[Scgeeks] Re: Query: watch.ru

Farelf user at domain.invalid
Sun Aug 24 09:37:43 EDT 2008 

rooster wrote:
> watch.ru
> 
> McAFee's overview indicates watch.ru is relatively benign, albeit; 
> ”Reliable sources indicate that this site may be a legitimate business 
> under attack by spammers.”
> 
> The html on the site presents enticements to d/l “macromedia flash 
> player“ (“fp...macromedia.com/go/getflashplayer", as well as to click on 
> “iframe” <.../cgi-bin/lasttopic.cgi>.
> 
> As a general rule, both of these kinds of objects present potential 
> malware threats.  Checks on embedded links on watch.ru to other sites 
> (e.g., liveinternet.ru, alltime.ru) didn't yield anything especially 
> damning. I suspect there might be click fraud or malware involved since 
> watch.ru has a history of vulnerability and the recent incidence of spam 
> linking to watch.ru correlates with other click fraud, phishing and 
> malware attempts I'm seeing.
> Are any of y'all set up to drill down any further to see if this is just 
> an intermittently spammy site that resembles a dangerous site or if it's 
> actually currently dangerous?
> 
> IMWTK

G'day Rod.

I think you would need to nominate the actual pages you suspect (just 
munge them slightly so they're not 'clickable' by the 
innocent/unprepared.  Or you could check them yourself with LinkScanner 
Online - http://linkscanner.explabs.com/linkscanner/default.asp
A positive is a positive with that but a negative is indeterminate (so 
don't accept the offer to go to the page just because you get 
"Congratulations! LinkScanner Online did not find any exploits.")

Well, watch.ru seems to be a spammer (flogging moody timepieces, as it 
happens) - see forum topic 
http://forum.spamcop.net/forums/index.php?showtopic=9690  It would be 
generally unusual for a 'commercial' spammer to spoil business by trying 
to hijack visitors' PCs but maybe they've just been hacked.  There was 
an awful lot of that going around in the last few weeks leading up to 
the CNN Top 10 and other illicit attempts to subject PC ownership to the 
rigours of 'survival of the fittest'.

Imagine - hacking a spammer!  "Little fleas have smaller fleas," etc. 
Still, the Russians evidently see spamming in a 'different' light, just 
another kind of advertising to them.

More information about the SCgeeks mailing list