Author Topic: hs.3-3.zlkon.lv -(94.247.3.3)  (Read 11378 times)

0 Members and 1 Guest are viewing this topic.

April 07, 2009, 08:49:26 pm
Read 11378 times

SysAdMini

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 3335
Rogue
Code: [Select]
webwidesecurity.com/index.php?affid=09400
webwidesecurity.com/download.php?affid=00000
webwidesecurity.com/install/ws.zip
webwidesecurity.com/install/installpv.exe
Ruining the bad guy's day

April 15, 2009, 01:31:36 am
Reply #1

Malware-Web-Threats

  • Special Members
  • Hero Member

  • Offline
  • *

  • 354
    • MalwareURL
Another fake Antivirus

Code: [Select]
hxxp://greatonlinesecurityscan.com/
hxxp://greatonlinesecurityscan.com/hitin.php
hxxp://greatonlinesecurityscan.com/download.php
hxxp://greatonlinesecurityscan.com/install/installpv.exe
hxxp://greatonlinesecurityscan.com/install/ws.zip

VirusTotal for install.exe 13/40 (32.5%)
VirusTotal for installpv.exe 3/40 (7.5%)
VirusTotal for ws.exe 10/40 (25%)

VirusTotal for av.exe (ws.zip) 9/40 (22.5%)

Anubis report for install.exe

Redirect to google after infection with these links

Code: [Select]
hxxp://greatonlinesecurityscan.com/in.php?url=5&affid=00000
hxxp://greatonlinesecurityscan.com/in.php?url=1&affid=00000

April 22, 2009, 11:12:02 am
Reply #2

Malware-Web-Threats

  • Special Members
  • Hero Member

  • Offline
  • *

  • 354
    • MalwareURL
Redirects:

Code: [Select]
hxxp://theonlinesecurity.com/in.php
hxxp://theonlinesecurity.com/hitin.php

Fake scanner page:

Code: [Select]
hxxp://theonlinesecurity.com/index.php
hxxp://theonlinesecurity.com/scan.php

Payloads:

Code: [Select]
hxxp://theonlinesecurity.com/download.php
hxxp://theonlinesecurity.com/install/installpv.exe
hxxp://theonlinesecurity.com/install/ws.zip

VirusTotal - 15/40 (37.5%)
VirusTotal - 10/40 (25%)
VirusTotal - 13/40 (32.5%)