Malware Domain List

Malware Related => Malicious Domains => Topic started by: sowhat-x on July 02, 2008, 11:10:48 am

Title: Few unsorted - Part 3
Post by: sowhat-x on July 02, 2008, 11:10:48 am
...moving on to "Part 3",and it is meant "to be continued"...  ;D

Quote
hxxp://121.10.108.242/max1.exe
hxxp://121.10.108.242/max10.exe
hxxp://121.10.108.242/max11.exe
hxxp://121.10.108.242/max12.exe
hxxp://121.10.108.242/max13.exe
hxxp://121.10.108.242/max14.exe
hxxp://121.10.108.242/max15.exe
hxxp://121.10.108.242/max16.exe
hxxp://121.10.108.242/max17.exe
hxxp://121.10.108.242/max18.exe
hxxp://121.10.108.242/max2.exe
hxxp://121.10.108.242/max20.exe
hxxp://121.10.108.242/max21.exe
hxxp://121.10.108.242/max28.exe
hxxp://121.10.108.242/max3.exe
hxxp://121.10.108.242/max30.exe
hxxp://121.10.108.242/max5.exe
hxxp://121.10.108.242/max6.exe
hxxp://121.10.108.242/max7.exe
hxxp://121.10.108.242/max8.exe
hxxp://121.10.108.242/max9.exe
hxxp://8nnnnn99.cn/9/ck.exe
hxxp://aba.twoserv.cn/upx1.exe
hxxp://aba.twoserv.cn/upx2.exe
hxxp://aba.twoserv.cn/upx3.exe
hxxp://aba.twoserv.cn/upx4.exe
hxxp://aba.twoserv.cn/upx5.exe
hxxp://aba.twoserv.cn/upx6.exe
hxxp://aca.twoserv.cn/upx14.exe
hxxp://ata1.sysions.net/soft1.exe
hxxp://ata1.sysions.net/soft2.exe
hxxp://ata1.sysions.net/soft3.exe
hxxp://ata1.sysions.net/soft4.exe
hxxp://ata1.sysions.net/soft5.exe
hxxp://ata1.sysions.net/soft6.exe
hxxp://ata1.sysions.net/soft7.exe
hxxp://ata2.sysions.net/soft10.exe
hxxp://ata2.sysions.net/soft11.exe
hxxp://ata2.sysions.net/soft12.exe
hxxp://ata2.sysions.net/soft13.exe
hxxp://ata2.sysions.net/soft14.exe
hxxp://ata2.sysions.net/soft8.exe
hxxp://ata2.sysions.net/soft9.exe
hxxp://ata3.sysions.net/soft15.exe
hxxp://ata3.sysions.net/soft16.exe
hxxp://ata3.sysions.net/soft17.exe
hxxp://ata3.sysions.net/soft18.exe
hxxp://ata3.sysions.net/soft19.exe
hxxp://ata3.sysions.net/soft20.exe
hxxp://ata3.sysions.net/soft21.exe
hxxp://ata3.sysions.net/soft22.exe
hxxp://ata4.sysions.net/soft23.exe
hxxp://ata4.sysions.net/soft24.exe
hxxp://ata4.sysions.net/soft25.exe
hxxp://ata4.sysions.net/soft26.exe
hxxp://ata4.sysions.net/soft27.exe
hxxp://ata4.sysions.net/soft28.exe
hxxp://ata4.sysions.net/soft29.exe
hxxp://ata4.sysions.net/soft30.exe
hxxp://ata4.sysions.net/soft31.exe
hxxp://ata4.sysions.net/soft32.exe
hxxp://ava.twoserv.cn/upx22.exe
hxxp://ava.twoserv.cn/upx23.exe
hxxp://ava.twoserv.cn/upx24.exe
hxxp://ava.twoserv.cn/upx25.exe
hxxp://ava.twoserv.cn/upx26.exe
hxxp://ava.twoserv.cn/upx27.exe
hxxp://axa.twoserv.cn/upx10.exe
hxxp://axa.twoserv.cn/upx11.exe
hxxp://axa.twoserv.cn/upx12.exe
hxxp://axa.twoserv.cn/upx13.exe
hxxp://axa.twoserv.cn/upx7.exe
hxxp://axa.twoserv.cn/upx8.exe
hxxp://axa.twoserv.cn/upx9.exe
hxxp://aza.twoserv.cn/upx14.exe
hxxp://aza.twoserv.cn/upx15.exe
hxxp://aza.twoserv.cn/upx16.exe
hxxp://aza.twoserv.cn/upx17.exe
hxxp://aza.twoserv.cn/upx18.exe
hxxp://aza.twoserv.cn/upx19.exe
hxxp://aza.twoserv.cn/upx20.exe
hxxp://aza.twoserv.cn/upx21.exe
hxxp://bczouhao.cn/hb/1.exe
hxxp://bczouhao.cn/hb/10.exe
hxxp://bczouhao.cn/hb/11.exe
hxxp://bczouhao.cn/hb/12.exe
hxxp://bczouhao.cn/hb/14.exe
hxxp://bczouhao.cn/hb/15.exe
hxxp://bczouhao.cn/hb/17.exe
hxxp://bczouhao.cn/hb/18.exe
hxxp://bczouhao.cn/hb/2.exe
hxxp://bczouhao.cn/hb/23.exe
hxxp://bczouhao.cn/hb/25.exe
hxxp://bczouhao.cn/hb/29.exe
hxxp://bczouhao.cn/hb/3.exe
hxxp://bczouhao.cn/hb/4.exe
hxxp://bczouhao.cn/hb/6.exe
hxxp://bczouhao.cn/hb/7.exe
hxxp://bczouhao.cn/hb/8.exe
hxxp://bczouhao.cn/hb/9.exe
hxxp://d.la369.com.cn/max1.exe
hxxp://d.la369.com.cn/max10.exe
hxxp://d.la369.com.cn/max11.exe
hxxp://d.la369.com.cn/max12.exe
hxxp://d.la369.com.cn/max13.exe
hxxp://d.la369.com.cn/max14.exe
hxxp://d.la369.com.cn/max15.exe
hxxp://d.la369.com.cn/max16.exe
hxxp://d.la369.com.cn/max17.exe
hxxp://d.la369.com.cn/max18.exe
hxxp://d.la369.com.cn/max19.exe
hxxp://d.la369.com.cn/max2.exe
hxxp://d.la369.com.cn/max21.exe
hxxp://d.la369.com.cn/max22.exe
hxxp://d.la369.com.cn/max26.exe
hxxp://d.la369.com.cn/max27.exe
hxxp://d.la369.com.cn/max28.exe
hxxp://d.la369.com.cn/max29.exe
hxxp://d.la369.com.cn/max3.exe
hxxp://d.la369.com.cn/max30.exe
