Author Topic: cashsurfing.biz (Read 4683 times)

cconniejean · November 19, 2008, 08:35:36 am

hxxp://cashsurfing.biz/index.php?username=farznik
AntiVir alert for recognition pattern of the HTML/Crypted.Gen HTML script virus.

0x0 iframes on bottom of page:

Code: [Select]

Malicious 0x0 iframes:
1. 'hxxp://yahoo-analytics.net/count.php?o=2'
The yahoo one now redirects to:'hxxp://chtest.gooanal(dot)net/?o=2'

2. 'hxxp://pinoc.org/count.php?o=2'
Redirects to: 'hxxp://www.com.org/?not_found=pinoc.org'

3. 'hxxp://google-analyze.org/count.php?o=2'
Redirects to: 'hxxp://chtest.gooanal.net/?o=2

sowhat-x · November 19, 2008, 08:39:36 am

Thanks cconniejean

For the record,there was a "gooanal" domain spreading pdf exploits couple days ago as well...

Quote

hxxp://2.gooanal.net/sis/getfile.php?f=pdf

sowhat-x · November 19, 2008, 11:46:05 am

And another "gooanal" pdf sample...

Quote

hxxp://rent1.gooanal.net/frd/getfile.php?f=vispdf

Result: 6/36 (16.67%)
http://www.virustotal.com/analisis/74ff44a02678d6da8f079cdefcd4c395

cconniejean · November 19, 2008, 12:30:31 pm

Thank you. When CashSurfing was first reported on our forum a contact was sent to the site owner. The contact page also has this on it too. Thanks again for the assistance.

Author Topic: cashsurfing.biz (Read 4683 times)

cconniejean

cashsurfing.biz

sowhat-x

Re: cashsurfing.biz

sowhat-x

Re: cashsurfing.biz

cconniejean

Re: cashsurfing.biz