Author Topic: 92.38.0.41 - Rogue Antivirus and Trojan TDSS (Alureon)  (Read 2833 times)

0 Members and 1 Guest are viewing this topic.

June 07, 2009, 09:06:49 am
Read 2833 times

Malware-Web-Threats

  • Special Members
  • Hero Member

  • Offline
  • *

  • 354
    • MalwareURL
Code: [Select]
10gay.com
1207477564.info
1-cancer.com
4-baccarat-gambling-online.com
4-casinos-online-real-online-casino.com
4w8loss.com
8teenboy.net
abdns1.com
acquisto-levitra.com
advisorywebcentercom.com
advnameservers.com
anoze.com
anti-perspirants.com
antispywareprotectiontoolcom.com
aro-auto.com
asvpayout.com
audio-cafe.com
av-solutioncom.com
awconsult.com
babes-fuck-online.com
best-music-sites.com
blogaboutonline.com
blogger-gamer.com
bmw3coupe.com
brain-cash.com
brizcafe.com
burnandfire.com
callmepleasecom.com
casino-on-line-gambling-directory.com
cgcream.com
cheapticketslist.com
cialis-generico.net
cialis-prezzo.com
clear-politics.com
clip-n-save.net
codec-networks.com
comprare-cialis.net
comprare-propecia.com
comprare-viagra.net
cyberwatches.com
deluxeprotector.com
direct-conv.com
drugs-search.info
economybloggerscom.com
exclamation-dollar-dollar-gambling.com
extremedesignuk.com
farmacia-levitra.com
farmacia-viagra.com
getdwnld.com
glamourdomina.com
google-stats.com
helpfulpills.com
herbal-health-store.com
herbaltab.com
jornaloeco.com
kilometrplenkiru.com
lookforfriend.net
lose-control.com
lucidmind.biz
medichobot.com
medicmyths.com
moretraffcom.com
movieaboutblogcom.com
mp3-hunter.com
mp3-now.net
mskphoto.com
musicmoviesnbooks.com
mythahost.com
mywhoisinfo.com
onlinefilms.name
oxdiet.com
pillsintop.com
pillsintop.net
pornneo.com
ppcroitrack.com
propecia-generico.com
puckettphoto.com
rediropencom.com
resistant-domains.com
rulerdomains.net
servicenetworktoolcom.com
sexlool.com
sfdjmljfep.com
shopping-pharma.com
sigurd-media-api.com
siskimoney.com
sitzkeybm.org
softdnss.com
softnewsblogcom.com
ssc-club.com
superdriverblogcom.com
takecarepleasecom.com
test-biz.com
testdomainforapi.com
testdomains.net
thehealthisgoldcom.com
tobeschumachercom.com
toolswebstoragecom.com
trackppcroi.com
viagra-generico.net
villas-cyprus-larnaca.com
vip-meds.info
warenetwork.com
webcontentdistributioncom.com
white-test.com
xclublove.ru
xdosug.net

payloads:

/file.exe
VirusTotal: Trojan TDSS (Alureon)20/40 (50.00%)
ThreatExpert
Quote
trafficstatic.com/banner/crcmds/main
trafficstatic.net/banner/crcmds/main

/codec.exe
VirusTotal: Trojan 33/40 (82.50%)

/pcdef.exe
VirusTotal: Rogue Fake AV 14/40 (35.00%)

/codec/197.exe (codec2.exe)
VirusTotal: Rogue Fake AV 24/40 (60.00%)

control panel:
Code: [Select]
brain-cash.com

June 07, 2009, 05:30:37 pm
Reply #1

pnuemo

  • Jr. Member

  • Offline
  • **

  • 11

June 11, 2009, 08:11:37 am
Reply #2

Malware-Web-Threats

  • Special Members
  • Hero Member

  • Offline
  • *

  • 354
    • MalwareURL
Code: [Select]
hxxp://ruler-domains.net/file.exe
hxxp://ruler-domains.net/codec.exe
hxxp://ruler-domains.net/pcdef.exe
hxxp://ruler-domains.net/codec/197.exe