Author Topic: Openx ad server of filestube.com compromised  (Read 3376 times)

0 Members and 1 Guest are viewing this topic.

December 25, 2010, 03:04:05 pm
Read 3376 times

SysAdMini

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 3335
The openx ad server of filestube.com has been compromised.

Code: [Select]
openx.filestube.com/delivery/cl.php
contains an iframe which leads to a Phoenix exploit kit.



We have seen various iframe urls.

http://www.malwaredomainlist.com/mdl.php?search=up/openx.filestube.com&colsearch=All&quantity=50

Current destination (changes sometimes ) is :
Code: [Select]
http://hallrespondnobody.co.cc/click/index.php

which redirects to
Code: [Select]
http://hallrespondnobody.co.cc/other/esxverxmcueujs1.php
payload url is
Code: [Select]
213.5.64.197/other/bt.php?i=15
http://www.virustotal.com/file-scan/report.html?id=ab71619de84f6370610440a503f5d85879257f8d43eae792a537e7b6acfe9dc7-1293289332

Ruining the bad guy's day