Bienvenido! - Willkommen! - Welcome!

Bitácora Técnica de Tux&Cía., Santa Cruz de la Sierra, BO
Bitácora Central: Tux&Cía.
Bitácora de Información Avanzada: Tux&Cía.-Información
May the source be with you!

Saturday, November 15, 2008

TR/Crypt.XPACK.Gen & Felix Mendelssohn B.

http://upload.wikimedia.org/wikipedia/commons/thumb/b/b1/Mendelssohn_Bartholdy_1821.jpg/430px-Mendelssohn_Bartholdy_1821.jpgDo you like classical music styles)? What about Mendelssohn Bartholdy?
Looking for info about him I followed the link from google.com and
... encontrará la imagen en su contexto original en la página: cukedismissivev.blogspot.com/2008/09/felix-me...
Hmm... The blog from Davis: Agiotage
Whow! A lot of images of my predilected composer.
But Pay attention to the 4th of the links or the second of the pair of similar links
Or perhaps you would click at any of the images (from yabayaba.net?) as:
www.yabayaba.net/media/celebrity/db127/tk_felix+mendelssohn+bartholdy+sommernachtstraum/9277
and... surprise!:
PornTube.com version 2.0? Huh?
The URL is
http://fav-tube-xxx.net/xvideo.php?etcetera...
The Home, Video Channels and Community tabs and other sign Up, QuickList, Help, Log In, Site links are linked only to
http://fav-tube-xxx.net/xfreeporn.php?id=21167# (the same page)
with an forbidden access at the top level domain or root address (fav-tube-xxx.net) on an apache server named at tube-viewer.com that is a fake domain.
Simplified: When you select a movie from this list you see as a webpage a jpg image embedded with javascript code
Clicking at some selected pornmovie your browser redirects to a page
where you see the typical video viewer you always use in youtube.com,
but it doesn't show the same behavior (If you know what noscript is,
you know what I'm refering here)
As example the 6th video from sonny:
http://fav-tube-xxx.net/xvideo.php?Author=Sonny&Length=16:36&Rating=5&Views=6&thumbn=/dtr/thumbs/tttt18.jpg
Be careful!
You see a typical "html formatted page" (is only a image!) with comments of the porn lovers, changing mouse pointers, etc., but the only thing that happens is that you are confronted to download a litevideocodec.4.exe from an attack site (http://trusted-software-4pc.net)
This executable is the trojan pest TR/Crypt.XPACK.Gen
Look for the advisory provided by Google about this tricky site redirections and fakes.
Porn is not healthy, definitely is better that you make love!

No comments: