Malware Domain List

Malware Related => Malicious Domains => Topic started by: tjs on January 24, 2008, 08:25:11 pm

Title: a bunch of related malware
Post by: tjs on January 24, 2008, 08:25:11 pm
Malware calls home: http://polanddreams.com/check/tpktskr2.php

Previous site instructs bots to download the following malware:

Quote
hxxp://58.65.239.42/gwer234/0901.exe
hxxp://79.135.181.74//new.exe
hxxp://58.65.239.42/gwer234/krab.exe
hxxp://www.34portal.cn/sol.exe
hxxp://hqcodecvip.com/download/hqcodecvip1176.exe
hxxp://58.65.239.42/gwer234/u_f1_v34_72_u.exe
hxxp://58.65.239.42/gwer234/ldig006.exe
hxxp://58.65.239.42/gwer234/severa.exe
hxxp://58.65.239.42/gwer234/d.exe
hxxp://85.255.121.162/download/1011.exe

thx
Title: Re: a bunch of related malware
Post by: JohnC on January 24, 2008, 09:57:22 pm
These will be aded next update. Thank you.
Title: Re: a bunch of related malware
Post by: tjs on January 24, 2008, 11:37:35 pm
Here are some more:

Quote
hxxp://hightstats.net/strong/190/
(exploit - already in list) redirects to:

Quote
hxxp://hightstats.net/strong/190/e1.html
(exploit) downloads:
Quote
hxxp://hightstats.net/dl/190/win32.exe
(malware)

Also, if you're interested in a megaton of onlinegame trojans:

Quote
60.190.118.15/new/#.exe
60.190.118.71/new/#.exe
74.222.132.178/new/#.exe
74.222.132.186/new/#.exe

Where # is anything from 1-17.
Depending on the time of day, you get samples up to 22+...

note that some of these are already in the list, but there is a lot more on those sites than is listed it seems.

tjs
Title: Re: a bunch of related malware
Post by: JohnC on January 25, 2008, 08:35:32 am
Thank you :)