hxxp://d.la369.com.cn/max4.exe
hxxp://d.la369.com.cn/max5.exe
hxxp://d.la369.com.cn/max6.exe
hxxp://d.la369.com.cn/max7.exe
hxxp://d.la369.com.cn/max8.exe
hxxp://d.la369.com.cn/max9.exe
hxxp://d.lv66.com.cn/max1.exe
hxxp://d.lv66.com.cn/max10.exe
hxxp://d.lv66.com.cn/max11.exe
hxxp://d.lv66.com.cn/max12.exe
hxxp://d.lv66.com.cn/max13.exe
hxxp://d.lv66.com.cn/max14.exe
hxxp://d.lv66.com.cn/max15.exe
hxxp://d.lv66.com.cn/max16.exe
hxxp://d.lv66.com.cn/max17.exe
hxxp://d.lv66.com.cn/max18.exe
hxxp://d.lv66.com.cn/max19.exe
hxxp://d.lv66.com.cn/max2.exe
hxxp://d.lv66.com.cn/max20.exe
hxxp://d.lv66.com.cn/max21.exe
hxxp://d.lv66.com.cn/max22.exe
hxxp://d.lv66.com.cn/max26.exe
hxxp://d.lv66.com.cn/max27.exe
hxxp://d.lv66.com.cn/max28.exe
hxxp://d.lv66.com.cn/max29.exe
hxxp://d.lv66.com.cn/max3.exe
hxxp://d.lv66.com.cn/max30.exe
hxxp://d.lv66.com.cn/max4.exe
hxxp://d.lv66.com.cn/max5.exe
hxxp://d.lv66.com.cn/max6.exe
hxxp://d.lv66.com.cn/max7.exe
hxxp://d.lv66.com.cn/max8.exe
hxxp://d.lv66.com.cn/max9.exe
hxxp://d.yuku369.cn/max1.exe
hxxp://d.yuku369.cn/max10.exe
hxxp://d.yuku369.cn/max11.exe
hxxp://d.yuku369.cn/max12.exe
hxxp://d.yuku369.cn/max13.exe
hxxp://d.yuku369.cn/max14.exe
hxxp://d.yuku369.cn/max15.exe
hxxp://d.yuku369.cn/max16.exe
hxxp://d.yuku369.cn/max2.exe
hxxp://d.yuku369.cn/max3.exe
hxxp://d.yuku369.cn/max4.exe
hxxp://d.yuku369.cn/max5.exe
hxxp://d.yuku369.cn/max6.exe
hxxp://d.yuku369.cn/max7.exe
hxxp://d.yuku369.cn/max8.exe
hxxp://d.yuku369.cn/max9.exe
hxxp://dm.xcvgj.org.cn/gd.exe
hxxp://down.fafa52.cn/down/ko.exe
hxxp://facaizhifuok.cn/root/svcos.exe
hxxp://fv.fvskl.com.cn/ad.exe
hxxp://hounian.tj.cn/dir/index_pic/mm/hosts.exe
hxxp://hounian.tj.cn/dir/index_pic/mm/wow.exe
hxxp://jan1.fdsjan.cn/max1.exe
hxxp://jan1.fdsjan.cn/max10.exe
hxxp://jan1.fdsjan.cn/max11.exe
hxxp://jan1.fdsjan.cn/max12.exe
hxxp://jan1.fdsjan.cn/max13.exe
hxxp://jan1.fdsjan.cn/max14.exe
hxxp://jan1.fdsjan.cn/max15.exe
hxxp://jan1.fdsjan.cn/max16.exe
hxxp://jan1.fdsjan.cn/max17.exe
hxxp://jan1.fdsjan.cn/max19.exe
hxxp://jan1.fdsjan.cn/max2.exe
hxxp://jan1.fdsjan.cn/max21.exe
hxxp://jan1.fdsjan.cn/max22.exe
hxxp://jan1.fdsjan.cn/max26.exe
hxxp://jan1.fdsjan.cn/max27.exe
hxxp://jan1.fdsjan.cn/max29.exe
hxxp://jan1.fdsjan.cn/max3.exe
hxxp://jan1.fdsjan.cn/max30.exe
hxxp://jan1.fdsjan.cn/max4.exe
hxxp://jan1.fdsjan.cn/max5.exe
hxxp://jan1.fdsjan.cn/max6.exe
hxxp://jan1.fdsjan.cn/max7.exe
hxxp://jan1.fdsjan.cn/max8.exe
hxxp://jan1.fdsjan.cn/max9.exe
hxxp://jnshanghai.cn/hb/1.exe
hxxp://jnshanghai.cn/hb/10.exe
hxxp://jnshanghai.cn/hb/11.exe
hxxp://jnshanghai.cn/hb/12.exe
hxxp://jnshanghai.cn/hb/14.exe
hxxp://jnshanghai.cn/hb/15.exe
hxxp://jnshanghai.cn/hb/17.exe
hxxp://jnshanghai.cn/hb/18.exe
hxxp://jnshanghai.cn/hb/2.exe
hxxp://jnshanghai.cn/hb/23.exe
hxxp://jnshanghai.cn/hb/25.exe
hxxp://jnshanghai.cn/hb/29.exe
hxxp://jnshanghai.cn/hb/3.exe
hxxp://jnshanghai.cn/hb/4.exe
hxxp://jnshanghai.cn/hb/6.exe
hxxp://jnshanghai.cn/hb/7.exe
hxxp://jnshanghai.cn/hb/8.exe
hxxp://jnshanghai.cn/hb/9.exe
hxxp://mmlan.com.cn/mm.exe
hxxp://png1.gacxz.net/soft1.exe
hxxp://png1.gacxz.net/soft2.exe
hxxp://png1.gacxz.net/soft3.exe
hxxp://png1.gacxz.net/soft5.exe
hxxp://png1.gacxz.net/soft6.exe
hxxp://png1.gacxz.net/soft7.exe
hxxp://png2.gacxz.net/soft10.exe
hxxp://png2.gacxz.net/soft11.exe
hxxp://png2.gacxz.net/soft12.exe
hxxp://png2.gacxz.net/soft13.exe
hxxp://png2.gacxz.net/soft14.exe
hxxp://png2.gacxz.net/soft8.exe
hxxp://png2.gacxz.net/soft9.exe
hxxp://png3.gacxz.net/soft15.exe
hxxp://png3.gacxz.net/soft16.exe
hxxp://png3.gacxz.net/soft17.exe
hxxp://png3.gacxz.net/soft18.exe
hxxp://png3.gacxz.net/soft19.exe
hxxp://png3.gacxz.net/soft20.exe
hxxp://png3.gacxz.net/soft21.exe
hxxp://png3.gacxz.net/soft22.exe
hxxp://png4.gacxz.net/soft23.exe
hxxp://png4.gacxz.net/soft25.exe
hxxp://png4.gacxz.net/soft26.exe
hxxp://png4.gacxz.net/soft27.exe
hxxp://png4.gacxz.net/soft28.exe
hxxp://png4.gacxz.net/soft29.exe
hxxp://png4.gacxz.net/soft30.exe
hxxp://png4.gacxz.net/soft31.exe
hxxp://png4.gacxz.net/soft32.exe
hxxp://snbjoy.cn/hb/1.exe
hxxp://snbjoy.cn/hb/10.exe
hxxp://snbjoy.cn/hb/11.exe
hxxp://snbjoy.cn/hb/12.exe
