Just posted this to Safe Web and (as always) figured it might be of interest here.  Received the Website e-alianse.ru from a compromised e-mail.  I thought this might be random spam, but, upon further examination, it centered from a fellow professional on the listserv that I belong to - - her account was compromised.  Unfortunate.  Given the context, unless you are a security professional, I would avoid this domain at all costs.  Beware, WOT has no intelligence on this; if you trust zone-h.org, apparently someone there reported that this “e-alianse” has been compromised.  This is a classic case for my theory of universally accepted limited definitions which I have explained some time back.  Basically, .ru (Russian Federation) and here we have a case where not only Safe Web and WOT are in the proverbial dark, but, Site Advisor (McAfee) as well!  Therefore, my “rule of thumb” (if you will) if a domain resides outside the US I am hesitant to visit it.  I may make exceptions for Canada and Australia AND some absolutely trusted Japanese sites, however.  I just do not have overwhelming confidence in the ability of these security programmes to have the intelligence outreach to safeguard my system if I visited an address outside the aforementioned and ran into trouble.  It may be balderdash and yet it is a policy that I have followed and have had some good success with it. 

Anyway, there was also a link provided in the e-mail that I imagine will lead to a virus: hxxp://e-alianse.ru/nol/tff/isog/dkz.htm.  (Please note:- I replaced the http with hxxp so that someone doesn’t accidentally click a bum link, however, when a security professional tests this, it is understood to substitute the xx with tt.  Everyone probably knows this, I am just making certain).  Beware, No Virus Thanks (NVT moving forward) could not scan this link, (and yes, I did replace the double x) in my experience, that could mean a variety of things.  Times where a link would not scan (when I braved the waters) a page could not be found or the link was a “setup” to point you to another address.  In my last testing (not related to e-alianse) there was a link that would not scan with NVT, and, when I tested it on my own, it added to the site (in the address bar) I thought I was going to.  No wonder NVT said something to the effect of, “bad response code” etc it is an entirely different site!  Luckily, I was still safe, but, you may not be so blessed and in general, if you put a link into NVT and it does not start scanning immediately and gives you something like, “Error: Could not Fetch the Requested Address: Bad Response Code” - - watch out! 

Anyhow, do you see how the link from “e-alianse” ends in .htm?  Just another one of my “rules”, but that could spell stormy seas ahead and I will explain.  For example, if I am searching Google images say, a veritable breeding ground for viruses - - I want the image to end in jpeg.  If an image ends in .htm, .html, there could be coding of some sort and I especially do not want any part of that. 

In conclusion, hopefully Norton Symantec and the others will get up-to-speed with this “e-alianse” and some of what I presented will be able to keep you and your family safer online. 

Take care,

H.B.