Author Topic: honypot/trap of blackhats ?  (Read 3018 times)

0 Members and 1 Guest are viewing this topic.

July 06, 2011, 08:30:09 pm
Read 3018 times

cleanmx

  • Special Members
  • Hero Member

  • Offline
  • *

  • 3405
    • Spam-Filter Anti-Spam Virenschutz - CLEAN MX Managed Anti-Spam Service ist die Lösung für Ihr Spam-Problem
I encounter many urls made with nonsense (but existing domain...) and a numerical part like this one.

Code: [Select]
http://wucucudizo.com/1006000112
response is only "ok"

example on threatexpert:
http://www.threatexpert.com/report.aspx?md5=3827b463edf321d3e673e90aea0a5a11

-- gerhard

July 10, 2011, 10:20:38 pm
Reply #1

SysAdMini

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 3335
Is is typical for some fake av (trojan FakeRean). I don't know the purpose of this url,
but this malware requests this style of urls. I suspect that the malware reports a successful installation.
Ruining the bad guy's day