note: Rereading the original email, I see that the domain is wrong. Moscowtimes.ru and moscowtimes.com are not the same thing. Moscowtimes.com is for sale and has been for a while(I suspect they want the Moscow Times to buy it). Infecting moscowtimes.com is a lot more probable - its a site with basic set-up, security, etc that looks enough like a very popular site to confuse visitors into visiting the fake one and getting infected. For all I know the owner of the site was complicit in the infections, but I doubt it.
http://whois.domaintools.com/moscowtimes.com http://whois.domaintools.com/moscowtimes.ru On Thu, Sep 30, 2010 at 6:25 AM, Kimberly Zenz <[email protected]> wrote: > All it means is that someone placed malicious code on the Moscow Times > page that will install on your computer and then allow for the > installation of something else, almost certainly a trojan - see > http://en.wikipedia.org/wiki/Trojan_horse_(computing). > > This is very common vector of infection and legitimate sites > compromised to serve malware comprise roughly 50% of all sites > infecting visitors. Several Russian government sites already fell prey > to this scheme. > > The problem is that Google et al will keep warnings for 90 days, > which, even if the Moscow Times fixes their site and improves their > security to an impossibly impenetrable level, visitors will still be > warned that it could be dangerous and many will not read further, they > will just stay away. This makes infections like this damaging to > organizations beyond the initial infections, but also makes infecting > a site a nice little tool of damaging its credibility, readership, > etc. Sketchy businesses have used it against each other, and even > governments - I've seen this trick targeting Chinese human rights > sites. > > In other words, its common (especially in Russia, although usually on > Russian-language sites), its damaging and its nasty. > > On Thu, Sep 30, 2010 at 5:31 AM, <[email protected]> wrote: >> I also get a notice from Norton Antivirus that "An intrusion attempt was >> blocked" and Risk name: "MSIE ADODB. stream Object File Installation >> Weakness", whatever that might mean.. >> >> Probably they prefer we subscribe to the print edition? )) >> >> Message: 4 >> Date: Thu, 30 Sep 2010 10:05:46 +0400 >> From: Charles Borden <[email protected]> >> Subject: Expat List Moscow Times blocked >> To: The Moscow Expat List <[email protected]> >> Message-ID: <c8ca117a.9e6d6%[email protected]> >> Content-Type: text/plain; charset="US-ASCII" >> >> Since last night my browser has been throwing up a message that >> www.themoscowtimes.com is a "Reported Attack Page" and has been blocked by >> my browser (Firefox). I tried Chrome also and got the same message. Anyone >> else have this problem? >> Charles >> >> _______________________________________________ >> Expat mailing list >> [email protected] >> http://www.lists.ru/mailman/listinfo/expat >> http://www.expat.ru/forum/ >> > _______________________________________________ Expat mailing list [email protected] http://www.lists.ru/mailman/listinfo/expat http://www.expat.ru/forum/