hxxp://snbjoy.cn/hb/13.exe
hxxp://snbjoy.cn/hb/14.exe
hxxp://snbjoy.cn/hb/15.exe
hxxp://snbjoy.cn/hb/16.exe
hxxp://snbjoy.cn/hb/17.exe
hxxp://snbjoy.cn/hb/18.exe
hxxp://snbjoy.cn/hb/19.exe
hxxp://snbjoy.cn/hb/2.exe
hxxp://snbjoy.cn/hb/22.exe
hxxp://snbjoy.cn/hb/23.exe
hxxp://snbjoy.cn/hb/24.exe
hxxp://snbjoy.cn/hb/25.exe
hxxp://snbjoy.cn/hb/26.exe
hxxp://snbjoy.cn/hb/29.exe
hxxp://snbjoy.cn/hb/3.exe
hxxp://snbjoy.cn/hb/4.exe
hxxp://snbjoy.cn/hb/5.exe
hxxp://snbjoy.cn/hb/6.exe
hxxp://snbjoy.cn/hb/7.exe
hxxp://snbjoy.cn/hb/8.exe
hxxp://snbjoy.cn/hb/9.exe
hxxp://user1.18-22.net/a14.exe
hxxp://w.117b.cn/net/are.exe
hxxp://windows.loveyoushipin.com/win.exe
hxxp://www.118bi.cn/net/are.exe
hxxp://www.1ive.net/i.exe
hxxp://www.fdsjan.cn/max1.exe
hxxp://www.fdsjan.cn/max10.exe
hxxp://www.fdsjan.cn/max11.exe
hxxp://www.fdsjan.cn/max12.exe
hxxp://www.fdsjan.cn/max13.exe
hxxp://www.fdsjan.cn/max14.exe
hxxp://www.fdsjan.cn/max15.exe
hxxp://www.fdsjan.cn/max16.exe
hxxp://www.fdsjan.cn/max17.exe
hxxp://www.fdsjan.cn/max18.exe
hxxp://www.fdsjan.cn/max2.exe
hxxp://www.fdsjan.cn/max20.exe
hxxp://www.fdsjan.cn/max21.exe
hxxp://www.fdsjan.cn/max28.exe
hxxp://www.fdsjan.cn/max3.exe
hxxp://www.fdsjan.cn/max30.exe
hxxp://www.fdsjan.cn/max5.exe
hxxp://www.fdsjan.cn/max6.exe
hxxp://www.fdsjan.cn/max7.exe
hxxp://www.fdsjan.cn/max8.exe
hxxp://www.fdsjan.cn/max9.exe
hxxp://www.gamerost.com/authz.exe
hxxp://www.jplineage.com/1.exe
hxxp://www.mmboi.cn/net/are.exe
hxxp://www.tlcn.net/cert/fuckkr.exe
hxxp://www.xlsf013.cn/server.exe
hxxp://www.xlsf013.cn/zr/sct.exe
hxxp://zouhaobc.cn/hb/10.exe
hxxp://zouhaobc.cn/hb/11.exe
hxxp://zouhaobc.cn/hb/12.exe
hxxp://zouhaobc.cn/hb/14.exe
hxxp://zouhaobc.cn/hb/15.exe
hxxp://zouhaobc.cn/hb/17.exe
hxxp://zouhaobc.cn/hb/18.exe
hxxp://zouhaobc.cn/hb/2.exe
hxxp://zouhaobc.cn/hb/23.exe
hxxp://zouhaobc.cn/hb/25.exe
hxxp://zouhaobc.cn/hb/29.exe
hxxp://zouhaobc.cn/hb/3.exe
hxxp://zouhaobc.cn/hb/4.exe
hxxp://zouhaobc.cn/hb/6.exe
hxxp://zouhaobc.cn/hb/7.exe
hxxp://zouhaobc.cn/hb/8.exe
hxxp://zouhaobc.cn/hb/9.exe
hxxp://www.xlsf013.cn/server.exe
Title: Re: Few unsorted - Part 4
Post by: sowhat-x on July 02, 2008, 11:25:25 am
Quote
hxxp://17178bbs.cn/flash/f115.swf
hxxp://17178bbs.cn/flash/f16.swf
hxxp://17178bbs.cn/flash/f28.swf
hxxp://17178bbs.cn/flash/f45.swf
hxxp://17178bbs.cn/flash/f47.swf
hxxp://adlaji.cn/115.swf
hxxp://adlaji.cn/16.swf
hxxp://adlaji.cn/28.swf
hxxp://adlaji.cn/45.swf
hxxp://adlaji.cn/47.swf
hxxp://adlaji.cn/64.swf
hxxp://adsiter.cn/115.swf
hxxp://adsiter.cn/16.swf
hxxp://adsiter.cn/28.swf
hxxp://adsiter.cn/45.swf
hxxp://adsiter.cn/47.swf
hxxp://adsiter.cn/64.swf
hxxp://bjjiayou.cn/flash/f115.swf
hxxp://bjjiayou.cn/flash/f16.swf
hxxp://bjjiayou.cn/flash/f28.swf
hxxp://bjjiayou.cn/flash/f45.swf
hxxp://bjjiayou.cn/flash/f47.swf
hxxp://cnzuma.cn/115.swf
hxxp://cnzuma.cn/16.swf
hxxp://cnzuma.cn/28.swf
hxxp://cnzuma.cn/45.swf
hxxp://cnzuma.cn/47.swf
hxxp://cnzuma.cn/64.swf
hxxp://foursn.cn/115.swf
hxxp://jnzuguo.cn/bbs/f16.swf
hxxp://jnzuguo.cn/bbs/f28.swf
hxxp://mmlan.com.cn/versionff.swf
hxxp://mmlan.com.cn/versionie.swf
hxxp://snwenchuan.cn/bbs/f115.swf
hxxp://snwenchuan.cn/bbs/f16.swf
hxxp://snwenchuan.cn/bbs/f28.swf
hxxp://snwenchuan.cn/bbs/f45.swf
hxxp://snwenchuan.cn/bbs/f47.swf
hxxp://w.la66.cn/ff.swf
hxxp://w.la66.cn/ie.swf
hxxp://www.bdsae.org.cn/f16.swf
hxxp://www.bdsae.org.cn/f28.swf
hxxp://www.bdsae.org.cn/f45.swf
hxxp://www.bdsae.org.cn/f47.swf
hxxp://www.gamerost.com/ie.swf
hxxp://www.h-nan.net.cn/f115.swf
hxxp://www.h-nan.net.cn/f28.swf
hxxp://www.h-nan.net.cn/f45.swf
hxxp://www.h-nan.net.cn/f47.swf
hxxp://www.h-nan.net.cn/i115.swf
hxxp://www.h-nan.net.cn/i16.swf
hxxp://www.h-nan.net.cn/i28.swf
hxxp://www.h-nan.net.cn/i45.swf
hxxp://www.h-nan.net.cn/i64.swf
hxxp://www.mvoe.cn/all/xmsl3.swf
hxxp://www.mvoe.cn/all/xmsl4.swf
hxxp://www.psp666.cn/4561.swf
hxxp://www.psp666.cn/4562.swf
hxxp://www.psp777.cn/4561.swf
hxxp://www.psp777.cn/4562.swf
hxxp://xnzuguo.cn/flash/f115.swf
hxxp://xnzuguo.cn/flash/f16.swf
hxxp://xnzuguo.cn/flash/f28.swf
hxxp://xnzuguo.cn/flash/f45.swf
hxxp://xnzuguo.cn/flash/f47.swf

