Author Topic: daily something......  (Read 641385 times)

0 Members and 2 Guests are viewing this topic.

September 07, 2008, 07:26:41 pm
Read 641385 times

lanvin

  • Special Access
  • Full Member

  • Offline
  • *

  • 55
    • PC Security Labs
Code: [Select]
http://218.22.180.43:81/445566.exe
http://first-reason.com/data/uhuybfgybff/0000005378.exe
http://dd5.tesekl.info/3.exe
http://www.cu108.com/linkme.exe
http://ruanjian2008.kki.cn/0.exe
http://ruanjian2008.kki.cn/2.exe
http://dd4.tesekl.info/not.exe

20080908...
Welcome to my personal blog
http://www.pcsecuritylabs.net/jeffrey/

September 08, 2008, 03:06:34 pm
Reply #1

lanvin

  • Special Access
  • Full Member

  • Offline
  • *

  • 55
    • PC Security Labs
Code: [Select]
http://www.qq-new.cn/shengji.exe
http://wm.xnibi.com/'http://m.c5x8.com/mm.exe
http://www.cu108.com/linkme.exe
http://www.zmjjjyy.cn/new/a2.css
http://down.hs7yue.cn/down/UU.ini
http://down.hs7yue.cn/down/sina.exe/

20080909
Welcome to my personal blog
http://www.pcsecuritylabs.net/jeffrey/

September 09, 2008, 03:33:27 pm
Reply #2

lanvin

  • Special Access
  • Full Member

  • Offline
  • *

  • 55
    • PC Security Labs
Code: [Select]
http://l.ljsrx.com/test222.exe
http://down.hs7yue.cn/down/sina.exe
http://www.zmjjjyy.cn/new/a1.css
http://61.164.118.208/new/new1.exe
http://61.164.118.208/new/new2.exe
http://61.164.118.208/new/new3.exe
http://61.164.118.208/new/new4.exe
http://61.164.118.208/new/new5.exe
http://61.164.118.208/new/new6.exe
http://61.164.118.208/new/new7.exe
http://61.164.118.208/new/new8.exe
http://61.164.118.208/new/new9.exe
http://61.164.118.208/new/new10.exe
http://61.164.118.208/new/new11.exe
http://61.164.118.208/new/new12.exe
http://61.164.118.208/new/new13.exe
http://61.164.118.208/new/new14.exe
http://61.164.118.208/new/new15.exe
http://61.164.118.208/new/new16.exe
http://61.164.118.208/new/new17.exe
http://61.164.118.208/new/new18.exe
http://61.164.118.208/new/new19.exe
http://61.164.118.208/new/new20.exe
http://61.164.118.208/new/new21.exe
http://61.164.118.208/new/new22.exe
http://61.164.118.208/new/new23.exe
http://61.164.118.208/new/new24.exe
http://61.164.118.208/new/new25.exe
http://61.164.118.208/new/new26.exe
http://61.164.118.208/new/new27.exe
http://61.164.118.208/new/new28.exe
Welcome to my personal blog
http://www.pcsecuritylabs.net/jeffrey/

September 09, 2008, 04:24:02 pm
Reply #3

sowhat-x

  • Guest
Quote
hxxp://av355.110mb.com/gate/gate.php?stat=1
hxxp://magmob.info-com.ru/gate/gate.php
hxxp://www.cybertm.tu1.ru/admin/admin.php
hxxp://www.dmc-dmc.1gb.in/gate/gate.php
hxxp://www.patr0n87.tu2.ru/reports/gate.php
hxxp://www.qsl.net/dl2bcm/
hxxp://www.anti-virus-xp.net/sysscan/132a071e5d1437b80c401c6982d513a0/1/
hxxp://www.anti-virus-xp.net/tools/virusremover.dll
hxxp://www.anti-virus-xp.net/check/132a071e5d1437b80c401c6982d513a0_16
hxxp://82.98.235.15/wupd/

September 10, 2008, 02:10:34 pm
Reply #4

lanvin

  • Special Access
  • Full Member

  • Offline
  • *

  • 55
    • PC Security Labs
Code: [Select]
http://222.179.185.117/1.exe
http://222.179.185.117/2.exe
......
http://222.179.185.117/30.exe
http://newymhf6.cn/3.exe
http://l.ljsrx.com/test222.exe
Welcome to my personal blog
http://www.pcsecuritylabs.net/jeffrey/

