« previous next »
Pages: [1]   Go Down

Author Topic: google-analitics[dot]net directs to Phoenix exploit kit  (Read 6517 times)

0 Members and 1 Guest are viewing this topic.

March 04, 2010, 07:08:56 pm
Read 6517 times

SysAdMini

  • Administrator
  • Hero Member
  • Offline
  • *****
  • 3335
google-analitics[dot]net directs to Phoenix exploit kit
ISC SANS reported this story today.

http://isc.sans.org/diary.html?storyid=8350

There is a number of ad servers which contain an iframe to
Code: [Select]
google-analitics.net/ga.js?counter=SOME_NUMBERS
google-analitics[dot]net directs to a Phoenix exploit kit.
Code: [Select]
http://www.malwaredomainlist.com/mdl.php?search=zxfr.salefale.com&colsearch=All&quantity=50&inactive=on
A second instance of the exploit kit can be found there:
Code: [Select]
http://www.malwaredomainlist.com/mdl.php?search=test2.salefale.com&colsearch=All&quantity=50&inactive=on
Payload of Phoenix kit is Zeus.
http://www.virustotal.com/analisis/4716986830084d9e150c235a99c87e03f482d34d28d9eeb006671232299de683-1267721100
http://camas.comodo.com/cgi-bin/submit?file=4716986830084d9e150c235a99c87e03f482d34d28d9eeb006671232299de683

ad urls directing to google-analitics[dot]net.
Code: [Select]
adserver.mmoga.de/www/delivery/ajs.php
www.mail-merge-toolkit.de/open/www/delivery/ajs.php
bigbucks.uniturm.de/www/delivery/ajs.php
adultadrevenue.com/www/delivery/ajs.php
adserve.gossipcenter.com/www/delivery/ajs.php
adserver.yopi.de/www/delivery/ajs.php
adserver.onemediagroup.de/www/delivery/ajs.php
Logged
Ruining the bad guy's day
Pages: [1]   Go Up
« previous next »