Author Topic: Another Exploit Targets IE7 Bug (MS09-002)  (Read 3755 times)

0 Members and 1 Guest are viewing this topic.

February 17, 2009, 11:45:40 am
Read 3755 times

SysAdMini

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 3335
Ruining the bad guy's day

February 17, 2009, 03:17:48 pm
Reply #1

Serg

  • Special Members
  • Sr. Member

  • Offline
  • *

  • 132
Do anyone have that infected ".DOC" file?


February 19, 2009, 01:15:33 pm
Reply #3

Serg

  • Special Members
  • Sr. Member

  • Offline
  • *

  • 132
Blacklist please
Code: [Select]
jiaozhu100.9966.org
chengjitj.com
shugiin.net
www.chengjitj.com
at 220.194.45.139
Reasons - exploit, malware, c&c.

February 19, 2009, 01:23:55 pm
Reply #4

SysAdMini

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 3335
Blacklist please
Code: [Select]
jiaozhu100.9966.org
chengjitj.com
shugiin.net
www.chengjitj.com
at 220.194.45.139
Reasons - exploit, malware, c&c.

Can you tell me what do we find at shugiin.net ?

chengjitj.com contains exploit and payload, jiaozhu100.9966.org is the dropzone, but what is on shugiin.net?

Ruining the bad guy's day

February 19, 2009, 02:54:21 pm
Reply #5

Serg

  • Special Members
  • Sr. Member

  • Offline
  • *

  • 132
just old version of
Quote
邮件服务器软件 CMailServer WebMail 5.4.3
at http://shugiin.net/mail/admin.asp  ;)     

February 19, 2009, 03:15:33 pm
Reply #6

Serg

  • Special Members
  • Sr. Member

  • Offline
  • *

  • 132
just old version of
Quote
邮件服务器软件 CMailServer WebMail 5.4.3
at http://shugiin.net/mail/admin.asp  ;)     
in fact that ip (220.194.45.139) was seen for many times. For ex domain skytwo44.8800.org(closed) exists in several backdoors.
Plus malware based on ms09-002 is a copy of ms08-078 based malware (discription for Exploit-MSWord.j
- http://nl.mcafee.com/virusInfo/default.asp?id=description&virus_k=153651 and Exploit-MSWord.k - http://nl.mcafee.com/virusInfo/default.asp?id=description&virus_k=154088). The same shit...


February 19, 2009, 09:07:52 pm
Reply #7

SysAdMini

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 3335
Ruining the bad guy's day