[Faccus] heathbrothers.com infected with malware

Jason Testart jatestart at uwaterloo.ca
Wed Jan 19 12:50:06 EST 2011

There has been much buzz recently about OHD's February speaker, Dan Heath.  Staff are reading the info on the OHD site and may be tempted to follow the link and visit his site.
We are receiving reports, and we have confirmed, that Dan Heath's website, heathbrothers.com, is infected with Windows malware (fake anti-virus).

When visiting the site, a pop-up window appears, with the message "Warning! Your computer is at risk of malware attacks!" with a recommendation to click OK to begin a scan.  The window is configured so that no matter what you click, the fake anti-virus software will download (from the site "www1 <dot> personalcleansoft <dot> in") and run.  Symantec A/V unfortunately does not detect this threat.  Macintosh users do not appear to be affected by this threat.

OHD has changed the link(s) in their page(s) to point somewhere safer and are notifying Dan Heath about the infection of his site.  If you believe you may be infected with malware from this site, please contact your computing support provider.



Jason Testart
University Information Security Officer
+1-519-888-4567, ext. 38393


-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.uwaterloo.ca/pipermail/faccus/attachments/20110119/6fdb9b9d/attachment.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.gif
Type: image/gif
Size: 1881 bytes
Desc: image001.gif
Url : http://lists.uwaterloo.ca/pipermail/faccus/attachments/20110119/6fdb9b9d/attachment.gif 

More information about the Faccus mailing list