September 11, 2008, 01:45:17 am
Reply #5

sowhat-x

  • Guest
Quote
hxxp://xpsecuritycenter.com/XPSecurityCenter/latest/Installer.exe
hxxp://scan.antispyware-free-scanner.com
hxxp://files.as-pro-xp-download.com/load/setup_1_2_.exe
hxxp://virusremover2008.com/VRM_Free.exe?a=site&l=pay
hxxp://download.virusremover2008.com/VRM_Free.exe
hxxp://www.av-xp2008.com
hxxp://stat.av-xp2008.com/download/16/AntivirusXP2008Installer.exe

And what a surprize,lol...more crap hosted in the same ip obviously...
Quote
hxxp://antivirusxp-2008.net (EstDomains)
hxxp://stat.antivirusxp-2008.net/download/16/AntivirusXP2008Installer.exe (EstDomains)

September 11, 2008, 01:54:59 pm
Reply #6

lanvin

  • Special Access
  • Full Member

  • Offline
  • *

  • 55
    • PC Security Labs
Code: [Select]
http://user9.78-10.net/list/sk01.exe
http://user9.78-10.net/list/sk02.exe
http://user9.78-10.net/list/sk03.exe
http://user9.78-10.net/list/sk04.exe
http://user9.78-10.net/list/sk05.exe
http://user9.78-10.net/list/sk06.exe
http://user9.78-10.net/list/sk07.exe
http://user9.78-10.net/list/sk08.exe
http://user9.78-10.net/list/sk09.exe
http://user9.78-10.net/list/sk10.exe
http://user9.78-10.net/list/sk11.exe
http://user9.78-10.net/list/sk12.exe
http://user9.78-10.net/list/sk13.exe
http://user9.78-10.net/list/sk14.exe
http://user9.78-10.net/list/sk15.exe
http://user9.78-10.net/list/sk16.exe
http://user9.78-10.net/list/sk17.exe
http://user9.78-10.net/list/sk18.exe
http://user9.78-10.net/list/sk19.exe
http://user9.78-10.net/list/sk20.exe
http://user9.78-10.net/list/sk21.exe
http://user9.78-10.net/list/sk22.exe
http://user9.78-10.net/list/sk23.exe
http://user9.78-10.net/list/sk24.exe
http://user9.78-10.net/list/sk25.exe
http://user9.78-10.net/list/sk26.exe
http://user9.78-10.net/list/sk27.exe
http://user9.78-10.net/list/sk28.exe
http://user9.78-10.net/list/sk29.exe
http://user9.78-10.net/list/sk30.exe
Welcome to my personal blog
http://www.pcsecuritylabs.net/jeffrey/

September 11, 2008, 03:25:09 pm
Reply #7

SysAdMini

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 3335
Read this blog article
http://s3cwatch.wordpress.com/2008/09/11/wwwok2bstr8comindex_13html/

There  is a lot more of such crap.

http://www.google.com/search?q=%22ActiveX+Object+to+play+this+video+file%22+%22HARDCORE+VIDEO+ONLINE%22&site=intl&filter=0

Example from google links :

Code: [Select]
www.hot9.ru/index.php?p_id=138

links to

Code: [Select]
http://softload2009q.com/download/502/1410/0/
downloads MediaTubeCodec_ver1.1410.0.exe.

VT Result:

http://www.virustotal.com/de/analisis/e040a14bb3b30e35eaf59a141d5e37b6
Ruining the bad guy's day

September 12, 2008, 07:03:23 pm
Reply #8

lanvin

  • Special Access
  • Full Member

  • Offline
  • *

  • 55
    • PC Security Labs
Code: [Select]
http://www.host1550.com/modulos/gera.jpg
http://loaddds.com/file.exe
http://security-prof.com/2009/download/trial/AV2009Install_77024207.exe
http://m.c5x8.com/mm.exe
Welcome to my personal blog
http://www.pcsecuritylabs.net/jeffrey/