Quote
hxxp://www.118bi.cn/down/10.exe
hxxp://www.118bi.cn/down/11.exe
hxxp://www.118bi.cn/down/12.exe
hxxp://www.118bi.cn/down/13.exe
hxxp://www.118bi.cn/down/14.exe
hxxp://www.118bi.cn/down/15.exe
hxxp://www.118bi.cn/down/16.exe
hxxp://www.118bi.cn/down/17.exe
hxxp://www.118bi.cn/down/18.exe
hxxp://www.118bi.cn/down/19.exe
hxxp://www.118bi.cn/down/21.exe
hxxp://www.118bi.cn/down/22.exe
hxxp://www.118bi.cn/down/23.exe
hxxp://www.118bi.cn/down/24.exe
hxxp://www.118bi.cn/down/25.exe
hxxp://www.118bi.cn/down/26.exe
hxxp://www.118bi.cn/down/28.exe
hxxp://www.118bi.cn/down/29.exe
hxxp://www.118bi.cn/down/30.exe
hxxp://www.118bi.cn/down/32.exe
hxxp://www.118bi.cn/down/33.exe
hxxp://www.118bi.cn/down/34.exe
hxxp://www.118bi.cn/down/35.exe
hxxp://www.118bi.cn/down/36.exe

Some of the above stuff were found via these downloader lists,
check them back again tomorrow or so for newer pointers to malware...
Quote
hxxp://513389.cn/808.txt
hxxp://513389.cn/yy.txt
hxxp://d.la369.com.cn/d.txt
hxxp://w.117b.cn/config.txt
hxxp://www.alanga.net/axi.txt
hxxp://www.infomt.net/dk.txt
hxxp://www.mvoe.cn/config.txt
hxxp://www.xiaobai01.net/update.txt

Quote
hxxp://11d2me91.cn/xi/xx.htm
hxxp://52-o.cn/admin.js
hxxp://565duomayi.cn/9/sf.htm
hxxp://8mxa9uje23.cn/9/ilink.html
hxxp://serhn.cn/news.html
hxxp://ageofconans.net/fsb/ilink.html
hxxp://alimamamm.cn/news.html
hxxp://aoxiaobao.cn/news.html
hxxp://asonlyway.cn/news.html
hxxp://baidutd.cn/news.html
hxxp://chanm.cn/a.js
hxxp://www.dfdf43.cn/65.htm
hxxp://dreamcityer.cn/news.html
hxxp://dvb.bnmfg.com.cn/r11.htm
hxxp://dyyh.com.cn/ktm/k.js
hxxp://www.mabi360.cn/bb2.htm?12
hxxp://hoooworld.cn/news.html
hxxp://idchoster.cn/news.html
hxxp://jaora.cn/news.html
hxxp://jnbeijingoy.cn/flash/index.htm
hxxp://jnqingchuan.cn/flash/index.htm
hxxp://likenice.cn/news.html
hxxp://logingin.cn/news.html
hxxp://mmpp.cqcx321.cn/wf.htm
hxxp://ngrep.cn/news.html
hxxp://nimade360.cn/zz.htm?232
hxxp://niw82221.cn/xi/so.htm
hxxp://nss82l.cn/xi/sz.htm
hxxp://nudsyhk2.cn/xi/xx.htm
hxxp://oo00oo.com.cn/news.html
hxxp://sammitr.co.za/toyota.htm
hxxp://sejaca.cn/news.html
hxxp://sergx.cn/news.html
hxxp://sergz.cn/news.html
hxxp://serhk.cn/news.html
hxxp://sky323.cn/b.htm
hxxp://sooogoooo.cn/news.html
hxxp://www.456ii.cn/all/aa.js
hxxp://www.456ii.cn/all/aa.htm?aa
hxxp://www.baiduoe.cn/bd.cab
hxxp://www.surei.cn/118.htm?google
Title: Re: Few unsorted - Part 4
Post by: sowhat-x on July 02, 2008, 12:18:01 pm
Exploits / pseudo-extensions:

