Author Topic: Bingo... ;-)  (Read 2963 times)

0 Members and 1 Guest are viewing this topic.

March 16, 2008, 04:53:12 pm
Read 2963 times

sowhat-x

  • Guest
Quote
hxxp://down00.china-s0ft.cn/downlist.txt
Downloader's list,but seems to be down at the moment...
For simplicity,i copy/paste the contents from google's cache here,
although that's not the real deal here...

Quote
[oo]
t0=20080407
e0=hxxp://219.152.120.213/m/001.exe
t1=20080408
e1=hxxp://219.152.120.213/m/002.exe
t2=20080407
e2=hxxp://219.152.120.213/m/003.exe
t3=20080407
e3=hxxp://219.152.120.213/m/004.exe
t4=20080407
e4=hxxp://219.152.120.213/m/005.exe
t5=20080407
e5=hxxp://219.152.120.213/m/006.exe
t6=20080407
e6=hxxp://219.152.120.213/m/007.exe
t7=20080407
e7=hxxp://219.152.120.213/m/008.exe
t8=20080407
e8=hxxp://219.152.120.213/m/009.exe
t9=20080407
e9=hxxp://219.152.120.213/m/010.exe
t10=20080407
e10=hxxp://219.152.120.213/m/11.exe
t11=20080407
e11=hxxp://219.152.120.213/m/12.exe
t12=20080407
e12=hxxp://219.152.120.213/m/13.exe
t13=20080407
e13=hxxp://219.152.120.213/m/14.exe
t14=20080407
e14=hxxp://219.152.120.213/m/15.exe
t15=20080407
e15=hxxp://219.152.120.213/m/16.exe
t16=20080407
e16=hxxp://219.152.120.213/m/17.exe
t17=20080407
e17=hxxp://219.152.120.213/m/18.exe
t18=20080407
e18=hxxp://219.152.120.213/m/19.exe
t19=20080407
e19=hxxp://219.152.120.213/m/20.exe
t20=20080407
e20=hxxp://219.152.120.213/m/21.exe
t21=20080407
e21=hxxp://219.152.120.213/m/22.exe
t22=20080407
e22=hxxp://219.152.120.213/m/23.exe
t23=20080407
e23=hxxp://219.152.120.213/m/24.exe
t24=20080407
e24=hxxp://219.152.120.213/m/25.exe
t25=20080407
e25=hxxp://219.152.120.213/f.exe
t26=20080407
e26=hxxp://219.152.120.213/k.exe
t27=20080407
e27=hxxp://219.152.120.21/a.exe
t28=20080407
e28=hxxp://219.152.120.213/d.exe

So,for the fun of it,I googled for one of the ip addresses,
namely '219.152.120.21',and came up with this...
Quote
hxxp://bbs.deepin.org/read.php?tid=596547&page=e&fpage=1

Hmm...now that's surely interesting...almost every ip listed there,
seems to also be listed in malware research/security sites...
may I say we've got a jackpot here?  ;)

Search engines seem to already reveal more than a lot,
in order to dig extra malware from the ips mentioned in the forum link above...