September 13, 2008, 03:10:34 am
Reply #9

sowhat-x

  • Guest
Quote
hxxp://www.skigiesing.de/bilder/kashir.exe
hxxp://fotolog.host.sk/foto.php?=
hxxp://on1000000.cn/Get7IT.php
hxxp://ferrychi445677.com/Get7ITU.php -> -> EstDomains
hxxp://bmwx6foreva.ru/loads/engine3.bin
hxxp://my-socks.info/lll.exe -> EstDomains
hxxp://de-my-page.info/img/scan_trCRY.exe -> EstDomains
hxxp://79.132.211.50/alex/1.exe
hxxp://58.65.235.41/ndl/index.php -> control panel,pretty lame ;-)
hxxp://58.65.235.41/ndl/controller.php?action=bot&entity_list=&rnd=982142
hxxp://monsterlink.org/spl/exe.php
hxxp://www.0xfffffffff.net/spl/index.php
hxxp://165.194.30.123/qwerty/traf.php
hxxp://rivatos.net/tds/in.cgi?default -> EstDomains
hxxp://rivatos.net/in.cgi?idb1
hxxp://rivatos.net/tds/in.cgi?3
hxxp://rivatos.net/tds/in.cgi?2
hxxp://myfrooogle.cn/z/index.php
hxxp://onlinececk.com/ -> pdf exploits also in the past there as well / EstDomains
hxxp://www.anti-virus-xp.net/sysscan/132a071e5d1437b80c401c6982d513a0/1/
hxxp://www.anti-virus-xp.net/check/132a071e5d1437b80c401c6982d513a0_16
hxxp://www.anti-virus-xp.net/tools/virusremover.dll
hxxp://guidetosuccess.name/images/index.php -> EstDomains
hxxp://guidetosuccess.name/images/ff.jar
hxxp://guidetosuccess.name/images/ff2.jar
hxxp://guidetosuccess.name/images/lv.jar
hxxp://guidetosuccess.name/images/ff4.jar
hxxp://guidetosuccess.name/images/ff3.jar
hxxp://guidetosuccess.name/images/ff5.jar
hxxp://guidetosuccess.name/images/ff7.jar
hxxp://guidetosuccess.name/images/ff12.jar
hxxp://guidetosuccess.name/images/ff6.jar
hxxp://guidetosuccess.name/images/ff8.jar
hxxp://guidetosuccess.name/images/ff9.jar
hxxp://guidetosuccess.name/images/ff13.jar
hxxp://guidetosuccess.name/images/ff14.jar
hxxp://guidetosuccess.name/images/ff10.jar
hxxp://guidetosuccess.name/images/ff15.jar
hxxp://guidetosuccess.name/images/ff11.jar
hxxp://guidetosuccess.name/images/loade.php

September 13, 2008, 10:09:30 am
Reply #10

lanvin

  • Special Access
  • Full Member

  • Offline
  • *

  • 55
    • PC Security Labs
Code: [Select]
http://www.qq-songli.cn/001.exe
http://www.qq-songli.cn/002.exe
http://www.qq-songli.cn/003.exe
http://www.qq-songli.cn/004.exe
http://www.qq-songli.cn/005.exe
http://www.qq-songli.cn/006.exe
http://www.qq-songli.cn/007.exe
http://www.qq-songli.cn/008.exe
http://w.stopcao.cn/good/x.exe
http://www.zmjjjyy.cn/down/ko.exe
http://down.hs7yue.cn/down/ko.css
Welcome to my personal blog
http://www.pcsecuritylabs.net/jeffrey/

September 14, 2008, 09:54:25 am
Reply #11

lanvin

  • Special Access
  • Full Member

  • Offline
  • *

  • 55
    • PC Security Labs
Code: [Select]
Site Domain :     0catch.com
Site Location:     United States of America
Threat Links on this site(part of them):

http://wrkshp14.0catch.com/kettlebells-uk.html 
http://jyg7321.0catch.com/ 
http://wrkshp5.0catch.com/scorpio-tattoo.html 
http://keaydi.0catch.com/ 
http://wrkshp14.0catch.com/hoist-dumbbells.html 
http://wrkshp15.0catch.com/campbells-chicken-noodle-soup.html 
http://wrkshp14.0catch.com/custom-doorbells.html 
http://wrkshp14.0catch.com/crazy-fogs-jingle-bells-mp3.html 
http://wrkshp14.0catch.com/deagan-bells.html 
http://pedomederpel.0catch.com/


