Please rate my new site - www.counter-pr.info
Over the past month, I received a message from several of my contacts in ICQ with the following content: β Please rate my new website - www.counter-pr.info β. And that's all, the contact disappears immediately from online. Attempts to ask a question, and about what it was, did not bring success - the contacts were silent. Interested in this phenomenon, I decided to google . The results are more than interesting ...
First, as it turned out, this is a Trojan program, which when entering the site asks for an installed downloader, which, in turn, downloads the second downloader already with a trojan. This worm starts sending messages from ICQ messages to your contacts with offers to visit their site. The calculation is simply one hundred percent true: surely many will follow the link sent to you by a friend. The result is another infected computer that starts sending messages.
Secondly, Viruslist reports the following thing:
')
In general, citizens, the conclusion is the most standard and painfully familiar: we do not open links from incomprehensible sites, even from friends.
UPD: on www.weaponplace.ru/forum/showthread.php?s=40602ca4b72b8017647f233eb7b5a36d&t=984&goto=nextnewest found great info on how to get rid of this filth.
First, as it turned out, this is a Trojan program, which when entering the site asks for an installed downloader, which, in turn, downloads the second downloader already with a trojan. This worm starts sending messages from ICQ messages to your contacts with offers to visit their site. The calculation is simply one hundred percent true: surely many will follow the link sent to you by a friend. The result is another infected computer that starts sending messages.
Secondly, Viruslist reports the following thing:
Yesterday, one of the users of Kaspersky Anti-Virus received a signal about incomprehensible browser actions while browsing www.5757.ru : the second page spontaneously opened, and the web anti-virus showed a warning about downloading a Trojan program. The user entered this site after seeing an advertisement on television.
In the process of analyzing the page, it turned out that the user almost became a victim of an attack by intruders. The Trojan download script for the Trojan-Downloader.JS.Psyme.ct , which in turn tried to download and run the Trojan-Downloader.Win32.Tiny.eo program, was embedded in the main page of the site. At the moment, another Trojan program is being downloaded from the site:
Further research showed that in addition to the site www.5757.ru , at least 470 servers were attacked by a hacker attack (the result of a query to Google on a line from the embedded script). One thing was common for these servers: they were all located on the site of Valuehost hosting provider.
')
In general, citizens, the conclusion is the most standard and painfully familiar: we do not open links from incomprehensible sites, even from friends.
UPD: on www.weaponplace.ru/forum/showthread.php?s=40602ca4b72b8017647f233eb7b5a36d&t=984&goto=nextnewest found great info on how to get rid of this filth.
Source: https://habr.com/ru/post/3339/
All Articles