funsec mailing list archives
Re: Warning: dangerous sites
From: Paul Ferguson <fergdawgster () gmail com>
Date: Wed, 12 May 2010 17:57:52 -0700
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wed, May 12, 2010 at 6:03 PM, Rob, grandpa of Ryan, Trevor, Devon & Hannah <rMslade () shaw ca> wrote:
Sorry, but some of the sites listed here seem likely to contain malware. I'm not sure that there is any point in trying to obfuscate it. Apparently someone known as Kenny Strasser, or K-Strass, has been going around to television stations purporting to demonstrate yo-yo tricks (for a charity), and then turns out to be a talentless klutz. YouTube members find this screamingly funny: http://www.youtube.com/results?search_query=k-strass+&aq=f It has now been picked up by Mashable, so will probably have a wider audience: http://mashable.com/2010/05/12/yo-yo-champ/ (At least one link on that page is potentially dangerous.) The thing is, various sites associated with this "project" (whatever it is) seem to be rather unusual. Some of these may be the usual crop of malware sites relying on SEO, but at least one rather strange site is spelled out in one of the videos: zipzapllc.com A Twitter account warns against some "fake" sites, and Mashable seems to be directing people to one of those. (The Twitter account says their own site is zimzaminc.com ) zimzamyoyo.com zimzamyoyos.com Stumbled across this by accident, and so far have only been able to determine that there is a lot of JavaScript and redirecting going on.
I don't see anything immediately malicious, but did find this comment over on YoYoSkills.com: http://www.yoyoskills.com/?p=4065#comments Lots of JavaScript, sure, but again, nothing jumps out at me as overtly malicious. Probably someone trying to capitalize on the popularity of the original YoYo stuff. - - ferg -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.5.3 (Build 5003) wj8DBQFL606Kq1pz9mNUZTMRAtSLAKD8sBbKJUHV1y23CknV+luOs73bwACfQ+rM CpX9/QoVw/HDuO8yGMFbzcI= =IwTC -----END PGP SIGNATURE----- -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawgster(at)gmail.com ferg's tech blog: http://fergdawg.blogspot.com/ _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Warning: dangerous sites Rob, grandpa of Ryan, Trevor, Devon & Hannah (May 12)
- Re: Warning: dangerous sites Paul Ferguson (May 12)
- Re: Warning: dangerous sites Rob, grandpa of Ryan, Trevor, Devon & Hannah (May 13)
- Re: Warning: dangerous sites Paul Ferguson (May 12)