Quote
hxxp://www.1login.com.cn/title.gif
hxxp://www.1login.com.cn/xml.gif
hxxp://www.alinama.org.cn/rss.gif
hxxp://www.alinama.org.cn/title.gif
hxxp://www.alinama.org.cn/xml.gif
hxxp://www.userlg.cn/logo.gif
hxxp://www.userlg.cn/rss.gif
hxxp://www.userlg.cn/title.gif
hxxp://www.userlg.cn/xml.gif
hxxp://zouhaobc.cn/w.jpg
===========================

The above were detected by the AV used here (no name needed...),
so I didn't submit them separately in VirusTotal...
The following 2 samples were missed though,so I got slightly curious about them:

Quote
hxxp://www.xlsf013.cn/Real.gif --> Result: 7/33 (21.22%)
http://www.virustotal.com/analisis/3755439615f3d048383c9b0dd4ccbeb0

Quote
hxxp://www.xlsf013.cn/Real11.gif  --> Result: 10/33 (30.31%)
http://www.virustotal.com/analisis/9ba4f70a1766b3727c9195fb6389c0a9

Have a nice day...  ::)  :-*
Title: Re: Few unsorted - Part 3
Post by: sowhat-x on July 07, 2008, 12:58:10 am
Quote
hxxp://dl07.mir2down.com/06down/10/jsytj3.8.rar
hxxp://down.aishu8.com/wxxs/wocwkxyhdyy1.19.exe
hxxp://update.51edm.net/my_70423.exe
hxxp://update.51edm.net/my_70427.exe
hxxp://update1.searchnine.cn/Toolbar/Boos.dll
hxxp://update1.searchnine.cn/Toolbar/schunin.exe
hxxp://update1.searchnine.cn/Toolbar/scNine.dll
hxxp://update1.searchnine.cn/Toolbar/windates.exe
hxxp://www.happydown.com/soft/ads/pp.js
hxxp://www.softcashier.com/members/link.php?wmid=1019&l=9&it=2&s=3
Title: Re: Few unsorted - Part 3
Post by: JohnC on July 08, 2008, 06:13:25 pm
Thanks.
Title: Re: Few unsorted - Part 3
Post by: sowhat-x on July 11, 2008, 12:23:27 pm
Newer samples,from the downloader lists mentioned earlier...play around with the numbers:

Quote
hxxp://lua.blackhei.cn/vie2.exe
hxxp://lua.blackhei.cn/vie3.exe
hxxp://lua.blackhei.cn/vie4.exe
hxxp://lua.blackhei.cn/vie5.exe
hxxp://lub.blackhei.cn/vie6.exe
hxxp://lub.blackhei.cn/vie7.exe
hxxp://lub.blackhei.cn/vie8.exe
hxxp://lub.blackhei.cn/vie9.exe
hxxp://lub.blackhei.cn/vie10.exe
hxxp://lub.blackhei.cn/vie11.exe
hxxp://lub.blackhei.cn/vie12.exe
hxxp://lub.blackhei.cn/vie13.exe
hxxp://luc.blackhei.cn/vie14.exe
hxxp://luc.blackhei.cn/vie15.exe
hxxp://luc.blackhei.cn/vie16.exe
hxxp://luc.blackhei.cn/vie17.exe
hxxp://luc.blackhei.cn/vie18.exe
hxxp://luc.blackhei.cn/vie19.exe
hxxp://luc.blackhei.cn/vie20.exe
hxxp://lud.blackhei.cn/vie21.exe
hxxp://lud.blackhei.cn/vie22.exe
hxxp://lud.blackhei.cn/vie23.exe
hxxp://lud.blackhei.cn/vie24.exe
hxxp://lud.blackhei.cn/vie25.exe
hxxp://lud.blackhei.cn/vie26.exe
hxxp://lud.blackhei.cn/vie27.exe
hxxp://lud.blackhei.cn/vie28.exe
vie28.exe didn't work for me...moving on:

Quote
hxxp://lva.lvorgucci.net/may1.exe
hxxp://lva.lvorgucci.net/may2.exe
hxxp://lva.lvorgucci.net/may3.exe
hxxp://lva.lvorgucci.net/may4.exe
hxxp://lva.lvorgucci.net/may5.exe
hxxp://lva.lvorgucci.net/may6.exe
hxxp://lva.lvorgucci.net/may7.exe
hxxp://lvb.lvorgucci.net/may8.exe
hxxp://lvb.lvorgucci.net/may9.exe
hxxp://lvb.lvorgucci.net/may10.exe
hxxp://lvb.lvorgucci.net/may11.exe
hxxp://lvb.lvorgucci.net/may12.exe
hxxp://lvb.lvorgucci.net/may13.exe
hxxp://lvb.lvorgucci.net/may14.exe
hxxp://lvc.lvorgucci.net/may15.exe
hxxp://lvc.lvorgucci.net/may16.exe
hxxp://lvc.lvorgucci.net/may17.exe
hxxp://lvc.lvorgucci.net/may18.exe
hxxp://lvc.lvorgucci.net/may19.exe
hxxp://lvc.lvorgucci.net/may20.exe
hxxp://lvc.lvorgucci.net/may21.exe
hxxp://lvc.lvorgucci.net/may22.exe
hxxp://lvd.lvorgucci.net/may23.exe
hxxp://lvd.lvorgucci.net/may24.exe
hxxp://lvd.lvorgucci.net/may25.exe
hxxp://lvd.lvorgucci.net/may26.exe
hxxp://lvd.lvorgucci.net/may27.exe
hxxp://lvd.lvorgucci.net/may28.exe
hxxp://lvd.lvorgucci.net/may29.exe
hxxp://lvd.lvorgucci.net/may30.exe
hxxp://lvd.lvorgucci.net/may31.exe
hxxp://lvd.lvorgucci.net/may32.exe

