Dantes Inferno Exploit Kit: 85.234.190.56

Query/note/request for addition to Avast scan:

Really stupid PDFs incoming from 85.234.190.56- names like bopmtt.pdf, zsmsmy.pdf, mgvfo.pdf.

Pdfs contain annoying rants that read like Dantes Inferno on acid.

Jsunpacker and a host of other sites believe that it is part of an exploit kit…

…just wondering if Avast crew might see if there is anything that can be done about it, or if it is a threat?

Cheers!

It is certainly a threat – I feel safer by disabling PDF viewing capability in my browsers, and using NoScript add-on with Firefox.

How Alwil will address this, I don’t know.

I am hoping the upcoming sandboxing capabilities of Adobe reader will help hxxp://www.zdnet.com/blog/security/adobe-adding-sandbox-to-pdf-reader-to-ward-off-hacker-attacks/6886

MalwareBytes Pro successfully blocked site :wink:

IP-BLOCK 85.234.190.56

Ok. Will tread carefully.

These Latvian morons are really going hard- there are some keyword searches that bring up the little monsters:

ppuut.com/sw/mssaezv/ucac.pdf

ppuut.com/sw/mssaezv/dpfwb.pdf

I wish o wish there were some nice hackers that could take down 85.234.190.56 / 85.234.190.57 for us ;D

C’mon.

YESSSSSS!

Well you could start by blocking those two IPs in your firewall (if you have one with that capability) or blocking using the HOSTS file.

However, that doesn’t get at what is trying to download them, so what else have you used to scan your system ?

Does avast alert on these pdf files when they are downloaded ?

Personally your crazy to even open them as by the comment “Jsunpacker and a host of other sites believe that it is part of an exploit kit…” the last thing you want to do is open a crafted pdf file if it is trying to exploit weaknesses in pdf readers, etc.

What pdf reader are you using ?

I too never read .pdf files via my browser, much safer if saved to disk, scanned and then opened in a more secure pdf reader (non-adobe pdf reader, which is a huge target, given its user base). Obviously this procedure only applies to pdf files that you legitimately elected to view.

Sound advice.

Unfortunately my pdf plug-in was playing up, so I nominated the Acrobat and it opened automatically. I think I was on google when it happened, but had just visited a site in Tehran for middle-eastern instruments.

Anyway. Now I have a txt file of the gobblygook inside it, and have erased the files. Unfortunately my scanning software and malware programs probably wont know the consequences, so no more ebay for me.

If those nasty little Latvians can hack through my handheld keygen for online banking, then they probably deserve my cash.

Now Im tempting fate. Thanks for all the advice people- [B]NoScript[B] is a real gem!

No problem, glad I could help.

Welcome to the forums.