Author Topic: Few unsorted - Part 2  (Read 32748 times)

0 Members and 1 Guest are viewing this topic.

May 06, 2008, 09:54:45 am
Reply #15

sowhat-x

  • Guest

May 06, 2008, 02:34:04 pm
Reply #16

sowhat-x

  • Guest
Quote
many of them are password stuff...
Heh,yeah...i know this might sound like i had been living in cages or so...  ;D
But well,you see,I don't play games at all...all these months,
I wasn't really aware of what kind of stuff/info they steal exactly...
I was under the impression that it was more or less stupid teenager skiddie hacks:
eg.raising the high score via dll injection,
flooding other players with specific packets or something like that...

...but they explained me in more detail over at the irc,he-he...and well,
I was quite a bit surprized to learn that there are people out there,
that actually buy and sell the 'stealed' data for...real-world money (!) :o

May 08, 2008, 11:54:49 am
Reply #17

sowhat-x

  • Guest
Zlob spammers again..."sex18tube2008.com" as usual:
Quote
hxxp://vmcodec.com/download/502/1027/3/
hxxp://vmcodec.com/soft/zreshkubupo/502883e8813/MediaTubeCodec_ver1.1027.3.exe
VirusTotal Results at the moment: 10/31 (32.26%)

May 08, 2008, 06:25:56 pm
Reply #18

sowhat-x

  • Guest
...just stumbled upon this:it's the usual Zlob spammers...
41.94% detection rate at VirusTotal currently - somewhat better compared to the previous sample...
Quote
hxxp://porntl0.nov.ru/
hxxp://best-porncollection.com/exclusive4/id/3913290/1/black/white/Free+porn+site+xxx.+Free+porn+movie/
hxxp://onlinevideosoftex.com/exe2/3913290.exe

May 09, 2008, 09:06:05 pm
Reply #19

sowhat-x

  • Guest
Zlob once again...domain already listed above...VirusTotal results: 8/31 (25.81%)
Seems that they like to 'update' it quite a few times per day lately...
Quote
hxxp://vm-codec.com/soft/zreguomgrrf/502d240e3d5/MediaTubeCodec_ver1.958.5.exe

May 10, 2008, 05:09:03 am
Reply #20

sowhat-x

  • Guest
Newer day,newer Zlob variant spammed in forums around the net...
Quote
hxxp://www.avitool.com/download.php?id=619 -> Spawns setup.exe / latest zlob...
VirusTotal detection rate at 6/31 (19.36%) currently - MD5: 20849eb7ebd7b30affe64a303870c9ec

And the infection sites that lead do it as well...
because from what I saw,avitool.com already exists in the main list:
Quote
hxxp://www.tubeuniverse.com/mature/index.php?id=619&style=white
hxxp://www.tubecollections.com/m4/index.php?id=619&n=mature

Quote
hxxp://avp.zttwp.cn/1111.exe
MD5: f293f26776b4fc9571383123342ce628

Quote
hxxp://bh.jebooo.com/w3.exe
MD5: 9BFBF90E1F53C34E0BEF42166FAE1B39

Zlob spam continued...
Quote
hxxp://lllblog.info/gratis-porno/
hxxp://best-porncollection.com/exclusive/id/3913098/1/white/black/Sexo+Gratis/
hxxp://onlinevideosoftex.com/exe2/3913098.exe

Quote
hxxp://u.uu500.com/a8da234k8asdf.exe
hxxp://wg.92wg.com/wg1234/qqysrw_92wg.com.exe
hxxp://www.265netcn.cn/down/4030.exe
hxxp://268ip.com/down.exe
hxxp://268ip.com/down1.exe
hxxp://268ip.com/down2.exe
hxxp://268ip.com/down3.exe
hxxp://ad.laoqn.com/ad.exe
hxxp://ddos.9cdn.com/e/soft/fab61e8ed0036432.exe
hxxp://google.netcdn.com/cao/cao.exe