Site Domain :     218.22.180.43
Site Location:     China
Threat Links on this site(part of them):

http://218.22.180.43:81/vmdetdhc.htm 
http://218.22.180.43/TuTu01.exe 
http://218.22.180.43/w.exe 
http://218.22.180.43/w.exe 
http://218.22.180.43:81/445566.exe 






Welcome to my personal blog
http://www.pcsecuritylabs.net/jeffrey/

September 14, 2008, 10:57:37 am
Reply #12

CM_MWR

  • Special Members
  • Hero Member

  • Offline
  • *

  • 319
Thanks Lanvin,I somehow missed this topic but much appreciate the links.  :P

Code: [Select]
http://lovelypornovideo.net/load.php?aff=&/HDVideoCodec_ver1..0.exe
http://pornotube30.net/getsoft/79_003.exe
http://usuarios.lycos.es/libredll/udp.nnn
http://ranchsource.com/files/778r.jpg
http://ranchsource.com/files/777.jpg
http://files657284.net/b2b/dmlatc.cgi
http://files657284.net/b2b/load/nlatdm.exe
http://files657284.net/b2b/load/vmairn.exe
http://files657284.net/b2b/load/djdnxl.exe
http://www.moduloscriticos.com.br/mod/configdw.txt
http://www.moduloscriticos.com.br/mod/imlog.jpg
http://www.moduloscriticos.com.br/mod/imbdj.jpg
http://www.moduloscriticos.com.br/mod/implug.jpg
http://www.moduloscriticos.com.br/mod/immsn.jpg
http://www.moduloscriticos.com.br/mod/imok.jpg
http://www.moduloscriticos.com.br/mod/config.jpg
http://www.moduloscriticos.com.br/mod/mslink.jpg
http://75.125.233.171/julho/imlog.jpg
http://www.marajo03.kit.net/imbdj.jpg
http://75.125.233.171/julho/implug.jpg
http://www.marajo00.kit.net/imok.jpg
http://avzhan.3322.org:81/1.exe
http://78.157.143.251/bho/msfont.dll
http://m.c5x8.com/mm.exe
http://www.sognilucidi.it/forum/download/.http/~/foto1.jpg
http://goldbye.vicp.net/svchost1.exe
http://goldbye.vicp.net/Cyber02Hide.exe
http://omega-sts.ru/usr/templates/CVS/.dc/visualizador
http://globalcenter.home.sapo.pt/1.gif
http://globalcenter.home.sapo.pt/2.gif
http://globalcenter.home.sapo.pt/3.gif
http://transito2009.web26.f3.k8.com.br/msmask32.jpg
http://transito2009.web26.f3.k8.com.br/ossmtp.jpg
http://transito2009.web26.f3.k8.com.br/estrela.jpg
http://transito2009.web26.f3.k8.com.br/file_new.jpg
http://www.florenca2009.com/config/config.dll

September 14, 2008, 03:37:00 pm
Reply #13

lanvin

  • Special Access
  • Full Member

  • Offline
  • *

  • 55
    • PC Security Labs
Code: [Select]
[quote author=CM_MWR link=topic=2207.msg5599#msg5599 date=1221389857]
Thanks Lanvin,I somehow missed this topic but much appreciate the links.  :P

m/config/config.dll


dig  from your post:)

Code: [Select]
http://75.125.233.171/mod/modplug14.jpg
http://m.c5x8.com/flashmm.exe 
http://m.d5x8.com/dd/9.exe
http://m.c5x8.com/dd/3.exe
http://2.trojan8.com/dd/10.exe
http://m.c5x8.com/dd/2.exe
http://m.c5x8.com/dd/1.exe
Welcome to my personal blog
http://www.pcsecuritylabs.net/jeffrey/

September 14, 2008, 05:45:49 pm
Reply #14

SysAdMini

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 3335
Ruining the bad guy's day