Recently, there are several newly detected malicious PDF files that exploited Adobe Reader and execute backdoor trojan on victim's system. These trojans allow remote access from cecon.flower-show.org and posere.flower-show.org. Many will think that those hosts were likely to be from China or Russia, the usual suspect.
But both hostname are resolved to 202.150.213.12, which is in Singapore. The IP belongs to "NewMedia Express Pte Ltd, Singapore Web Hosting".
Likely that NewMedia server was compromised to host and re-direct the traffic to the real hacker's address.
More details from F-Secure blog
But both hostname are resolved to 202.150.213.12, which is in Singapore. The IP belongs to "NewMedia Express Pte Ltd, Singapore Web Hosting".
Likely that NewMedia server was compromised to host and re-direct the traffic to the real hacker's address.
More details from F-Secure blog
1 comment:
Nasty... yet nice!
Post a Comment