Malware Domain List

Malware Related => Malicious Domains => Topic started by: carmen on April 10, 2009, 01:12:52 am

Title: Drive-by-Update
Post by: carmen on April 10, 2009, 01:12:52 am

Blog MiPistus in speaking of an infection technique called "Drive-by-Update".

http://mipistus.blogspot.com/2009/02/drive-by-update-para-propagacion-de.html
http://mipistus.blogspot.com/2009/04/drive-by-download-y-drive-by-update.html

Does anyone know anything about this?

Thanks!

Title: Re: Drive-by-Update
Post by: sowhat-x on April 10, 2009, 01:20:24 am

http://www.malwaredomainlist.com/mdl.php?search=ddvrrflabpqcuoaexpwp&colsearch=All&quantity=50
http://www.malwaredomainlist.com/mdl.php?search=pxciiruurw&colsearch=All&quantity=50

Even more drive-by-sploits from the same registrant...
http://www.malwaredomainlist.com/mdl.php?search=michaeltycoon&colsearch=All&quantity=50

Title: Re: Drive-by-Update
Post by: sowhat-x on April 10, 2009, 01:31:17 am

In the first blog entry that you pointed to (dated back from early February),
most of the direct links mentioned there appear to be dead currently....
Yet,I was able to grab few stuff from the ThreatExpert report that he kindly provided...namely:

Quote

hxxp://m.wuc8.com/tt.txt
hxxp://a.wuc9.com/dd/1.exe
hxxp://a.wuc9.com/dd/4.exe
hxxp://a.wuc9.com/dd/6.exe
hxxp://a.wuc9.com/dd/9.exe
hxxp://a.wuc9.com/dd/10.exe

Title: Re: Drive-by-Update
Post by: carmen on April 10, 2009, 03:24:01 pm

Thank you very much for the information  :D, however, no end to understand how this infection technique (Drive-by-Update), and with no more information than is found in MiPistus Blog.

Any comments?

Thanks again  :)

Title: Re: Drive-by-Update
Post by: sowhat-x on April 10, 2009, 03:34:46 pm

Way far better than what I could describe it by myself in english language...  :)
http://en.wikipedia.org/wiki/Drive-by_download
Most usually it takes place via unpatched browser exploits though...