Oh shit...KillDisk / MBRKiller:
Quote
hxxp://hotbb.cn/kdh.rar

Few more random ones...
Quote
hxxp://update2.borlander.cn/cup/wincup.cab
hxxp://vip.sinbadcn.com/update.exe
hxxp://www.netooo.com/down/server.exe
hxxp://www.nmuift.cn/11/mh.exe
hxxp://www.nmuift.cn/11/wow.exe
hxxp://www.saynsay.com/soft/LoadSHLauncher_1001.exe
hxxp://www.saynsay.com/soft/SHLaunch_1010.cab

May 11, 2008, 08:49:54 pm
Reply #21

JohnC

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1964

May 13, 2008, 05:54:40 am
Reply #22

sowhat-x

  • Guest
Quote
hxxp://dll0.2288.org/0508/test.txt
hxxp://dll0.2288.org/down/me.exe
hxxp://218.61.201.80/qwer.exe
hxxp://218.61.201.80/zxcv.exe
hxxp://218.61.201.80/asdf.exe
hxxp://www.1a123.com/jj/ff.exe
hxxp://www.1a123.com/hp/zz.exe
hxxp://www.1a123.com/jj/cc.exe

May 29, 2008, 07:51:42 am
Reply #23

sowhat-x

  • Guest
Quote
Is it time for more?
I've spent most of my spare time during these latest days,
in gathering/submitting skiddie tools and similar over at UploadMalware...
Hopefully I'll have more time available in order to also hunt for domains...  ::)
These few ones were posted over at Unpack.cn board...
most of them are from a downloader list:
Quote
hxxp://www.dwoc.net.cn/uc.txt
Quote
hxxp://a.987255.com/lmmh.exe
hxxp://b.987255.com//00014.exe
hxxp://b.987255.com/00008.exe
hxxp://b.987255.com/00010.exe
hxxp://b.987255.com/00011.exe
hxxp://b.987255.com/00012.exe
hxxp://b.987255.com/00013.exe
hxxp://b.987255.com/00016.exe
hxxp://b.987255.com/00035.exe
hxxp://b.987255.com/00036.exe
hxxp://b.987255.com/qq.exe
hxxp://www.163work.net.cn/down/b11.exe
hxxp://www.163work.net.cn/down/c19.exe
hxxp://www.163work.net.cn/down/g16.exe
hxxp://www.163work.net.cn/down/j17.exe
hxxp://www.163work.net.cn/down/l18.exe
hxxp://www.163work.net.cn/down/m13.exe
hxxp://www.163work.net.cn/down/n14.exe
hxxp://www.163work.net.cn/down/o15.exe
hxxp://www.163work.net.cn/down/t20.exe
hxxp://www.163work.net.cn/down/z12.exe
hxxp://www.srjkc.cn/down/b25.exe
hxxp://www.srjkc.cn/down/b31.exe
hxxp://www.srjkc.cn/down/c32.exe
hxxp://www.srjkc.cn/down/e26.exe
hxxp://www.srjkc.cn/down/f34.exe
hxxp://www.srjkc.cn/down/h30.exe
hxxp://www.srjkc.cn/down/m23.exe
hxxp://www.srjkc.cn/down/m28.exe
hxxp://www.srjkc.cn/down/o24.exe
hxxp://www.srjkc.cn/down/p21.exe
hxxp://www.srjkc.cn/down/u29.exe
hxxp://www.srjkc.cn/down/u33.exe
hxxp://www.srjkc.cn/down/v27.exe
hxxp://www.srjkc.cn/down/x22.exe
hxxp://www.ssreaader.cn/down/a3.exe
hxxp://www.ssreaader.cn/down/e1.exe
hxxp://www.ssreaader.cn/down/i8.exe
hxxp://www.ssreaader.cn/down/j4.exe
hxxp://www.ssreaader.cn/down/l10.exe
hxxp://www.ssreaader.cn/down/m6.exe
hxxp://www.ssreaader.cn/down/r2.exe
hxxp://www.ssreaader.cn/down/r7.exe
hxxp://www.ssreaader.cn/down/x9.exe
hxxp://www.ssreaader.cn/down/y5.exe
hxxp://x.987255.com/00017.exe
hxxp://x.987255.com/00019.exe
hxxp://x.987255.com/00020.exe
hxxp://www.carordriver.com/071225/xia.exe
hxxp://www.servl.com.ar/lolipop.exe
hxxp://user1.12-23.net/bak.css
hxxp://arpcnn.cn/s.exe
hxxp://arpcnn.cn/bd.cab
hxxp://70data.cn/page/addr.js
hxxp://cnalimm.cn/news.html

