It seems someone compromised the ministryofrum(dot)com recently, replacing an understanding and appreciation of rum with malicious PDF files instead.
The site is fixed now, but compare the clean site results here with the results served up while the page wasn’t looking too healthy.
The PDFs were coming from korvet(dot)in, and you can see some of the VirusTotal results here (6/40) and here (24/41). Those are Alureon and Sasfis variants, typically linked to scareware installs, banking trojans and keyloggers – not really what you want ending up on your computer. It seems that the files loaded up are a little bit random, so detection rates could go up or down depending on what happens to be served at the time (and I’m certainly not talking about rum).
Thanks to Todd Towles for the heads up!
Christopher Boyd
View full post on Sunbelt Blog
Related Posts
- Surrounded by Malicious PDFs
Malicious PDF files and related exploits are invading the Net. Looking at the CVE records in the National Vulnerability Database for Adobe products, we see a dramatic increase in 2009.
Since January ... - Malicious PDFs find a novel way of running JavaScript
Earlier this year I gave a talk at the Virus Bulletin conference in Vancouver about malicious PDFs.As a consequence of that paper, I received a number of enquiries from other researchers working in th... - Malicious PDFs: A summary of my VB2010 presentation
Last week, I presented at VB2010 a talk that was well received in the room and on the wires. A number of people have requested copies of or links to my presentation and paper (thanks to Helen Martin ... - PDF Scanner: detecting malicious PDFs
Today I wrote a simple program that scans PDF files and detects the malicious ones.
7 malicious PDFs downloaded from malwaredomainlist.com and mdl.paretologic.com
493 good PDFS downloaded from a reput... - Analysis of a set of malicious and-or malformed PDF(s)
Hi,As promised some day ago, I'll increase the number of posts centred on Malicious PDF Analysis, focusing attention on the most common malformations, that could make harder or block common inspection... - Launching malicious content from PDFs
Last week, Didier Stevens (an independent security researcher) wrote a blog about a security hole in PDFs. In it he described how to launch arbitrary files from within a PDF.
Following on from Didier&... - Malicious PDFs utilizing Launch Action Now Seen in the WILD!
We all knew it was coming, so I doubt anyone is going to be shocked to learn that SophosLabs is reporting they have now seen the first instance of a malicious PDF file utilizing the Launch action. Pa... - Malicious Spam on the increase again
Malware distribution via email is far from dead. While we had a distinctly quiet period from October 2010 to March 2011, our stats show the bot herders are gearing up again with the proportion o... - Yahoo! PH Purple Hunt 2.0 Ad Compromised
Earlier the other day, I was browsing through the Yahoo! PH site and the Yahoo! Purple Hunt 2.0 ad caught my attention.Curious as I am, I clicked on the ad and surprisingly my browser downloaded a sus... - Facebook Events, Credits, and Passwords Being Used for Attacks
Facebook has expanded its range of service offerings, making the site so much more than a place where users can interact with one another. It has been said several times that Facebook is bound to repl...
Posted on 12 June 2010. Tags: Cause, Malicious, Ministry, PDFs, trouble
