Malware Domain List
Malware Related => Malicious Domains => BIGNESS - AS49093 => Topic started by: Malware-Web-Threats on September 05, 2009, 02:39:48 pm
-
IP for exploits
work with
/s/in.cgi?3&ab_iframe=0&ab_badtraffic=0&ab_trash=1&antibot_hash=bot
bfivuzop.cn
cazkafuq.cn
cqodezuz.cn
dhoqoyal.cn
jagbibiv.cn
kgapofef.cn
khumemit.cn
nfovidab.cn
qtorifik.cn
qmesanic.cn
rjilegiv.cn
sjimilah.cn
ssesodoq.cn
vkodewol.cn
wjaxoxeh.cn
zekxowiv.cn
zyejanag.cn
Trojan Tedroo (Spammer)
bzefowum.cn/de/
bzefowum.cn/de/evenLooksBelief.pdf
bzefowum.cn/de/oldEven.swf
bzefowum.cn/de/update.php
bzefowum.cn/de/update.exe
bzefowum.cn/de/admin.php (liberty control panel)
Wepawet (http://wepawet.iseclab.org/view.php?hash=ffdae836bfe5a7a9a9a7c809c1a788cb&t=1252129830&type=js)
ThreatExpert (http://www.threatexpert.com/report.aspx?md5=5ebac641128fc568bb4e448597e77b7c)
VirusTotal: 10/41 (24.39%) (http://www.virustotal.com/analisis/72e90625b0298da7b0113bb152344da30f5b9dfbd76655311fc0f1730477c09f-1252050340)
-
This network is really interesting and we should keep an eye on it.
We have seen exploit kits like Fragus, Liberty and LuckySploit at this net in the last weeks.
http://www.malwaredomainlist.com/mdl.php?inactive=on&sort=Date&search=49093&colsearch=ASN&ascordesc=DESC&quantity=All&page=0
The registrant Steven Lucas and the fact, that this company is located in St.Petersburg,
makes it even more interesting.
Let's open a dedicated board for urls from this AS.
-
maybe add a new child board for it?
-
there are many domains on the IP range with a default blog page(wordpress) in russian
-
follow up these
http://support.clean-mx.de/clean-mx/viruses.php?as=AS49093&response=alive