Created attachment 470123 [details] kovodstvo.htm for 2010 08 16 http://safeweb.norton.com/report/show?name=gtof.info mentions that drive-by downloads and possible attacks on users have been observed at http://gtof.info/kovodstvo.htm searching the crash database I see a number of domains and url paths serving files by the name kovodstvo.htm that result in firefox/flash/other plugin crashes this needs more research to figure out if this is a general kind of attack and if the contents of some or all of these kovodstvo.htm files are legitimate, but if they are not, we might consider wholesale safe browsing blocking as a defense. I'll attach a file with a sample of crash count, signature, firefox version, flash version and domain://kovodstvo.htm where the files are being served. we could also set automation to pound extra **** this set of url looking for reproducible crashes and evidence of exploit code being served.
_SEH_prolog was the signature?
(In reply to Wayne Mery (:wsmwk) from comment #1) > _SEH_prolog was the signature? guessing yes. but http://gtof.info is no longer around so this research reminder bug is probably not very useful.