Select Page

It seems someone compromised the ministryofrum(dot)com recently, replacing an understanding and appreciation of rum with malicious PDF files instead.

the ministry

The site is fixed now, but compare the clean site results here with the results served up while the page wasn’t looking too healthy.

The PDFs were coming from korvet(dot)in, and you can see some of the VirusTotal results here (6/40) and here (24/41). Those are Alureon and Sasfis variants, typically linked to scareware installs, banking trojans and keyloggers – not really what you want ending up on your computer. It seems that the files loaded up are a little bit random, so detection rates could go up or down depending on what happens to be served at the time (and I’m certainly not talking about rum).

Thanks to Todd Towles for the heads up!

Christopher Boyd