more so to crop the password toolbar and other tabs I had open (no, there was nothin' naughty, I promise!). The domain name is visible on the file download warning; page was index.php with a long string of characters as a parameter to it. I didn't go back to see if the parameter was necessary to launch that particular page; maybe this weekend in a VM if I'm bored. I have the URL and page source (obfuscated javascript) saved.
On a related note, does anyone know how to search within the Temporary Internet Files on Win7? I'm curious as to where this site came from; I think it may have been an errant click on an advertisement. I was going to try a findstr on the directory, but its all hidden and virtualized now; what you see in explorer is not what you see on the command line. Of course, I may not find a thing if it was a redirect from an ad site, but thought it worth knowing how to do anyway. On Fri, May 20, 2011 at 8:00 AM, Erik Goldoff <[email protected]> wrote: > Jeff, did you intentionally crop the top of the screen capture to > eliminate the URL ? > > > > *Erik Goldoff*** > > *IT Consultant* > > *Systems, Networks, & Security * > > ' Security is an ongoing process, not a one time event ! ' > > *From:* Matthew B Ames [mailto:[email protected]] > *Sent:* Friday, May 20, 2011 4:02 AM > > *To:* NT System Admin Issues > *Subject:* RE: Fake AV site > > > > I saw that site about a week ago when I was at home. I think I was using > Chrome at the time however. Likewise I just closed my browser tab (and > performed a full scan with ESET). > > > > *From:* Jeff Bunting [mailto:[email protected]] > *Sent:* 20 May 2011 01:29 > *To:* NT System Admin Issues > *Subject:* Fake AV site > > > > Ran across a fake AV site this evening, with a faux-windows explorer web > page. Anyone have favorite places to report this sort of thing? I sent > the URL to Google's malware reporting, didn't know if there were other > well-regarded places to submit these > > > > Here's a .png screenshot of the web page I took if anyone's interested > (SkyDrive). The green progress bar was animated and completed its > "scan" before the "windows security alert" popped up. The page was easily > closed by killing the IE tab (the domain name appears in the image) > > > > > http://public.blu.livefilestore.com/y1pHzOqf6GUpj4i-Jmq3CZd6VhkMg0yNK33pu-4PcTBzLjmkydC3bY_BUfYoKsbnH-a7DaUXp9fq8CyGwHEQAepWw/FakeAV.png?psid=1 > > > > > > Jeff > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > > This email and any attachments to it may be confidential and are intended > solely for the use of the individual to whom it is addressed. If you are not > the intended recipient of this email, you must neither take any action based > upon its contents, nor copy or show it to anyone. Please contact the sender > if you believe you have received this email in error. QinetiQ may monitor > email traffic data and also the content of email for the purposes of > security. QinetiQ Limited (Registered in England & Wales: Company Number: > 3796233) Registered office: Cody Technology Park, Ively Road, Farnborough, > Hampshire, GU14 0LX http://www.qinetiq.com. > http://www.qinetiq.com > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
