Malware Domain List

Malware Related => Malicious Domains => Topic started by: Malware-Web-Threats on June 07, 2009, 09:06:49 am

Title: 92.38.0.41 - Rogue Antivirus and Trojan TDSS (Alureon)
Post by: Malware-Web-Threats on June 07, 2009, 09:06:49 am
Code: [Select]
10gay.com
1207477564.info
1-cancer.com
4-baccarat-gambling-online.com
4-casinos-online-real-online-casino.com
4w8loss.com
8teenboy.net
abdns1.com
acquisto-levitra.com
advisorywebcentercom.com
advnameservers.com
anoze.com
anti-perspirants.com
antispywareprotectiontoolcom.com
aro-auto.com
asvpayout.com
audio-cafe.com
av-solutioncom.com
awconsult.com
babes-fuck-online.com
best-music-sites.com
blogaboutonline.com
blogger-gamer.com
bmw3coupe.com
brain-cash.com
brizcafe.com
burnandfire.com
callmepleasecom.com
casino-on-line-gambling-directory.com
cgcream.com
cheapticketslist.com
cialis-generico.net
cialis-prezzo.com
clear-politics.com
clip-n-save.net
codec-networks.com
comprare-cialis.net
comprare-propecia.com
comprare-viagra.net
cyberwatches.com
deluxeprotector.com
direct-conv.com
drugs-search.info
economybloggerscom.com
exclamation-dollar-dollar-gambling.com
extremedesignuk.com
farmacia-levitra.com
farmacia-viagra.com
getdwnld.com
glamourdomina.com
google-stats.com
helpfulpills.com
herbal-health-store.com
herbaltab.com
jornaloeco.com
kilometrplenkiru.com
lookforfriend.net
lose-control.com
lucidmind.biz
medichobot.com
medicmyths.com
moretraffcom.com
movieaboutblogcom.com
mp3-hunter.com
mp3-now.net
mskphoto.com
musicmoviesnbooks.com
mythahost.com
mywhoisinfo.com
onlinefilms.name
oxdiet.com
pillsintop.com
pillsintop.net
pornneo.com
ppcroitrack.com
propecia-generico.com
puckettphoto.com
rediropencom.com
resistant-domains.com
rulerdomains.net
servicenetworktoolcom.com
sexlool.com
sfdjmljfep.com
shopping-pharma.com
sigurd-media-api.com
siskimoney.com
sitzkeybm.org
softdnss.com
softnewsblogcom.com
ssc-club.com
superdriverblogcom.com
takecarepleasecom.com
test-biz.com
testdomainforapi.com
testdomains.net
thehealthisgoldcom.com
tobeschumachercom.com
toolswebstoragecom.com
trackppcroi.com
viagra-generico.net
villas-cyprus-larnaca.com
vip-meds.info
warenetwork.com
webcontentdistributioncom.com
white-test.com
xclublove.ru
xdosug.net

payloads:

/file.exe
VirusTotal (http://www.virustotal.com/analisis/0c3f935bf9a18c380742de542326542cd92ef2fbb172b9a5a659f928df6bab55-1244170030): Trojan TDSS (Alureon)20/40 (50.00%)
ThreatExpert (http://www.threatexpert.com/report.aspx?md5=ba59dcec25dda490fd0a235a47a06ac1)
Quote
trafficstatic.com/banner/crcmds/main
trafficstatic.net/banner/crcmds/main

/codec.exe
VirusTotal (http://www.virustotal.com/analisis/3f952397ee3a0fab7f828977e96d278be7e60f43de6f495c1fb7e7579cfcf616-1244170022): Trojan 33/40 (82.50%)

/pcdef.exe
VirusTotal (http://www.virustotal.com/analisis/b579633e1705f3fedcbf74dd09ae3981ce70069043ea49eb508678f5f40db070-1244170039): Rogue Fake AV 14/40 (35.00%)

/codec/197.exe (codec2.exe)
VirusTotal (http://www.virustotal.com/analisis/afa98707ece05cc2e0645e0d1fc2b9be3f4c14c1dcc33b0094a3b0fc053eabb9-1244170010): Rogue Fake AV 24/40 (60.00%)

control panel:
Code: [Select]
brain-cash.com
Title: Re: 92.38.0.41 - Rogue Antivirus and Trojan TDSS (Alureon)
Post by: pnuemo on June 07, 2009, 05:30:37 pm
very nice
Title: Re: 92.38.0.41 - Rogue Antivirus and Trojan TDSS (Alureon)
Post by: Malware-Web-Threats on June 11, 2009, 08:11:37 am
Code: [Select]
hxxp://ruler-domains.net/file.exe
hxxp://ruler-domains.net/codec.exe
hxxp://ruler-domains.net/pcdef.exe
hxxp://ruler-domains.net/codec/197.exe