Malware Domain List

Malware Related => Malicious Domains => Topic started by: SysAdMini on March 04, 2010, 07:08:56 pm

Title: google-analitics[dot]net directs to Phoenix exploit kit
Post by: SysAdMini on March 04, 2010, 07:08:56 pm
ISC SANS reported this story today.

http://isc.sans.org/diary.html?storyid=8350

There is a number of ad servers which contain an iframe to
Code: [Select]
google-analitics.net/ga.js?counter=SOME_NUMBERS
google-analitics[dot]net directs to a Phoenix exploit kit.
Code: [Select]
http://www.malwaredomainlist.com/mdl.php?search=zxfr.salefale.com&colsearch=All&quantity=50&inactive=on
A second instance of the exploit kit can be found there:
Code: [Select]
http://www.malwaredomainlist.com/mdl.php?search=test2.salefale.com&colsearch=All&quantity=50&inactive=on
Payload of Phoenix kit is Zeus.
http://www.virustotal.com/analisis/4716986830084d9e150c235a99c87e03f482d34d28d9eeb006671232299de683-1267721100
http://camas.comodo.com/cgi-bin/submit?file=4716986830084d9e150c235a99c87e03f482d34d28d9eeb006671232299de683

ad urls directing to google-analitics[dot]net.
Code: [Select]
adserver.mmoga.de/www/delivery/ajs.php
www.mail-merge-toolkit.de/open/www/delivery/ajs.php
bigbucks.uniturm.de/www/delivery/ajs.php
adultadrevenue.com/www/delivery/ajs.php
adserve.gossipcenter.com/www/delivery/ajs.php
adserver.yopi.de/www/delivery/ajs.php
adserver.onemediagroup.de/www/delivery/ajs.php