Sponsored by..

Wednesday 13 January 2010

More on malvertisements running through Bootcampmedia.com

Sandi at Spyware Sucks has a closer look at the malvertisements running through Bootcampmedia.com and comes up with some more details, following up from this post yesterday.

In this case the endpoint of the infection has switched to bonnapet.com hosted on which is hosted by netdirekt e.K. / internetserviceteam.com, hardly surprising as they are one of the more common havens for crimeware. The internetserviceteam.com name appears to be a sub-brand used for black hat hosting .. perhaps it is time for a visit from the Bundespolizei?

1 comment:

MysteryFCM said...

The /mirror/ directory on bonnapet.com seems to have been removed (404's for me), but there's exploit code still present on the bonnapet.com homepage, which when decoded, shows someone isn't a fan of AVG;


Decoding the code shows the payload comes from the following, which surprisingly, also 404's for me atm;


/attempt #2 to post as my connection is apparently unstable atm