Quote
hxxp://d.web678.com.cn/max1.exe
Up to...
hxxp://d.web678.com.cn/max31.exe

Quote
hxxp://www.345bi.cn/down/30.exe
Up to...
hxxp://www.345bi.cn/down/39.exe
Title: Re: Few unsorted - Part 3
Post by: sowhat-x on July 11, 2008, 01:20:45 pm
Quote
hxxp://anjinger.cn/sina.exe
hxxp://d.lv66.com.cn/max1.exe
hxxp://d.webdaa.cn/ff.swf
hxxp://d.webdaa.cn/ie.swf
hxxp://dd.danshkk.cn/a.exe
hxxp://down.nihao69.cn/down/ko.exe
hxxp://www.1ive.net/i.exe
hxxp://www.langzidec.cn/0.exe
hxxp://www.langzidec.cn/xxx/200/down8.exe
hxxp://www.mmboi.cn/net/are.exe
hxxp://www.wacacop.net/wiki/sever.exe
hxxp://www.xlsf013.cn/zr/sct.exe
Title: Re: Few unsorted - Part 3
Post by: JohnC on July 11, 2008, 10:35:28 pm
Thank you.
Title: Re: Few unsorted - Part 3
Post by: sowhat-x on July 13, 2008, 02:16:29 pm
Quote
hxxp://121.14.154.194/1.exe
Up to...
hxxp://121.14.154.194/40.exe

Quote
hxxp://facaizhifuok.cn/hb/1.exe
Up to..
hxxp://facaizhifuok.cn/hb/29.exe

Quote
hxxp://ssskuki88.cn/inte/dlld1.exe
Up to...
hxxp://ssskuki88.cn/inte/dlld15.exe

Quote
hxxp://adwim8812.cn/inte/dlld16.exe
Up to...
hxxp://adwim8812.cn/inte/dlld30.exe

Quote
hxxp://cc.ns-ok.com/down/1.exe
Up to...
hxxp://cc.ns-ok.com/down/26.exe

Quote
hxxp://hoo.fan-si-zhe.net/may1.exe
Up to...
hxxp://hor.fan-si-zhe.net/may32.exe

Quote
hxxp://www.j1bc.cn/1.exe
Up to...
hxxp://www.j1bc.cn/23.exe

Quote
hxxp://111.1212l112.net/cao/aa1.exe
hxxp://111.1212l112.net/cao/aa2.exe
hxxp://111.1212l112.net/cao/aa3.exe
hxxp://111.1212l112.net/cao/aa4.exe
hxxp://111.1212l112.net/cao/aa5.exe
hxxp://111.1212l112.net/cao/aa6.exe
hxxp://222.1212l112.net/cao/aa7.exe
hxxp://222.1212l112.net/cao/aa8.exe
hxxp://222.1212l112.net/cao/aa9.exe
hxxp://222.1212l112.net/cao/aa10.exe
hxxp://222.1212l112.net/cao/aa11.exe
hxxp://222.1212l112.net/cao/aa12.exe
hxxp://444.1212l112.net/cao/aa13.exe
hxxp://444.1212l112.net/cao/aa14.exe
hxxp://444.1212l112.net/cao/aa15.exe
hxxp://444.1212l112.net/cao/aa16.exe
hxxp://444.1212l112.net/cao/aa17.exe
hxxp://444.1212l112.net/cao/aa18.exe
hxxp://555.1212l112.net/cao/aa19.exe
hxxp://555.1212l112.net/cao/aa20.exe
hxxp://555.1212l112.net/cao/aa21.exe
hxxp://555.1212l112.net/cao/aa22.exe
hxxp://555.1212l112.net/cao/aa23.exe
hxxp://555.1212l112.net/cao/aa24.exe
hxxp://555.1212l112.net/cao/aa25.exe
hxxp://555.1212l112.net/cao/aa26.exe
hxxp://555.1212l112.net/cao/aa27.exe

Quote
hxxp://dl.pvs360.com/cao/aa1.exe
Up to...
hxxp://dl.pvs360.com/cao/aa8.exe

Quote
hxxp://cw.pvs360.com/cao/aa9.exe
Up to...
hxxp://cw.pvs360.com/cao/aa16.exe

Quote
hxxp://ta.pvs360.com/cao/aa17.exe
Up to...
hxxp://ta.pvs360.com/cao/aa24.exe

Quote
hxxp://fg.pvs360.com/cao/aa25.exe
hxxp://fg.pvs360.com/cao/aa26.exe
hxxp://fg.pvs360.com/cao/aa27.exe
hxxp://grwm.woxwngw.cn/arp.exe

Quote
hxxp://wm.wngwda.cn/1.exe
hxxp://www.9z9t.com/hz/crtc.exe

Quote
hxxp://xz1.dajao.cn/6.exe
hxxp://xz1.dajao.cn/8.exe
hxxp://xz1.dajao.cn/9.exe
hxxp://xz1.dajao.cn/13.exe
hxxp://xz1.dajao.cn/15.exe
hxxp://xz1.dajao.cn/19.exe
hxxp://xz1.dajao.cn/24.exe
hxxp://xz1.dajao.cn/26.exe
hxxp://xz1.dajao.cn/34.exe
hxxp://xz1.dajao.cn/39.exe
hxxp://xz2.daoqaz.cn/6.exe
hxxp://xz2.daoqaz.cn/7.exe
hxxp://xz2.daoqaz.cn/8.exe
hxxp://xz2.daoqaz.cn/10.exe
hxxp://xz2.daoqaz.cn/15.exe
hxxp://xz2.daoqaz.cn/26.exe
hxxp://xz2.daoqaz.cn/32.exe
hxxp://xz2.daoqaz.cn/34.exe
hxxp://xz2.daoqaz.cn/42.exe

