Author Topic: Keeping a focus upon „New“ MW-Sites (?)  (Read 13790 times)

0 Members and 1 Guest are viewing this topic.

April 20, 2012, 02:53:32 pm
Reply #15

GaryDee

  • Sr. Member

  • Offline
  • ****

  • 248
Code: [Select]
http://www.safeguardcommunities.com/
http://www.safeguardcommunities.com/wp-admin/maint/dynamicload.php

HEUR:Trojan.Script.Iframer



April 20, 2012, 06:46:47 pm
Reply #17

GaryDee

  • Sr. Member

  • Offline
  • ****

  • 248

April 23, 2012, 06:11:03 am
Reply #18

GaryDee

  • Sr. Member

  • Offline
  • ****

  • 248
Code: [Select]
http://www.bloam.info
goes to

Code: [Select]
http://www.tdisk.co.kr
4 suspicious inline scripts found

http://www.UnmaskParasites.com/security-report/?page=www.tdisk.co.kr/main/main_html.php

1 Link to
Code: [Select]
http://app.gomtv.com/gom/GOMPLAYERSETUP.EXE
W32/RLPacked.A.gen!Eldorado

https://www.virustotal.com/file/b299e0406232623240e90da0430040cc2885a1e785ca6c758e98955779029714/analysis/1335159425/
http://128.111.48.236/view.php?hash=d98b1931283319b75fa7b34d4ff4da53&t=1335159088&type=js

1 Link to:
Code: [Select]
http://app.gomtv.com/gomaudio/GOMAUDIOSETUP.EXE
AdWare.AdSpy!IK

https://www.virustotal.com/file/b42663b568c8a30b8f00a5a7b16472de3c3089b578dfefd0d366aac26a1035e6/analysis/1335160273/
http://128.111.48.236/view.php?hash=94893b835ed730b9f367c7b2545dcb1d&t=1335160249&type=js

So, for a Site that links to Malware there is no room to assume good faith. Following two .exe-files stay Suspicious Malware, even though some voted them as GOODWARE:

Code: [Select]
http://www.tdisk.co.kr/main/downtool/download.php?filename=DTLite4451-0236.exe
https://www.virustotal.com/url/472ba38c7b15bb3cb3aa359123bca2d27de304a8c5ee838f17ab101cfee20970/analysis/1335158977/
https://www.virustotal.com/file/5f6e43609a99024ba49d8da0239b7cb6859ce34d5e46dfbe23298993c2ed5485/analysis/1335159007/
http://128.111.48.236/view.php?hash=bfcf3fed4695fcc1c0aebb060a6c79b5&t=1335158664&type=js

Code: [Select]
http://www.tdisk.co.kr/main/downtool/download.php?filename=ALZip851.exe
https://www.virustotal.com/url/9d6711484dcdff12950162aa6abecc8b5bfcaca390b84cd38f3abfead8e5b604/analysis/1335159051/
https://www.virustotal.com/file/869aeb141517be9c393cbee5cee1d7d912076f8f7a8aa624eba1d63ae1f27085/analysis/1335159083/
http://128.111.48.236/view.php?hash=7bb719e990b76896b2fbaad6bd5053c8&t=1335158540&type=js

See also:

Code: [Select]
http://www.tdisk.co.kr/mmsv/Tdisk_setup.exe
https://www.virustotal.com/url/8fbb04d7a6c72430e256d8b6131a57f919cdbca7341dfbe39228332e6915a433/analysis/1335161986/
http://128.111.48.236/view.php?hash=ea30b5c8fc86d6b95414d4415726768b&t=1335161945&type=js

April 23, 2012, 07:16:42 am
Reply #19

GaryDee

  • Sr. Member

  • Offline
  • ****

  • 248
The wholen same procedure for the 2 following sites, as one above:

Code: [Select]
http://haziyo.com/
goes to

Code: [Select]
http://www.fileham.com/main/main_html.php
There are 18 suspicious inline scripts.

http://www.UnmaskParasites.com/security-report/?page=www.fileham.com/main/main_html.php

April 24, 2012, 10:18:25 am
Reply #20

GaryDee

  • Sr. Member

  • Offline
  • ****

  • 248
Links to:
Code: [Select]
http://www.qqjs2.55.la
http://www.count5.51yes.com

http://128.111.48.236/domain.php?hash=bbeea19f9caacef9482ed7bd9512ab57&type=js

Hidden Links:
http://www.UnmaskParasites.com/security-report/?page=www.cctvseo.com

Additional (potential) malware:
Code: [Select]
http://www.cctvseo.com/uploads/userup/0909/05163923K09.jpg|http://www.cctvseo.co m/uploads/userup/0909/021442019192.jpg|/uploads/userup/0908/31002T25561_lit.jpg& bcastr_link=/shop-extend/200909/13-460.html|/SEO-news/200909/08-455.html|/anli/2 00909/05-453.html|/SEO-news/200909/02-452.html|/SEO-news/200908/31-446.html&bcas tr_title=1???????????? ??|???????????????|????????????|???????????????|?? ????? ???????
http://128.111.48.236/view.php?hash=bbeea19f9caacef9482ed7bd9512ab57&t=1335262373&type=js



