Malware Domain List

Malware Related => Malicious Domains => Topic started by: XzifT on April 14, 2008, 04:30:34 pm

Title: Updatemysettings.net
Post by: XzifT on April 14, 2008, 04:30:34 pm
GET /exes/owebyo/7701.exe HTTP/1.1
Host: updatemysettings.net

HTTP/1.1 200 OK
Date: Mon, 07 Apr 2008 16:35:18 GMT
Server: Apache
Last-Modified: Mon, 07 Apr 2008 02:33:58 GMT
ETag: "3005c4-18e00-44a3f4cc1b180"
Accept-Ranges: bytes
Content-Length: 101888
Connection: close
Content-Type: application/octet-stream
X-Pad: avoid browser bug

Being pushed through a downloader on facebook.  Just a simple web-based bot, probably fairly large by now though
Title: Re: Updatemysettings.net
Post by: JohnC on April 14, 2008, 05:46:46 pm
Thank you.
Title: Re: Updatemysettings.net
Post by: XzifT on April 15, 2008, 02:45:21 pm
Another update:

Here's the url to the original downloader:

GET /gallery.php?id=uZdm&auth=zgromadzenie&cyua=shalonda HTTP/1.1
Host: www.google.com.id.patriotyzmempejsy.dynda.72195e6.info
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X; en-US; rv:1.8.1.13) Gecko/20080311 Firefox/2.0.0.13 ...lol
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive

HTTP/1.1 200 OK

Date: Tue, 15 Apr 2008 14:09:49 GMT
Server: Apache
Pragma: public
Expires: 0
Cache-Control: public
Content-Description: File Transfer
Content-Disposition: attachment; filename="picture_dl.exe"
Content-Transfer-Encoding: binary
Content-Length: 11264
Connection: close
Content-Type: application/force-download
Title: Re: Updatemysettings.net
Post by: JohnC on April 15, 2008, 06:16:41 pm
Thank you.