being hit by a form spam bot. The website is wxww.bestyz.com , you will also want to block it . Make sure to remove the x out of the www before you add it though.
11-15-2010 Just added another one from one out our forms being hit by a form spam bot. The website is wxww.tu222.com, you will also want to block it . Make sure to remove the x out of the www before you add it though. Country of origin is Latvia on this one.
Aaron
3 Spice ups
Thanks for the heads up.
Just FYI: The link is still there.
aaron9615
(Aaron9615)
3
Thanks didn’t notice that ok I added an x at the end of the first http and an x in the middle of the www’s for the apple part 
so make sure anyone reading this deletes those x’s before adding them to your webfilters.
alex3031
(Alex3031)
5
Thanks for letting us know.
Thanks for the heads-up Aaron. We’ve actually had this happen here before… to one of us IT guys!! We were running Slacker.com & had it happen with one of the banner ads. We only run it in Sandboxie now (which is a WONDERFUL app if you’ve never used it before!!), just to be safe.
outnlimbo
(Jeff_D)
7
They definetely are on a rampage as of late!
Thanks for the heads up. Put in our filter just now…