============================

And something quite interesting here...
Downloader.Swif.C per Symantec,EXP/Flash.Gen per AntiVir:
Quote
hxxp://user1.kugogo.net/flash2.swf
hxxp://user1.kugogo.net/flash1.swf
Current results at VirusTotal: 3/32 (9.38%)

May 29, 2008, 06:59:56 pm
Reply #24

JohnC

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1964

May 30, 2008, 04:13:28 am
Reply #25

sowhat-x

  • Guest
Heh,here's another smart-ass guy...
in a lame 'phishing' attempt of imitating Google's webpage:
Quote
hxxp://ultrasat.110mb.com
It spawns a Bifrost variant...
Quote
hxxp://ultrasat.110mb.com/exploit.exe

...from a downloader's list...
Quote
hxxp://www.dtdtdk.net/dk.txt
Quote
hxxp://softa.softkills.net/softd.exe
hxxp://softa.softkills.net/soft0.exe
hxxp://softa.softkills.net/soft1.exe
hxxp://softa.softkills.net/soft2.exe
hxxp://softa.softkills.net/soft3.exe
hxxp://softa.softkills.net/soft4.exe
hxxp://softa.softkills.net/soft5.exe
hxxp://softa.softkills.net/soft6.exe
hxxp://softa.softkills.net/soft7.exe
hxxp://softb.softkills.net/soft8.exe
hxxp://softb.softkills.net/soft9.exe
hxxp://softb.softkills.net/soft10.exe
hxxp://softb.softkills.net/soft11.exe
hxxp://softb.softkills.net/soft12.exe
hxxp://softb.softkills.net/soft13.exe
hxxp://softb.softkills.net/soft14.exe
hxxp://softc.softkills.net/soft15.exe
hxxp://softc.softkills.net/soft16.exe
hxxp://softc.softkills.net/soft17.exe
hxxp://softc.softkills.net/soft18.exe
hxxp://softc.softkills.net/soft19.exe
hxxp://softc.softkills.net/soft20.exe
hxxp://softc.softkills.net/soft21.exe
hxxp://softc.softkills.net/soft22.exe
hxxp://softc.softkills.net/soft23.exe
hxxp://softc.softkills.net/soft24.exe
hxxp://softd.softkills.net/soft25.exe
hxxp://softd.softkills.net/soft26.exe
hxxp://softd.softkills.net/soft27.exe
hxxp://softd.softkills.net/soft28.exe
hxxp://softd.softkills.net/soft29.exe
hxxp://softd.softkills.net/soft30.exe
hxxp://softd.softkills.net/soft31.exe
hxxp://softd.softkills.net/soft32.exe
hxxp://softd.softkills.net/soft33.exe
hxxp://softd.softkills.net/soft34.exe
hxxp://softd.softkills.net/soft35.exe
hxxp://softd.softkills.net/soft36.exe

Quote
hxxp://umka.lapudrel.com/download?n=core&u=0x00cd1a40&a=0x00000204&v=0x00000006&t=20080107151500
hxxp://conceptinvestin2.com/ldr/?&v=4.Build&s=24367
hxxp://jimm.007ihost.com/gate/gate.php
hxxp://rusarticles.net/flash/1.exe

May 30, 2008, 11:21:52 am
Reply #26

sowhat-x

  • Guest
A trip to the MS-exploitland here...
Quote
hxxp://www.ftfashion.com/goodsimages/20073/
hxxp://sp.070808.net/23.htm
hxxp://w.aeaer.com/ae.htm
hxxp://qi.ccbtv.net/btv.htm
hxxp://88.881215.com/88.htm
hxxp://jjj.hfb86.cn/w6.htm
hxxp://xxx.hdr82.cn/web/cc.htm
hxxp://xxx.hdr82.cn/web/c1.htm
hxxp://xxx.hdr82.cn/web/c3.htm
hxxp://www.fire122.cn/shan.htm
hxxp://czz.aeaer.com/c.htm
hxxp://mn.haoyuming.net/one/index.htm
====================
Googling for "nnselect.js" also returns a few random injection results...

