Exploit opens Windows Contacts

Landing on “google-stats(dot)cn” (courtesy of MalwareDomainList) redirects to the following site … which pops-up the generic Microsoft warning (Remote Data Services Data Control) … however this time and this is a first for me is a prompt to open Vista’s Windows Contacts …

Naturally any time you see the “Remote Data Services Data Control prompt … as I’ve mentioned many times before, this is an exploit trying to invade your system. The Windows Contacts pop-up is something I’ll check out … since once I clicked “Don’t allow” the site redirected to Google … I’m not really sure what would have happened if I allow the javascript on that site to access Windows Contacts … and I didn’t want to find out …

The “/doc.pdf” entry is an attempt to exploit Adobe Reader which always seems to be under attack lately. Symantec detection details here. This is one of the reasons I no longer use Adobe Reader and found the FoxitReader (freeware) to fit my needs nicely and is faster and much smaller (2.6 mb download)

It’s no surprise that “myfrooogle(dot)cn” is hosted at HostFresh – [58.65.232.0 – 58.65.239.255]

Norton Safe Web has analyzed myfrooogle(dot)cn for safety and security problems.
Below is a sample of the threats that were found.   Screenshot not available 
Viruses
   Severity: High – 6 instances found.”

In checking several other online scanners … McAfee’s SiteAdvisor hadn’t scanned the site and AVG’s LinkScanner reported:
Congratulations! LinkScanner Online did not find any exploits.” … ouch!!
At least Google lists this site as harmful … Yahoo does not as it uses McAfee’s SiteAdvisor …



Comments are closed.