Author Topic: CCCRich - Malware Domain Submitted  (Read 4080 times)

0 Members and 1 Guest are viewing this topic.

August 18, 2009, 11:31:57 pm
Read 4080 times

cccrich

  • Newbie

  • Offline
  • *

  • 3
Download fake AV - PersonalAV
Code: [Select]
http://online-defenderv9.com/download/Antivirus-e17_2006-71.exe FakeAV-PersonalAV
Will direct to the following web sites and ask money for it:
Code: [Select]
http://secure.software-online-paymetns.com/buy.php?id=2006-71
https://secure.onlinesoftwarebilling.com/billing/?id=2006-71

August 25, 2009, 07:57:02 pm
Reply #1

cccrich

  • Newbie

  • Offline
  • *

  • 3
Hosting Malware "PC_Antispyware2010"

The following Internet downloads were started (the retrieved bits are saved into the local file):

URL to be downloaded                                                                Filename for the downloaded bits
hxxp://nrefadoskfer.com//A1to0F2Y5x0e3K1D2ibV5ZT                       %System%\wisdstr.exe
hxxp://pebernufeska.com/VW1znk0h2-5A0ep3q1g2s5TiO                   %System%\wisdstr.exe
hxxp://tuhytalerf.com/Uf1U0EN2H5br0H3Tf1X2ies5b                          %System%\wisdstr.exe
hxxp://agodaynsbert.com/qYD1w0ij2I5b0en3j1XdT2cH5Hvy                %System%\wisdstr.exe
hxxp://uiskduiretog.com/I1UGv0X2BOg5sAs0z3eJk1r2lt5Q                   %System%\wisdstr.exe
hxxp://alionerkilo.com/a1B0Yns2g5Pf0W3SQ1DMC2EXS5Gkd                %System%\wisdstr.exe
hxxp://trobanionads.com/QKZ1K0azx2Xn5-0Gl3/CX1pA2Cu5Dcg           %System%\wisdstr.exe
hxxp://xcuilofertun.com/kB1PoO0CUX2lK5V0NBB3IUu1A2ov5OC            %System%\wisdstr.exe
hxxp://vulisandoratosa.com/Woe1j0kBM2Lc5ZcG0K3qO1S2ByB5Fv        %System%\wisdstr.exe

September 03, 2009, 06:16:09 pm
Reply #2

cccrich

  • Newbie

  • Offline
  • *

  • 3
Braviax.exe and others

Code: [Select]
Web Shield findings
"Infection";"Object";"Result";"Detection time";"Object Type";"Process"
"Virus found Win32/Heur";"tuhytalesdrf.com/JY/1Ae0bnk2A5dVV0SOj4sI1r5w0t";"";"9/3/2009, 10:41:42 AM";"file";"C:\WINDOWS\system32\braviax.exe"
"Virus found Win32/Heur";"pebergenufeska.com/sZX1m0uTt2AVz5QMP0l4cV1Nwt5G0p";"";"9/3/2009, 10:41:41 AM";"file";"C:\WINDOWS\system32\braviax.exe"
"Virus found Win32/Heur";"uiskddcuiretog.com/FGT1tvM0z2I5M0nG4B1b5L0ADl";"";"9/3/2009, 10:41:34 AM";"file";"C:\WINDOWS\system32\braviax.exe"
"Virus found Win32/Heur";"ovuiobvipolak.com/pM1qNi0XQ2Xqp5Se0K4z1Cpn5W/E0Pa";"";"9/3/2009, 10:41:32 AM";"file";"C:\WINDOWS\system32\braviax.exe"
"Virus found Win32/Heur";"julionejurmon.com/a1N0T2ESv5Ns0z4JTn1Z5e0P";"";"9/3/2009, 10:41:31 AM";"file";"C:\WINDOWS\system32\braviax.exe"
"Virus found Win32/Heur";"alertonbgabert.com/Hq1hlF0J2cVQ5sHY0L4g1Ut5b0AP";"";"9/3/2009, 10:41:30 AM";"file";"C:\WINDOWS\system32\braviax.exe"
"Virus found Win32/Heur";"agodaynsvcbert.com/D1Hk0rK2Nf5pGV0j4Z1Mr5uy0pH";"";"9/2/2009, 9:03:56 PM";"file";"C:\WINDOWS\system32\braviax.exe"
"Virus found Win32/Heur";"alioneferkilo.com/DSr1SIG0w2V5AD0HR4Mo1q5B0p";"";"9/2/2009, 9:03:55 PM";"file";"C:\WINDOWS\system32\braviax.exe"
"Virus found Win32/Heur";"nrefadoteskfer.com/u1rzv0SQ2B5Wy0tAK4cP1aHA5m0SRA";"";"9/2/2009, 9:03:53 PM";"file";"C:\WINDOWS\system32\braviax.exe"
"Virus found Win32/Heur";"tuhytalesdrf.com/JY/1Ae0bnk2A5dVV0SOj4sI1r5w0t";"";"9/2/2009, 9:03:52 PM";"file";"C:\WINDOWS\system32\braviax.exe"
"Virus found Win32/Heur";"pebergenufeska.com/sZX1m0uTt2AVz5QMP0l4cV1Nwt5G0p";"";"9/2/2009, 9:03:50 PM";"file";"C:\WINDOWS\system32\braviax.exe"
"Virus found Win32/Heur";"uiskddcuiretog.com/FGT1tvM0z2I5M0nG4B1b5L0ADl";"";"9/2/2009, 9:03:49 PM";"file";"C:\WINDOWS\system32\braviax.exe"
"Virus found Win32/Heur";"ovuiobvipolak.com/pM1qNi0XQ2Xqp5Se0K4z1Cpn5W/E0Pa";"";"9/2/2009, 9:03:47 PM";"file";"C:\WINDOWS\system32\braviax.exe"
"Virus found Win32/Heur";"julionejurmon.com/a1N0T2ESv5Ns0z4JTn1Z5e0P";"";"9/2/2009, 9:03:46 PM";"file";"C:\WINDOWS\system32\braviax.exe"
"Virus found Win32/Heur";"alertonbgabert.com/Hq1hlF0J2cVQ5sHY0L4g1Ut5b0AP";"";"9/2/2009, 9:03:44 PM";"file";"C:\WINDOWS\system32\braviax.exe"
"Trojan horse Downloader.Generic8.BIZV";"retrobaziliona.com/s1NP0Z2j5Bv0chy3o1p1h7a";"";"8/19/2009, 10:18:26 PM";"file";"C:\DOCUME~1\Owner\LOCALS~1\Temp\e.exe"
"Exploit PDF Viewer Plugin Overflow (type 699)";"revuition.com/4/doctor/p15.php";"";"8/14/2009, 11:38:28 PM";"file";"C:\Program Files\Internet Explorer\iexplore.exe"