Tuesday, February 17, 2009

Tony Blair has NOT died today

It seems like the Armenian Branch of Nathan Associates Inc (per a whois lookup of the IP address) is hosting a webpage claiming that former UK Prime Minister Tony Blair has died. As far a we know, Tony Blair is well as of February 17, 2009. This page uses the same template as the BBC News website. As soon as the page is loaded, the user is prompted to upgrade to the latest "Adobe Flash Version in order to watch the video" of the car crash that allegedly took the life of Tony Blair.


Pop up to get user to download latest flash version
Pic.1: Upgrade your Flash Version


Consenting to the flash update downloads: http://91.103.XXX.XXX/BBC_News_UK/2/hi/uk_news/bbc_movies/get_flash_update.exe


Trojan download screen
Pic.1: Trojan download


ClamAV detects this file as Trojan.Agent-21076. The Trojan changes the start page of Internet Explorer to the adult website adultmeeter.com and updates the Windows host file to contain entries for URL-to-IP mapping. This mapping effectively prevents users from accessing the websites for the banks Addey and Caja Madrid by typing abbey.com or cajamadrid.es in their web browers. The entries in the host file will redirect users to phishing websites.

2 comments:

  1. Thank you for this information. I have used it at my website, which receives thousands of visitors checking regularly on Mr Blair's whereabouts.

    I hope this information gets to them before that site does. Most British people wouldn't think twice about clicking this BBC-like template.

    Keep up the good work. Please keep me informed of any developments. Hopefully the site will soon be removed.

    http://keeptonyblairforpm.wordpress.com/2009/02/18/tony-blair-has-not-been-killed-today-this-is-a-hoax-a-virus-threat/

    ReplyDelete
  2. Thank you. We will keep an eye out for similar items.

    ReplyDelete

Post a Comment