site malware ulr

hxxp://www.geekspeed.tv/wp-content/themes/TheStyle/cache/mfode.html?mmj=eqs.hsm&mhsy=un.he&shc=kidm

eset smart security 5.0 HTML/refresh.AV Troyano

Despite the fact that an attempt was made to make the link above non-clickable, it is still live. Hovering the mouse over the link still resolves to http://. Please break the link to this site by xxx’ing out the .www format in the url.

New members may click this accidentally, and if, as you say, the link is malicious, we would not want them to come here only to get infected, eh?

EDIT: Removed unneeded remark. I did see a redirect when clicking the above link, something about “You have been invited here by friends”, in large bold text, so I got out before it fully loaded. No damage as I run Sandboxie in XP.

Hello,
thanks for info gb90. It was added in to our DB. There was a redirect to another malicious site and that site was blocked too.
Regards,
Jan

Hello Sirmer,

There is another onecoming from that same IP, 173.236.169.25, : htxp://zulu.zscaler.com/submission/show/846693e4569f9109a8ff9210bc8e962b-1335451426
Avast does not detect yet? htxps://www.virustotal.com/file/6fa179fb7950157906cf1c16b641a9cd9ce6c463bf00dbb75c2836cdbe6d7beb/analysis/
Threat there known as Trojan.HTML.Redirector.AI,

polonus

@Polonus

That IP’s malware is still active. :-
Sucuri doesn’t seem to find the “/files/thumbnails/” here: http://sitecheck.sucuri.net/results/staganddoe.jennandbryce.com

@gbe90

Sucuri also misses it here:
http://sitecheck.sucuri.net/results/www.geekspeed.tv

The pattern is the same, we should take that into mind. Minor differences include the wording inside the

tag and the quotes around “refresh”.

Hi !Donovan,

Thanks for the heads-up on this one. Good your very thorough analysis brought this threat up.
What is so dangerous about this kind of malware? The fact that it even will run in SafeMode.
So it is evident that it should be flagged,

polonus