April 29, 2012, 12:36:12 am
Reply #23

EP_X0FF

  • Guest

May 05, 2012, 01:12:19 pm
Reply #24

GaryDee

  • Sr. Member

  • Offline
  • ****

  • 248
Code: [Select]
http://www.darkhe.com/reading/artoflove.exe
TR/Agent.uzg
Artemis!D53E69B41DB3
Trojan/Agent.weu


https://www.virustotal.com/url/648615cbd93585ac79cfee5dc666d0297693ac9a78ecb068e9e3808584ad3156/analysis/1336221300/
https://www.virustotal.com/file/10105f3add961ac749c21be9f5a9f8289fa8b57885ccf67cc903d75ed08e2e92/analysis/1336221302/
http://wepawet.iseclab.org/view.php?hash=95badf399acaab5bd8e8eba3ba9362d6&t=1336221320&type=js
http://anubis.iseclab.org/?action=result&task_id=12b9c49288dd63c0459d29e2a5d1e4174

Code: [Select]
http://www.darkhe.com/reading/fortune60.exe
W32/Agent.KS.gen!Eldorado
Trojan.Spy-63580
Riskware


https://www.virustotal.com/url/507e5dda7cb2d56e253ad83d5484af2e4adae1b5cc021f77b136d82f9b26957e/analysis/1336222072/
https://www.virustotal.com/file/249d85e557250de2d938f81c50af35627e97a272900c531bf75e7cff940a5e68/analysis/1336222073/
http://wepawet.iseclab.org/view.php?hash=1e67cb47adfbd6b410363c0ae6703e5f&t=1336222044&type=js
http://anubis.iseclab.org/?action=result&task_id=148c958e713f433a46142eac32b16d1b1

Code: [Select]
http://www.darkhe.com/reading/Iwanttotellyouaboutmyfeelings.exe
W32/Agent.KS.gen!Eldorado
Trojan.Spy-63580
Riskware


https://www.virustotal.com/url/7652b36b5e8328e1acc2eee5ab5482e5c66bb28e9523330226e28991a68e1ca0/analysis/1336222393/
https://www.virustotal.com/file/0dd4c23d655c3eee74dced8b0d76a8db69987f2ad2515e5dcde8ed79bbcb1deb/analysis/1336222395/
http://wepawet.iseclab.org/view.php?hash=8fe8f61f50bd73dc2795eefeedcf2454&t=1336222310&type=js
http://anubis.iseclab.org/?action=result&task_id=155c8fb6d3c0b95c499a843eb5f5315ae

Code: [Select]
http://www.darkhe.com/reading/love100.exe
W32/Agent.KS.gen!Eldorado
Trojan.Spy-63580
Riskware


https://www.virustotal.com/url/8e35c6b6414bda598e7b62773e56eff5592b0fae876c17a5c7f4484379026159/analysis/1336223057/
https://www.virustotal.com/file/03e502877e3da82cd3fb963e8178aae5a0eabc7400f0dace2b8e1e3fe8c316ea/analysis/1336223058/
http://wepawet.iseclab.org/view.php?hash=f66f532d484134667fca4132f05f10a2&t=1336223037&type=js
http://anubis.iseclab.org/?action=result&task_id=1d6a378b3ec34e0b46d3eb06e80803225

May 19, 2012, 10:05:42 pm
Reply #25

GaryDee

  • Sr. Member

  • Offline
  • ****

  • 248
Code: [Select]
http://www.alcodasoftware.com/dl/exactwrd.exe

http://www.alcodasoftware.com/dl/editext.exe

http://www.alcodasoftware.com/dl/spmagic.exe

http://www.alcodasoftware.com/dl/wdspring.exe

http://www.alcodasoftware.com/dl/wrsource.exe

Malicious Links


--------------------------------------------------------------------

Code: [Select]
http://2m-games.ab-archive.net/downloadnow.html?id=10881
Advertising Tool/not-a-virus

Code: [Select]
http://altix-soft.ab-archive.net/downloadnow.html?id=15224
RISKY

Code: [Select]
http://zonora-technologies.ab-archive.net/downloadnow.html?id=7720
http://southern-ocean-software.ab-archive.net/downloadnow.html?id=6331
http://www.uk-software.com/fullsoftware/spkclock.exe
http://southern-ocean-software.ab-archive.net/downloadnow.html?id=6331
http://www.southernoceansoftware.com/text2html/enovels/timeforgot.exe

SUSPICIOUS

Code: [Select]
http://clarkscript.ab-archive.net/downloadnow.html?id=12660