Singapore Boleh... Trojan connect to SG IP

Recently, there are several newly detected malicious PDF files that exploited Adobe Reader and execute backdoor trojan on victim's system. These trojans allow remote access from cecon.flower-show.org and posere.flower-show.org. Many will think that those hosts were likely to be from China or Russia, the usual suspect.

But both hostname are resolved to 202.150.213.12, which is in Singapore. The IP belongs to "NewMedia Express Pte Ltd, Singapore Web Hosting".



Likely that NewMedia server was compromised to host and re-direct the traffic to the real hacker's address.

More details from F-Secure blog

Web Security Rating

"Web Security Rating" is a website or tools that are hosted by security vendors or team that rate each web domain whether they are safe to access.

Was trying out some of this website and tools to recommend to my colleagues and friends. Notice that even big vendor can give an incorrect rating for publicly known malicious sites.

Did a few tests and decided to show the result of "aboutadding.com". On the Malwareurl website, it shows a list of malwares detected from that domain.

McAfee SiteAdvisor detected "potential security risks ... Use with extreme caution".

While Norton Safe Web given a "SAFE" rating for this site (even though a user feedback that the domain is harmful).

Besides McAfee SiteAdvisor and Norton Safe Web, there are also other common tools such as TrendMicro's TrendProtect and Finjan SecureBrowsing.

Even Google provide warning for potential harmful sites.

This blog is not to comment on which vendor is better. Just want to share some of the available tools on secure web surfing and to advise users not to trust on one result.