Author Topic: a bunch of related malware  (Read 3386 times)

0 Members and 1 Guest are viewing this topic.

January 24, 2008, 08:25:11 pm
Read 3386 times

tjs

  • Special Members
  • Sr. Member

  • Offline
  • *

  • 248
Malware calls home: http://polanddreams.com/check/tpktskr2.php

Previous site instructs bots to download the following malware:

Quote
hxxp://58.65.239.42/gwer234/0901.exe
hxxp://79.135.181.74//new.exe
hxxp://58.65.239.42/gwer234/krab.exe
hxxp://www.34portal.cn/sol.exe
hxxp://hqcodecvip.com/download/hqcodecvip1176.exe
hxxp://58.65.239.42/gwer234/u_f1_v34_72_u.exe
hxxp://58.65.239.42/gwer234/ldig006.exe
hxxp://58.65.239.42/gwer234/severa.exe
hxxp://58.65.239.42/gwer234/d.exe
hxxp://85.255.121.162/download/1011.exe

thx

January 24, 2008, 09:57:22 pm
Reply #1

JohnC

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1964
These will be aded next update. Thank you.

January 24, 2008, 11:37:35 pm
Reply #2

tjs

  • Special Members
  • Sr. Member

  • Offline
  • *

  • 248
Here are some more:

Quote
hxxp://hightstats.net/strong/190/
(exploit - already in list) redirects to:

Quote
hxxp://hightstats.net/strong/190/e1.html
(exploit) downloads:
Quote
hxxp://hightstats.net/dl/190/win32.exe
(malware)

Also, if you're interested in a megaton of onlinegame trojans:

Quote
60.190.118.15/new/#.exe
60.190.118.71/new/#.exe
74.222.132.178/new/#.exe
74.222.132.186/new/#.exe

Where # is anything from 1-17.
Depending on the time of day, you get samples up to 22+...

note that some of these are already in the list, but there is a lot more on those sites than is listed it seems.

tjs

January 25, 2008, 08:35:32 am
Reply #3

JohnC

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1964