Quote
hxxp://www.sky8000.com/lanqingting/1.exe
hxxp://www.sky8000.com/lanqingting/2.exe
hxxp://www.sky8000.com/lanqingting/3.exe
hxxp://www.sky8000.com/lanqingting/4.exe
hxxp://www.sky8000.com/lanqingting/5.exe
hxxp://www.sky8000.com/lanqingting/6.exe
hxxp://www.sky8000.com/lanqingting/7.exe

Some of the above were gathered via the following downloader lists...
Quote
hxxp://8mdsai.cn/9/jx.txt
hxxp://at.yooosky.com/at.txt
hxxp://down.fafa56.cn/ko.txt
hxxp://udd.yooosky.com/o.txt
hxxp://www.9z9t.com/down.txt
hxxp://www.link5566.cn/ko.txt
hxxp://x.us-ok.net/1234.txt
hxxp://z2.us-2.net/1.txt

Have a nice day...   ::)  :-*
Title: Re: Few unsorted - Part 3
Post by: JohnC on July 15, 2008, 03:11:18 pm
Thank you.
Title: Re: Few unsorted - Part 3
Post by: sowhat-x on July 15, 2008, 04:50:06 pm
Quote
hxxp://hello.hierxw.com/down/wqq1.exe
hxxp://hello.hierxw.com/down/qqw2.exe
hxxp://hello.hierxw.com/down/qqw3.exe
hxxp://hello.hierxw.com/down/qqw4.exe
hxxp://hello.hierxw.com/down/qqw5.exe
hxxp://hello.hierxw.com/down/qqw6.exe
hxxp://hello.hierxw.com/down/qqw7.exe
hxxp://hello.hierxw.com/down/qqw8.exe
hxxp://hello.hierxw.com/down/qqw9.exe
hxxp://hello.hierxw.com/down/qqw10.exe
hxxp://haha.ziyuan6.com/down/qqw11.exe
hxxp://haha.ziyuan6.com/down/qqw12.exe
hxxp://haha.ziyuan6.com/down/qqw13.exe
hxxp://haha.ziyuan6.com/down/qqw14.exe
hxxp://haha.ziyuan6.com/down/qqw15.exe
hxxp://haha.ziyuan6.com/down/qqw16.exe
hxxp://haha.ziyuan6.com/down/qqw17.exe
hxxp://haha.ziyuan6.com/down/qqw18.exe
hxxp://haha.ziyuan6.com/down/qqw19.exe
hxxp://haha.ziyuan6.com/down/qqw20.exe
hxxp://news.ziyuan6.com/down/qqw21.exe
hxxp://news.ziyuan6.com/down/qqw22.exe
hxxp://news.ziyuan6.com/down/qqw23.exe
hxxp://news.ziyuan6.com/down/qqw24.exe
hxxp://news.ziyuan6.com/down/qqw25.exe
hxxp://news.ziyuan6.com/down/qqw26.exe
hxxp://news.ziyuan6.com/down/qqw27.exe
hxxp://news.ziyuan6.com/down/qqw28.exe
hxxp://news.ziyuan6.com/down/qqw29.exe
hxxp://news.ziyuan6.com/down/qqw30.exe
hxxp://news.ziyuan6.com/down/qqw31.exe
hxxp://news.ziyuan6.com/down/qqw32.exe

Via downloader lists...
Quote
hxxp://www.irxxv.com/css.txt
hxxp://www.rkjhc.cn/google.txt
Title: Re: Few unsorted - Part 3
Post by: sowhat-x on July 21, 2008, 11:55:02 am
Quote
hxxp://ma.danshkk.cn/1.exe
Up to...
hxxp://ma.danshkk.cn/30.exe
Quote
hxxp://newa.yibanle.cn/vie1.exe
Up to...
hxxp://newa.yibanle.cn/vie6.exe
Quote
hxxp://newb.yibanle.cn/vie7.exe
Up to...
hxxp://newb.yibanle.cn/vie12.exe
Quote
hxxp://newc.yibanle.cn/vie13.exe
Up to...
hxxp://newc.yibanle.cn/vie18.exe
Quote
hxxp://newd.yibanle.cn/vie19.exe
Up to...
hxxp://newd.yibanle.cn/vie25.exe
Quote
hxxp://nka.youlaiyou.net/may1.exe
Up to...
hxxp://nka.youlaiyou.net/may7.exe
Quote
hxxp://nkb.youlaiyou.net/may10.exe
Up to...
hxxp://nkb.youlaiyou.net/may14.exe
Quote
hxxp://nkc.youlaiyou.net/may15.exe
Up to...
hxxp://nkc.youlaiyou.net/may22.exe
Quote
hxxp://nkd.youlaiyou.net/may23.exe
Up to...
hxxp://nkd.youlaiyou.net/may33.exe
Quote
hxxp://nptt.urwxo.com/down/new21.exe
Up to...
hxxp://nptt.urwxo.com/down/new34.exe
Quote
hxxp://nxxv.urwxo.com/down/new11.exe
Up to...
hxxp://nxxv.urwxo.com/down/new20.exe
Quote
hxxp://uiik.urwxo.com/down/new1.exe
Up to...
hxxp://uiik.urwxo.com/down/new10.exe
Quote
hxxp://121.14.154.193/1.exe
Up to...
hxxp://121.14.154.193/38.exe
Quote
hxxp://zfzuguo.cn/hb/1.exe
Up to...
hxxp://zfzuguo.cn/hb/30.exe
Quote
hxxp://60.190.223.200/new/new1.exe
Up to...
hxxp://60.190.223.200/new/new30.exe

Downloader lists for the above as well...
Quote
hxxp://www.mapuso.net/dk.txt
hxxp://www.irxxv.com/css.txt
hxxp://dd.jackkk.cn/down.txt
hxxp://www.interoo.net/dk.txt
hxxp://2hdahlk3md.cn/9/jx.txt
hxxp://aboutdr.cn/dk.txt
hxxp://down.doups.cn/nwod.txt
hxxp://down.nihao29.cn/ko.txt
hxxp://zfzuguo.cn/css.txt

