Quote:
Originally Posted by f.montoya
Four sites that I host were hit this past week, including vMLB. We use the CMS Mambo along with phpbb2 or phpbb3, depending on how long the league has been around. Actually, on a few of the upgraded sites, the malicious code actually failed in it's purpose. That is to say, instead of the cross site scripting sending you to a different site to download a file, Mambo and phpbb actually quit and displayed an error. But a few other sites were running older versions of Mambo and phpbb. These sites would actually do what the script wanted and a pdf file would open after a few seconds and a browser redirect.
The location of the pdf file was at fany008.net(this is the domain and I don't want to post the whole url to the pdf file here) which I later tracked to a Mr John Mohov. While I don't think this guy would actually be attacking sites himself, he is listed as the owner of fany008.net and has a responsibility to remove the infected pdf file from his server and take appropriate preventative security action.
I am listing what is already publicly available on Mr. Mohov here:
john mohov
Email: bryanlink AT live.com (I will do him the courtesy of protecting his emal address from bots)
Organization: mohov ltd
Address: 2198 Bernard rd
City: New Vienna
State: oh
ZIP: 45159
Country: US
Phone: +7.4955123458
Fax:
|
The street address is to a farm. Here's a picture.
2198 Bernard rd New vienna OH - Google Maps
The country code on the phone number listed is 7, which is Russia, and area code is 495, which is Moscow, Russia.
Mohov is a Russian name.
A person in the state of Ohio would probably use a LLC to protect assets, not a limited partnership.