Lamiabiocasa

Published: 2012-11-02
Last Updated: 2012-11-02 20:11:51 UTC
by Daniel Wesemann (Version: 1)
1 comment(s)

Earlier today, ISC reader Travis noticed that his proxy server was blocking some images from BusinessWeek Business Exchange (bx.businessweek.com). On closer inspection of the blocked content, he found that some files indeed had peculiar contents:

 
A company from Italy that sells log cabins probably cannot afford to advertise for their services on Businessweek...
 
The "lamiabiocasa" site is currently not returning any malware (at least not when we tried to investigate). A Google search for the same URL reveals though that plenty other sites are similarly affected, so this IFRAME is obviously part of an injection attack that must have been going on for a while.
 
On Businessweek, it is their 404 Error page that currently seems to be affected. It returns an "Under Construction" message that includes the nasty iframe.  According to passive DNS, there are currently more than 10'000 DNS domain names pointing to the one IP address that is also used by Lamiabiocasa (195.110.124.133). Chances are this ain't good...
 
 
Keywords: iframe malware
1 comment(s)

Comments

Also hosts opus.register.it which has pretty bad rankings/comments on WOT: https://www.mywot.com/en/scorecard/opus.register.it

Diary Archives