The domains I checked were themoscowtimes.com and moscowtimes.ru, not moscowtimes.com. The domain themoscowtimes.com now loads without the message, moscowtimes.ru still displays it. CB
On 9/30/10 2:32 PM, "Kimberly Zenz" <ktz...@gmail.com> wrote: > note: Rereading the original email, I see that the domain is wrong. > Moscowtimes.ru and moscowtimes.com are not the same thing. > Moscowtimes.com is for sale and has been for a while(I suspect they > want the Moscow Times to buy it). Infecting moscowtimes.com is a lot > more probable - its a site with basic set-up, security, etc that looks > enough like a very popular site to confuse visitors into visiting the > fake one and getting infected. For all I know the owner of the site > was complicit in the infections, but I doubt it. > > http://whois.domaintools.com/moscowtimes.com > http://whois.domaintools.com/moscowtimes.ru > > On Thu, Sep 30, 2010 at 6:25 AM, Kimberly Zenz <ktz...@gmail.com> wrote: >> All it means is that someone placed malicious code on the Moscow Times >> page that will install on your computer and then allow for the >> installation of something else, almost certainly a trojan - see >> http://en.wikipedia.org/wiki/Trojan_horse_(computing). >> >> This is very common vector of infection and legitimate sites >> compromised to serve malware comprise roughly 50% of all sites >> infecting visitors. Several Russian government sites already fell prey >> to this scheme. >> >> The problem is that Google et al will keep warnings for 90 days, >> which, even if the Moscow Times fixes their site and improves their >> security to an impossibly impenetrable level, visitors will still be >> warned that it could be dangerous and many will not read further, they >> will just stay away. This makes infections like this damaging to >> organizations beyond the initial infections, but also makes infecting >> a site a nice little tool of damaging its credibility, readership, >> etc. Sketchy businesses have used it against each other, and even >> governments - I've seen this trick targeting Chinese human rights >> sites. >> >> In other words, its common (especially in Russia, although usually on >> Russian-language sites), its damaging and its nasty. >> >> On Thu, Sep 30, 2010 at 5:31 AM, <marsh...@aol.com> wrote: >>> I also get a notice from Norton Antivirus that "An intrusion attempt was >>> blocked" and Risk name: "MSIE ADODB. stream Object File Installation >>> Weakness", whatever that might mean.. >>> >>> Probably they prefer we subscribe to the print edition? )) >>> >>> Message: 4 >>> Date: Thu, 30 Sep 2010 10:05:46 +0400 >>> From: Charles Borden <char...@bordenfamily.info> >>> Subject: Expat List Moscow Times blocked >>> To: The Moscow Expat List <expat@lists.ru> >>> Message-ID: <c8ca117a.9e6d6%char...@bordenfamily.info> >>> Content-Type: text/plain; charset="US-ASCII" >>> >>> Since last night my browser has been throwing up a message that >>> www.themoscowtimes.com is a "Reported Attack Page" and has been blocked by >>> my browser (Firefox). I tried Chrome also and got the same message. Anyone >>> else have this problem? >>> Charles >>> >>> _______________________________________________ >>> Expat mailing list >>> Expat@lists.ru >>> http://www.lists.ru/mailman/listinfo/expat >>> http://www.expat.ru/forum/ >>> >> > _______________________________________________ > Expat mailing list > Expat@lists.ru > http://www.lists.ru/mailman/listinfo/expat > http://www.expat.ru/forum/ > _______________________________________________ Expat mailing list Expat@lists.ru http://www.lists.ru/mailman/listinfo/expat http://www.expat.ru/forum/