Can you spot the fake

Hopefully it should be easy to spot the fake … at first I thought this was some kind of a Phishing site, but it appears they are using all the content from CNet’s MP3 site for some unknown reason. Well other than to infect your system. As I mentioned before any time you see that warning “Remote Data Services Data Control” watch out! … this is NOT from Microsoft! This is the generic warning IE7 throws up when an exploit is trying to enter the system.




The culprit is “nnew-adult(dot)info” (highlighted in red below) detected as: Win32/TrojanDownloader.Nurech.NAT … which is already included in the HOSTS file. Both “get-it-fast” and “nnew-adult” are both hosted at “Rbusiness Network” which is well known for hosting malicious content and exploit sites.



As you can see the content of the bogus page is being entirely drawn from CNet. Also notice the “activex.microsoft.com” entries, this is what Windows generates when a prompt has been interrupted … that’s a good thing … I’m going to try and contact someone at CNet and see if they will drop Rbusiness Network a friendly little note …



13 Responses to “Can you spot the fake”

  1. Your e-mail to another MSMVP found it’s way to me. Thank you for reporting this to us. I have forwarded this to the appropriate people in our company to investigate.

    Thanks again! We appreciate this.

    Best regards,
    -Lee
    CNET Community

Leave a Reply