May 30, 2008, 06:11:23 pm
Reply #27

JohnC

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1964

June 04, 2008, 01:52:04 pm
Reply #28

sowhat-x

  • Guest
Newer Zlobs...
Quote
hxxp://brakecodec.com/download/brakecodec1363.exe -> Result: 7/32 (21.88%)
hxxp://getadultaccess.com/soft/temp/0_744878f_0/XXXmediaCodec_ver1.5051.0.exe -> Result: 12/32 (37.5%)
hxxp://soft-portal08-08.com/soft/zmtmalouugc/502142949d0/MediaTubeCodec_ver1.376.0.exe -> Result: 7/32 (21.88%)
Coming from...
Quote
hxxp://www.tembi.cn/porn/
hxxp://www.freeworldaccess.info/video1/
hxxp://getadultaccess.com/flash2/?aff=5051
hxxp://brakesex.net/aze/1807750957/1/player.php?m=bW92Mi53bXY=&id=1363

June 04, 2008, 04:21:22 pm
Reply #29

sowhat-x

  • Guest
Various downloader lists...
Quote
hxxp://www.tongji123.org/ok.txt
hxxp://www.dtdtdk.net/dk.txt
hxxp://www.alanga.net/axi.txt
hxxp://www.xiaobai01.net/update.txt
hxxp://www.zuoyouweinan.com/ws.txt

Currently they're serving the following,plus a few randomly gathered ones...

