Dernière Mise à jour le
Already got it some days ago, but i didnt pay any attention.
Tube8.com is a large porn website – 130k at Alexa.com
then leads to a TDS clickstatonlinetreker.com/in.cgi?4 (22.214.171.124 – LEASEWEB – NL)
leads to appletreestore.com/ (126.96.36.199 – LeaseWeb -NL)
and finally to the Exploit Kit – mixicams.com/discussing/soon-rarely_bodies_combinations.php (188.8.131.52 – Creative-Telematics-Trade
This time, it’s not a ransomware Fake Police but a Trojan.Zbot.
More Zbot last times, there is also a malvertising on Clicksor that leads to Zbot.
(but clicksor leading to malware, this is « normal »)
Nom du fichier : nature.exe
Ratio de détection : 3 / 46
Date d’analyse : 2013-04-30 09:27:50 UTC (il y a 16 minutes)
Comodo UnclassifiedMalware 20130430
Kaspersky Trojan-Spy.Win32.Zbot.kyug 20130430
Kingsoft Win32.Troj.Zbot.ky.(kcloud) 20130422
The malvertising is probably present on the others websites of the PornHub Network
EDIT 05/01/2013 : 150k / 240k day
Thank to MalwareScene
Looks like fixed.
Got Access to the TDS statistics.
100k / 200k uniq day.
With around 10% of success, they probably reached 15k / 24k infected computers per day.
The malvertising on PornHub Network begans 04/28.
Look like before, they were somefind in redtube.com according the referrer.
The TDS is a quite old, they targed others country in the past.