Author Topic: 91.212.65.19  (Read 11707 times)

0 Members and 1 Guest are viewing this topic.

May 08, 2009, 09:57:13 pm
Read 11707 times

MarcusB

  • Guest
hdtvxvid.org (174.132.114.98)
This site claims to play HDTV.

If you click the download button you are taken to (91.212.65.19)
Quote
http ://tourdo.net/download/654a635066413d3df111c253/HDTVPlayerv3.5.dmg
http ://tourdo.net/download/654a635066413d3df111c253/HDTVPlayerv3.5.exe

If you have an OSX user agent then you will be served an OSX version of DNSChanger. Windows user agent will give you Windows version.

Malware calls home to 91.212.65.20 for OSX version to download a shell script.
(http://www.malwaredomainlist.com/forums/index.php?topic=2838.0)

May 08, 2009, 10:21:53 pm
Reply #1

MarcusB

  • Guest
Another one, same md5 hash though

Quote
http ://shotdro.com/download/3776694945673d3d03635c6c/play-video.exe
http ://shotdro.com/download/3776694945673d3d03635c6c/play-video.dmg

May 10, 2009, 07:19:57 pm
Reply #2

MarcusB

  • Guest
Quote
http ://amoretour.net/download/654a635066413d3df111c253/HDTVPlayerv3.5.exe
http ://amoretour.net/download/654a635066413d3df111c253/HDTVPlayerv3.5.dmg

NS
Quote
ns1.amoretour.net

May 12, 2009, 01:35:09 pm
Reply #3

MarcusB

  • Guest
Quote
http ://kauitour.com/download/654a635066413d3df111c253/HDTVPlayerv3.5.dmg
http ://kauitour.com/download/654a635066413d3df111c253/HDTVPlayerv3.5.exe

NS
Quote
ns1.kauitour.com