Watch out for the coordinated attack

 Landing on the following site not only get you a Codec/Zlob prompt, but my AV (NOD32 v3) jumps up and announces there is also an IFrame attack (JS/TrojanDownloader.Psyme.AAW) from several sites …



Although unusual for several exploits to be on the same (Codec) site … it’s nothing new … as you can see below you get redirected several times and are attacked from several sources … thankfully several are already blocked (entries in red) by the HOSTS file, and NOD32 killed the connection (zero bytes) to the site displayed above …



As you can see below there is quite a cast of characters involved … although these sites are hosted on several different IP blocks … they are all related … the download is actually from “thehotcodeczz(dot)com” which was only registered 18-Mar-2008



So what happened to my machine? … absolutely nothing! Just goes to show you that the majority of these type attacks can not get past the defenses of Windows Vista SP1 …



Comments are closed.