Author Topic: AS49093  (Read 11541 times)

0 Members and 1 Guest are viewing this topic.

September 05, 2009, 02:39:48 pm
Read 11541 times

Malware-Web-Threats

  • Special Members
  • Hero Member

  • Offline
  • *

  • 354
    • MalwareURL
IP for exploits

work with

/s/in.cgi?3&ab_iframe=0&ab_badtraffic=0&ab_trash=1&antibot_hash=bot

Code: [Select]
bfivuzop.cn
cazkafuq.cn
cqodezuz.cn
dhoqoyal.cn
jagbibiv.cn
kgapofef.cn
khumemit.cn
nfovidab.cn
qtorifik.cn
qmesanic.cn
rjilegiv.cn
sjimilah.cn
ssesodoq.cn
vkodewol.cn
wjaxoxeh.cn
zekxowiv.cn
zyejanag.cn

Trojan Tedroo (Spammer)
Code: [Select]
bzefowum.cn/de/
bzefowum.cn/de/evenLooksBelief.pdf
bzefowum.cn/de/oldEven.swf
bzefowum.cn/de/update.php
bzefowum.cn/de/update.exe
bzefowum.cn/de/admin.php (liberty control panel)

Wepawet
ThreatExpert

VirusTotal: 10/41 (24.39%)

September 05, 2009, 08:16:23 pm
Reply #1

SysAdMini

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 3335
This network is really interesting and we should keep an eye on it.
We have seen exploit kits like Fragus, Liberty and LuckySploit at this net in the last weeks.

http://www.malwaredomainlist.com/mdl.php?inactive=on&sort=Date&search=49093&colsearch=ASN&ascordesc=DESC&quantity=All&page=0

The registrant Steven Lucas and the fact, that this company is located in St.Petersburg,
makes it even more interesting.

Let's open a dedicated board for urls from this AS.
Ruining the bad guy's day

September 05, 2009, 08:20:37 pm
Reply #2

CkreM

  • Special Access
  • Hero Member

  • Offline
  • *

  • 567
maybe add a new child board for it?
Mal-Aware

September 05, 2009, 08:47:29 pm
Reply #3

CkreM

  • Special Access
  • Hero Member

  • Offline
  • *

  • 567
there are many domains on the IP range with a default blog page(wordpress) in russian
Mal-Aware

September 05, 2009, 09:02:38 pm
Reply #4

cleanmx

  • Special Members
  • Hero Member

  • Offline
  • *

  • 3405
    • Spam-Filter Anti-Spam Virenschutz - CLEAN MX Managed Anti-Spam Service ist die Lösung für Ihr Spam-Problem