Quote
hxxp://222.73.44.163/ma/14.exe
hxxp://222.73.44.163/ma/15.exe
hxxp://222.73.44.163/ma/16.exe
hxxp://222.73.44.163/ma/18.exe
hxxp://222.73.44.163/ma/19.exe
hxxp://33.xingaide8.cn/soft/soft/f2b4657b5568d072.exe
hxxp://59.34.197.14/ma/10.exe
hxxp://59.34.197.14/ma/11.exe
hxxp://59.34.197.14/ma/12.exe
hxxp://59.34.197.14/ma/13.exe
hxxp://59.34.197.14/ma/6.exe
hxxp://59.34.197.14/ma/7.exe
hxxp://59.34.197.14/ma/8.exe
hxxp://59.34.197.14/ma/9.exe
hxxp://mikea.chinaskm.net/soft0.exe
hxxp://mikea.chinaskm.net/soft1.exe
hxxp://mikea.chinaskm.net/soft2.exe
hxxp://mikea.chinaskm.net/soft3.exe
hxxp://mikea.chinaskm.net/soft4.exe
hxxp://mikea.chinaskm.net/soft5.exe
hxxp://mikea.chinaskm.net/soft6.exe
hxxp://mikea.chinaskm.net/soft7.exe
hxxp://mikea.chinaskm.net/softd.exe
hxxp://mikeb.chinaskm.net/soft10.exe
hxxp://mikeb.chinaskm.net/soft11.exe
hxxp://mikeb.chinaskm.net/soft12.exe
hxxp://mikeb.chinaskm.net/soft13.exe
hxxp://mikeb.chinaskm.net/soft14.exe
hxxp://mikeb.chinaskm.net/soft8.exe
hxxp://mikeb.chinaskm.net/soft9.exe
hxxp://mikec.chinaskm.net/soft15.exe
hxxp://mikec.chinaskm.net/soft16.exe
hxxp://mikec.chinaskm.net/soft17.exe
hxxp://mikec.chinaskm.net/soft18.exe
hxxp://mikec.chinaskm.net/soft19.exe
hxxp://mikec.chinaskm.net/soft20.exe
hxxp://mikec.chinaskm.net/soft21.exe
hxxp://mikec.chinaskm.net/soft22.exe
hxxp://miked.chinaskm.net/soft23.exe
hxxp://miked.chinaskm.net/soft24.exe
hxxp://miked.chinaskm.net/soft25.exe
hxxp://miked.chinaskm.net/soft26.exe
hxxp://miked.chinaskm.net/soft27.exe
hxxp://miked.chinaskm.net/soft28.exe
hxxp://miked.chinaskm.net/soft29.exe
hxxp://miked.chinaskm.net/soft30.exe
hxxp://miked.chinaskm.net/soft31.exe
hxxp://new.hanma999.com/ma/1.exe
hxxp://new.hanma999.com/ma/2.exe
hxxp://new.hanma999.com/ma/3.exe
hxxp://new.hanma999.com/ma/4.exe
hxxp://new.hanma999.com/ma/5.exe
hxxp://sese.iqdqpdq.cn/11.exe
hxxp://web.73z.org/muma/guest.exe
hxxp://web.73z.org/muma/server.exe   
hxxp://www.100liang.cn/down/cbElpes.exe
hxxp://www.100liang.cn/down/cqsj.exe
hxxp://www.100liang.cn/down/dhua3.exe
hxxp://www.100liang.cn/down/EQQ.exe
hxxp://www.100liang.cn/down/hmmh.exe
hxxp://www.100liang.cn/down/hmshj.exe
hxxp://www.100liang.cn/down/huaxia.exe
hxxp://www.100liang.cn/down/moyu.exe
hxxp://www.100liang.cn/down/tlbb.exe
hxxp://www.100liang.cn/down/tmz.exe
hxxp://www.100liang.cn/down/wlwz.exe
hxxp://www.100liang.cn/down/wmgj.exe
hxxp://www.100liang.cn/down/wmsj.exe
hxxp://www.100liang.cn/down/wow.exe
hxxp://www.100liang.cn/down/wrjh.exe
hxxp://www.100liang.cn/down/zhux1.exe
hxxp://www.100liang.cn/down/zyhx.exe
hxxp://www.969xiao.net/25.htm
hxxp://www.969xiao.net/news.html
hxxp://www.lx-hack.cn/Ajax.htm
hxxp://www.lx-hack.cn/Bfyy.htm
hxxp://www.lx-hack.cn/gang/110.exe
hxxp://www.lx-hack.cn/Lz.htm
hxxp://www.lx-hack.cn/Real.gif
hxxp://www.sentgold.com/wow/wow.exe
hxxp://www.tongji123.org/soc.exe
hxxp://www.tongji123.org/soc/soc01.exe
hxxp://www.tongji123.org/soc/soc02.exe
hxxp://www.tongji123.org/soc/soc03.exe
hxxp://www.tongji123.org/soc/soc04.exe
hxxp://www.tongji123.org/soc/soc05.exe
hxxp://www.tongji123.org/soc/soc06.exe
hxxp://www.tongji123.org/soc/soc07.exe
hxxp://www.tongji123.org/soc/soc08.exe
hxxp://www.tongji123.org/soc/soc09.exe
hxxp://www.tongji123.org/soc/soc10.exe
hxxp://www.tongji123.org/soc/soc11.exe
hxxp://www.tongji123.org/soc/soc12.exe
hxxp://www.tongji123.org/soc/soc13.exe
hxxp://www.tongji123.org/soc/soc14.exe
hxxp://www.tongji123.org/soc/soc15.exe
hxxp://www.tongji123.org/soc/soc16.exe
hxxp://www.tongji123.org/soc/soc17.exe
hxxp://www.tongji123.org/soc/soc18.exe
hxxp://www.tongji123.org/soc/soc19.exe
hxxp://www.tongji123.org/soc/soc20.exe
hxxp://www.tongji123.org/soc/soc21.exe
hxxp://www.tongji123.org/soc/soc22.exe
hxxp://www.tongji123.org/soc/soc23.exe
hxxp://www.tongji123.org/soc/soc24.exe
hxxp://www.tongji123.org/soc/soc25.exe
hxxp://www.tongji123.org/soc/soc26.exe
hxxp://www.tongji123.org/soc/soc27.exe
hxxp://www.tongji123.org/soc/soc28.exe
hxxp://www.tongji123.org/soc/soc29.exe
hxxp://www.tongji123.org/soc/soc30.exe
hxxp://www.tongji123.org/soc/soc31.exe
hxxp://www.tongji123.org/soc/soc32.exe
hxxp://x4.cae9i4u6.cn/wmcc/14.htm
hxxp://x4.cae9i4u6.cn/wmcc/real.htm
hxxp://xindizhi88.com/8/abc.exe