http://www.puzzlekings.com/

when I go there my anti-virus, flags a downloader.trojan in my browser's temp files.

Nothing happened on my end. I'm using Firefox and my first attempt was with Java off. Second attempt with Java on still produced nothing. Maybe it's IE specific?

You can do a whois search to find the owner (which by the way is in the UK)

tried with Opera, and norton av, as well had a friend try it with IE and mcafee and yet another try with firefox and Kap.

all with same results, a trojan downloader embedded in temp files, easily remedied by clearing browser cache, but still annoying.

thanx for checking it out.

http://www.ratite.com/whois/

Type in the domain name and see for yourself the owner.

I've advised the good folks at the Internet Storm Center. I did notice a suspicious line in the html source, so we'll see what ISC says about the site. My cache is emptied each time I exit which could be why I didn't find anything.

I've advised the good folks at the Internet Storm Center. I did notice a suspicious line in the html source, so we'll see what ISC says about the site. My cache is emptied each time I exit which could be why I didn't find anything.


Surprisingly the site owner's name can be googled easily, and there're interviews conducted with him.

I notice the iframe source too, pointing to that suspicious website.

Looks like attempts to use javascript to redirect browser to download some binary, and attempts to modify registry?

Response from ISC (Internet Storm Center)

The reports on the forum are correct. The Puzzlekings website contains an
iframe that retrieves a piece of JavaScript from a remote server. The
JavaScript attempts to use Microsoft's Adodb.Stream object to retrieve an
executable from the remote server, save it locally to the temp directory,
and execute it. In my experiments, only this particular exploitation
mechanism was visible, so only IE users should be affected.

The file exe it tried to download is recognized as malicious software by
about half of AV vendors: Win32/Spy.Small.EE, PSW.Generic.YRD,
Trojan.Spy.Win32.Smallm Downloader-ASQ.

I doubt Pizzlekings knows about the iframe. They were probably hacked--I'll
try notifying the admin.

good to know that other game developers look out for 1 another.

I was just surfing for some new games to try and ran into that site, which looked legit, etc but my av was going crazy.

I wanted to contact the owner as well, but was not sure if any email address was valid as there was an active piece of malicious script running on their site.

I hope this script was not intentional in any way, and the result of a pure mistake.