Domain hosting Crimepack

[br0wnd]

hxxp://pilon5.ru/crime - Hosting Crimepack exploit kit

Inadvertently revealed by someone trying to sell Crimepack on a Russian forum.  Whoops

Here's a screenshot that revealed most of the domain:  http://2.bp.blogspot.com/_hx7QmGN8TlM/S6Kgh_z6zmI/AAAAAAAAACA/yN6nr70mL-4/s1600-h/redactfail.jpg

Also linked to the same email as the registrant:  http://www.malwaredomainlist.com/mdl.php?search=ch1t3r%40gmail.com&colsearch=All&quantity=50&inactive=on

[SysAdMini]

http://wepawet.cs.ucsb.edu/view.php?hash=dfe388f17445fb4c102b52e0692258ba&t=1268952889&type=js

http://www.virustotal.com/analisis/129781a8c6b34d380a6c08e931bcfa894a19e1e3631ccb18907bf4527444f46f-1268953102

[SysAdMini]

Code: [Select]

roguenet.info/skuff/index.php

[SysAdMini]

This one is dropping Zeus.

Code: [Select]

www.bx1.biz/admin/index.php
http://www.virustotal.com/analisis/0c62f411bd7375f2bcf758fd0c615e25b9f8111f8bac7aff2140c87c5823897a-1268660607

http://camas.comodo.com/cgi-bin/submit?file=0c62f411bd7375f2bcf758fd0c615e25b9f8111f8bac7aff2140c87c5823897a

[MysteryFCM]

Coming via malvertisements now?

http://forums.avg.com/ww-en/avg-free-forum?sec=thread&act=show&id=75313

Still looking into it (don't have a test machine atm as I'm not at home).

[MysteryFCM]

Confirmed as an F/P

http://forums.avg.com/ww-en/avg-free-forum?sec=thread&act=show&id=75387#post_75387

[CkreM]

Hi,

I can confirm that this is a false alarm, unfortunately. Please accept our apologies for the inconvenience.

We will release new LinkScanner database update to rectify this soon. It will not be detected with the LinkScanner version 193 (this information can be found in AVG user interface upon double-clicking the LinkScanner componnet).
As a temporary solution (until the update), please disable the LinkScanner component.

Thanks.

***************AVG Team

Edit:
1 minute late

[MysteryFCM]

hehe