mobydickrock.ru

Discussion in 'malware problems & news' started by rickadkins, Nov 8, 2009.

Thread Status:
Not open for further replies.
  1. rickadkins

    rickadkins Registered Member

    Joined:
    Oct 26, 2009
    Posts:
    14
    Location:
    Omaha, NE
    I'm new here, so not sure where to post this. Has anyone heard of mobydickrock.ru? A warning about this keeps popping up on a Buddhist website I chat in.

    Thanks.
     
  2. innerpeace

    innerpeace Registered Member

    Joined:
    Jan 15, 2007
    Posts:
    2,095
    Location:
    Mountaineer Country
    Hi rickadkins and welcome to Wilders. Where is the pop-up coming from? Is it your anti-virus, anti-spyware browser or something else?

    Also, mobydickrock.ru appears to be a bad site. http://google.com/safebrowsing/diagnostic?site=mobydickrock.ru/ and http://www.siteadvisor.com/sites/mobydickrock.ru and http://www.mywot.com/en/scorecard/mobydickrock.ru

    Perhaps the buddhist site has some bad code pointing to the above exploit site. You might contact the owner and let them check it out. It might also be a good idea to scan your computer with quality, updated scanners just to be sure your not infected. What type of security protection are you running and is it up to date?

    Also, after you make sure your computer is clean you may want to make sure all of your important programs are up to date and not vulnerable to exploits. See the link in my signature and run the online scan and fix/update anything it mentions.
     
    Last edited: Nov 8, 2009
  3. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    Last month a mobydickrock.ru file was flagged as suspicious by Wepawet analysis due to the presence of a PDF exploit in the page code. It has since been removed and the site looks clean at the moment.

    The reason for "suspicious" is that the code delivered a PDF file that was corrupt:

    mobydick.gif

    The exploit required both Javascript and Adobe Plugin to be enabled in the browser.

    regards,

    -rich
     
  4. rickadkins

    rickadkins Registered Member

    Joined:
    Oct 26, 2009
    Posts:
    14
    Location:
    Omaha, NE
    Thanks so much! The pop-up comes after I send a message on the buddhist site. It's a full-page that warns about mobydickrock.ru being dangerous, and that the website may be infected. It made me nervous, as I've been a member of the site since its inception.

    My current security setup is Avira AntiVir Personal, Malwarebytes, IoBit 360 Pro, and Comodo firewall. I believe everything is current, but I will run a scan just to be safe.

    Thanks again, I really appreciate the advice.

    Rick
     
  5. innerpeace

    innerpeace Registered Member

    Joined:
    Jan 15, 2007
    Posts:
    2,095
    Location:
    Mountaineer Country
    rickadkins, It's probably your browser warning you. You also seem to have plenty of protection. Are all the security apps you mentioned running with real-time protection or are some of them on-demand (scan only)? The reason I ask is that it's usually not a good idea to run 2 of the same kinds of protection such as 2 anti-virus programs.
     
  6. rickadkins

    rickadkins Registered Member

    Joined:
    Oct 26, 2009
    Posts:
    14
    Location:
    Omaha, NE
    Hi Innerpeace,

    Avira and Comodo are running real-time and IoBit 360 and MBAM are on-demand. I only have the Comodo firewall, not the AV.

    I ran the scan per your suggestion and found several programs that needed updating. Thanks!

    Rick
     
  7. innerpeace

    innerpeace Registered Member

    Joined:
    Jan 15, 2007
    Posts:
    2,095
    Location:
    Mountaineer Country
    Your welcome and I'm glad you've gotten up to date. It's good to check at least once a month to make sure all the goodies on your computer are safe.

    Were you running the HIPS part of Comodo (Defense +) with it's firewall? If so, if you would happen to stumble upon an exploit, Comodo should warn of something new executing and give you the chance to block it.
     
Thread Status:
Not open for further replies.