Strangely Perfect Crawling Across Chaos and Time Without End

Strange Virus Activity – NewHeur_PE

03rd February, 2008 · Posted in Bad Web, Computing, Crawling Chaos, Software
China Modern Search Attack

China Modern Search Attack

I’ve noticed some recently increasing activity on the unsolicited comments front to my Crawling Chaos blog as well as trackbacks and pingbacks. This has culminated with something I picked up using my “digital fingerprint”. It’s a link that goes to a webpage like this:

NewHeur PE virus dump 86x86 Strange Virus Activity NewHeur PEIt’s supposedly a simple search string but it fires up my NOD32 with a nice reply shown at right as soon as the page is moved or refreshed. This is especially activated on a page refresh. After activation, it keeps coming back even after doing the correct NOD32 stuff. Finally, the browser crashes out. It takes about 6 goes on NOD32 to terminate and close the virus with the tow-step “Terinate” and “Close AV Warning” steps… And it crashes Firefox as well. This means it’s pretty young as it’s a heuristic detection and the proper terminations are upsetting the system.

As you see, it’s blocking an executable being served from Retaguilas.com The whois return on this name is like this. Which is not a lot to go on. They seem to want to be alone or at least, private; which goes at odds with their actions of spamming loads of sites. When I checked, all there was was the simple Apache server first page including the CentOS mention.

So that’s that then! My advice, don’t follow the links through. Every single page on the so-called modernsearch.cn page is a duffer. And something in the page tries to install onto the local PC. There are two javascript bits. The first is a toggle that swaps the text supplied from a file between one of two selections, out of user sight. The second is a twat counter button sending back to Russia. There may be more. Life is too short. Just remember, they are all twats.

Amazon Related:

Possibly Related Sites Tags: Website, Firefox, Crawling Chaos
Related Posts by Tags
Tags: , , , , , , , , , , , , , , , , , , , , , , , ,

One Response to “Strange Virus Activity – NewHeur_PE”

  1. More Norton Problems at Strangely Perfect says:
    February 7, 2008 at 3:34 pm

    [...] the best software of it’s type I’ve used.  You can see something it’s trapped here on a recent posting.  This is a default installation without any of the spyware etc add-ons that are in the usual [...]

    Like or Dislike: Thumb up 0 Thumb down 0

    Reply

Leave a Reply

Comments links could be nofollow free.

Spam Protection by WP-SpamFree

Improve the web with Nofollow Reciprocity.

© 2007-2010 Strangely Perfect All Rights Reserved

Strangely Perfect is Digg proof thanks to caching by WP Super Cache