Can you spot the fake

Hopefully it should be easy to spot the fake ... at first I thought this was some kind of a Phishing site, but it appears they are using all the content from CNet's MP3 site for some unknown reason. Well other than to infect your system. As I mentioned before any time you see that warning "Remote Data Services Data Control" watch out! ... this is NOT from Microsoft! This is the generic warning IE7 throws up when an exploit is trying to enter the system.

The culprit is "nnew-adult(dot)info" (highlighted in red below) detected as: Win32/TrojanDownloader.Nurech.NAT ... which is already included in the HOSTS file. Both "get-it-fast" and "nnew-adult" are both hosted at "Rbusiness Network" which is well known for hosting malicious content and exploit sites.

As you can see the content of the bogus page is being entirely drawn from CNet. Also notice the "activex.microsoft.com" entries, this is what Windows generates when a prompt has been interrupted ... that's a good thing ... I'm going to try and contact someone at CNet and see if they will drop Rbusiness Network a friendly little note ...

Published Thursday, September 13, 2007 2:53 AM by winhelp2002
Filed under:

Comments

# re: Can you spot the fake

Thursday, September 13, 2007 11:58 AM by Lee

Your e-mail to another MSMVP found it's way to me. Thank you for reporting this to us. I have forwarded this to the appropriate people in our company to investigate.

Thanks again! We appreciate this.

Best regards,

-Lee

CNET Community

# Little Big Tomatoes » Blog Archive » The one with the evil jscript on my blog…

Sunday, August 24, 2008 11:13 AM by Little Big Tomatoes » Blog Archive » The one with the evil jscript on my blog…

Pingback from  Little Big Tomatoes  » Blog Archive   » The one with the evil jscript on my blog…