Malware Domain List

Malware Related => Malicious Domains => Topic started by: SysAdMini on March 26, 2009, 10:13:04 am

Title: persdata7.com
Post by: SysAdMini on March 26, 2009, 10:13:04 am
Code: [Select]
persdata7.comhttp://wepawet.cs.ucsb.edu/view.php?hash=5b3f4c6e2b9ac79ce8c3396d3a970cc4&t=1238060225&type=js

pdf exploit
Code: [Select]
persdata7.com/pdf.php
Trojan Ambler
Code: [Select]
http://persdata7.com/load.php?id=3http://www.virustotal.com/analisis/09e6598a4260e01fe7538dad05186b6b 10/40

http://www.threatexpert.com/report.aspx?md5=8de9ebc76c630fac7c25bd89e50468d5
Title: Re: persdata7.com
Post by: SysAdMini on March 27, 2009, 05:57:49 am
Many people have reported to me that they have received the following text message on their
mobile phone.

Quote
someone posted your full personal and banking information at hxxp://persdata7.com website you must remove it now

This way the bad guys try to lure people into the site.
Title: Re: persdata7.com
Post by: SysAdMini on March 27, 2009, 07:08:59 am
There is some SMiShing going on in the EU
http://isc.sans.org/diary.html?storyid=6076
Title: Re: persdata7.com
Post by: MysteryFCM on March 27, 2009, 08:13:20 pm
I had a comment on my blog mentioning a second number that's sending out these messages;

+380672132156

http://hphosts.blogspot.com/2009/03/malicious-sms-sending-victims-to.html?showComment=1238178120000#c4228655140178542423
Title: Re: persdata7.com
Post by: MysteryFCM on March 27, 2009, 08:33:17 pm
I've been doing some research, and from what I can find, +38 is an Albanian mobile phone, possibly provided by AMC (Albanian Mobile Communications). I'm trying to get in touch with them to get this verified (if it does not belong to them, they will hopefully point me in the direction of the correct provider).
Title: Re: persdata7.com
Post by: SysAdMini on March 27, 2009, 08:44:58 pm
+380 is Ukraine.
Title: Re: persdata7.com
Post by: MysteryFCM on March 27, 2009, 08:50:26 pm
GRR! .. why can't the damn sites get things straight, lol

I'll update the article. Cheers dude :)