Saturday, November 01, 2008

Nyet, Alexey! No worm from you!

I check out I Can Haz Cheezburger fairly regularly. Like many of the larger sites nowadays, it has a boatload of small adverts all over. Just this morning, as the site was loading, Norton popped up a message:


Attempted Intrusion "HTTP Misleading Application Detection" against your machine was detected and blocked.

Bah-ROO!!??

A quick check of the Norton log shows the following:


Details: Attempted Intrusion "HTTP Misleading Application Detection" against your machine was detected and blocked.
Intruder: infoclicknow.com(http(80)).
Risk Level: High.
Protocol: TCP.
Attacked IP: XXXXXXXXXXXXXX.
Attacked Port: 1463.

So, who is "infoclicknow.com", I wonder?


A quick ICANN check provided the following:


Registrant:
Alexey Vasiliev +7.3834427722
Alexey Vasiliev
Ol. Duducha 21/2 53
Moskow,NSK,RUSSIAN FEDERATION 630122

Domain Name:infoclicknow.com
Record last updated at 2008-10-22 13:03:18
Record created on 2008/10/22
Record expired on 2009/10/22

Domain servers in listed order:
ns1.freefastdns.com ns2.freefastdns.com

Administrator:
name: Alexey Vasiliev
mail: tel: +7.3834427722
org: Alexey Vasiliev

address: Ol. Duducha 21/2 53
city: Moskow
,province: NSK
,country: RUSSIAN FEDERATION
postcode: 630122

Technical Contactor:
name: Alexey Vasiliev
mail: tel: +7.3834427722
org: Alexey Vasiliev

address: Ol. Duducha 21/2 53
city: Moskow
,province: NSK
,country: RUSSIAN FEDERATION
postcode: 630122

Billing Contactor:
name: Alexey Vasiliev
mail: tel: +7.3834427722
org: Alexey Vasiliev

address: Ol. Duducha 21/2 53
city: Moskow
,province: NSK
,country: RUSSIAN FEDERATION
postcode: 630122

Registration Service Provider:
name: Regtime.net
tel: +7 8462698077
fax: +7 8462698057
web:http://www.webnames.ru


Imagine that? A Russian who is trying to pass malware? Whoda thunk it?


Jaless Alexey! Nyet!


NOTE: Very poor translation: S____ Alexey! No!

1 comment:

Anonymous said...

Welcome to a malicious advertisement that Norton helped protect you from! Looks like that site has TONS of ads on it so no wonder malicious adverts are popping up. Glad to see we helped!