kpatzMY HEAD A SPLODEPremium
|reply to moonpuppy |
Re: foxnews.com infected?
I was playing around in the VM, emailing a friend of mine, and noting the crazy "warnings" that my cool new anti-virus has been warning me of.
Here's a couple:
Internet Explorers addon Shockwave Flash vs.3 found to be linking to the FormSpy website hosted at IP address 22.214.171.124 and installing FOrmSpy using an old VBS/Psyme exploit targeting Internet Explorer. These websites are believed to have been penetrated and modified by hackers. VBS/Psyme can be deleted proactively in Internet Explorer (IE). This is a detection for a malware that was discovered in the wild on July 24, 2009 (PST). Its installer was proactively detected as New Malware.ag (now Downloader-AXM). This addon tries to send your private information to attackers IP 126.96.36.199 (Malaysia)
So, they detect malware that won't be discovered for another 3+ months.
"Windows Meta File Vulnerability - Vulnerability"
"The vulnerability itself is regarded as extremely critical (the highest possible rating). As yet, there is no patch for this vulnerability. Exploit this vulnerability are Trojan-Downloaders, which install other Trojan programs on the victim machine. At the moment, Trojan programs are being downloaded from unionseek.com and iframeurl.biz. New modifications of these programs may appear".
I'll leave the VM running overnight and then see if it's harder to remove tomorrow. --
To ISPs: Leave our ports alone! If I want ports blocked, I'll do it myself, thank you.