Cite: http://my.opera.com/securitygroup/blog/2013/06/26/opera-infrastructure-attack Here’s the important bit: “The attackers were able to obtain at least one old and expired Opera code signing certificate, which they have used to sign some malware. This has allowed them to distribute malicious software which incorrectly appears to have been published by Opera Software, or appears to be the Opera browser. […]
People… we’re seeing topihost.com getting into ad traffic. Be alert. Shares IP with motserv.com and intorav.com and omastat.com Also gigaslot.cc (lists its address as “200, korkeiw, street das funky mate, 30”)
tovohost.com: sharing IP with ertoplusir.com, findsovill.com, humeserv.com, lotserv.com, orgitom.com, petohost.com, rolthost.com, tovohost.com, vodistat.com aodgha.net: sharing IP with aodgha.net, dghfr.net, klrwe.net, lsidbbesct.net, pcswevvbztd.net, rlkwe.net, rlkwg.net, sex-and.net, xspo.net, xwvu.net Can I please remind everybody that they can take proactive steps to reduce the risk of being sold malvertizing – take a look at this URL, and […]
Malvertizing hasn’t gone away – it’s just not in the press as often… keep an eye out for these latest domains, and please treat with extreme caution. fxpromocode.com turiserv.com (sharing IP with findsovil.com, humeserv.com, orgitom.com, petohost.com, tovohost.com, vodistat.com) doxastat.com (previously at 94.242.221.30, shared IP with turiserv.com etc) flemboyant.com (Registrar: Center of Ukranian Internet Names) […]