Quote
hxxp://a.llxslaile1.com/cn/1.exe
Up to...
hxxp://a.llxslaile1.com/cn/18.exe

Quote
hxxp://encountertracker.ws/rep.php
hxxp://encountertracker.ws/report.php

Quote
hxxp://abzsa.com.ar/watch.exe
hxxp://ad.50db34d5.info/rm/rm.exe
hxxp://anjinger.cn/sina.exe
hxxp://asd.dasd89712l.com/mas1.exe
hxxp://cppppp.cn/sina.exe
hxxp://down.hyrzxm.cn/down.exe
hxxp://eirte.cn/sina.exe
hxxp://flashfer.cn/sina.exe
hxxp://h1.ripway.com/AFLOW/Qb_.exe
hxxp://qianfane.cn/sina.exe
hxxp://serhi.cn/s.exe
hxxp://sun.63afe561.info/rm/rm.exe
hxxp://th.jjbnn.com.cn/pfile.exe
hxxp://uu5656uu.cn/xz/cs1.exe
hxxp://uu5656uu.cn/xz/cs2.exe
hxxp://uusese653.cn/xz/sin.exe
hxxp://www.almamama.com.cn/x/aychuanshi.exe
hxxp://www.almamama.com.cn/x/ayjr.exe
hxxp://www.almamama.com.cn/x/ayjxqy.exe
hxxp://www.almamama.com.cn/x/ayjxsj.exe
hxxp://www.almamama.com.cn/x/ayqns.exe
hxxp://www.almamama.com.cn/x/ayqqhx.exe
hxxp://www.almamama.com.cn/x/aytlbb.exe
hxxp://www.almamama.com.cn/x/aywl.exe
hxxp://www.almamama.com.cn/x/aywmgj.exe
hxxp://www.almamama.com.cn/x/aywow.exe
hxxp://www.almamama.com.cn/x/ayzhengfu.exe
hxxp://www.almamama.com.cn/x/qqys.exe
hxxp://www.almamama.com.cn/x/rxcq.exe
hxxp://www.almamama.com.cn/x/txdh2.exe
hxxp://www.almamama.com.cn/x/txmh.exe
hxxp://www.almamama.com.cn/x/txqqsg.exe
hxxp://www.almamama.com.cn/x/txshqz.exe
hxxp://www.almamama.com.cn/x/zzdh3.exe
hxxp://www.almamama.com.cn/x/zzfy.exe
hxxp://www.almamama.com.cn/x/zzmy.exe
hxxp://www.almamama.com.cn/x/zzwd.exe
hxxp://www.almamama.com.cn/x/zzzt.exe
hxxp://www.uswow1.com/css/xx.exe
hxxp://www.c55.cc/cc.exe
hxxp://www.cviog.cn/tv.exe
hxxp://www.eshuba.com/gg/SkypeClient.exe
hxxp://www.freewebtown.com/freeblogers/test.exe
hxxp://www.fukfuk360.org.cn/down/mm.exe
hxxp://www.ll63.com.cn/down.exe
hxxp://www.netzseiten2008.com/schau-mal/wwoc/casino.exe
hxxp://www.system-defender.com/download/4364/SystemDefender_Installer.exe
hxxp://www.tourunnion.com/x/aycb.exe
hxxp://www.tourunnion.com/x/aychuanshi.exe
hxxp://www.tourunnion.com/x/ayqqhx.exe
hxxp://www.tourunnion.com/x/aywl.exe
hxxp://www.tourunnion.com/x/rxcq.exe
hxxp://www.tourunnion.com/x/txqqsg.exe
hxxp://www.tourunnion.com/x/zzfs2.exe
hxxp://www.tourunnion.com/x/zzmy.exe
hxxp://xieshia.cn/sina.exe

Quote
hxxp://wm88.9966.org/htm/flash9e.swf
hxxp://wm88.9966.org/htm/flash9cd.swf
hxxp://wm88.9966.org/htm/flash9b.swf
hxxp://wm88.9966.org/htm/flash9.swf

Flash exploits / about 33% detection rate at VirusTotal.
Randomly selected report:
http://www.virustotal.com/analisis/35bb7a8d8bbb8eb3386e32dd9d501fcc
Title: Re: Few unsorted - Part 3
Post by: sowhat-x on July 22, 2008, 01:32:10 pm
Quote
hxxp://ww.txtv15.com/htm/flash9e.swf -> (note: ww,not www...)
hxxp://www.infomm.cn/htm/flash9e.swf
hxxp://www.uswow2.com/htm/flash9e.swf
hxxp://www.wooollstx.cn/flash/flash9e.swf

And newer stuff from the dl lists above...

Quote
hxxp://k1ks.cn/hb/1.exe
Up to...
hxxp://k1ks.cn/hb/30.exe

Quote
hxxp://111.ns-ok.com/down/1.exe
Up to...
hxxp://111.ns-ok.com/down/26.exe

Quote
hxxp://usa.herezh.cn/fbi1.exe
Up to...
hxxp://usd.herezh.cn/fbi24.exe

Quote
hxxp://www.dmatca6.org/c666.bin
hxxp://adultwebmasters.co.il/images/icons/nahuj/s.php
Title: Re: Few unsorted - Part 3
Post by: JohnC on July 24, 2008, 02:23:42 pm
Thank you.
Title: Re: Few unsorted - Part 3
Post by: sowhat-x on July 24, 2008, 09:20:51 pm
Quote
hxxp://333.ns-ok.com/down/1.exe
Up to...
hxxp://333.ns-ok.com/down/26.exe

Older dl list,newer samples...
Quote
hxxp://z2.us-2.net/1.txt

Not previously spotted dl list...
Quote
hxxp://www.web369.net/tt.txt

Quote
hxxp://d.dds600.cn/max1.exe
Up to...
hxxp://d.dds600.cn/max30.exe

Quote
hxxp://d.web598.com.cn/max1.exe
Up to...
hxxp://d.web598.com.cn/max30.exe

No dl list this time,sorry guys,lol...  :)

Quote
hxxp://sa.xccxcxcxcxcx.cn/win.css
hxxp://xiazai.cpushpop.com/4/ad7565.exe
hxxp://xxxxx.1a2b3c1.net/ctfmon.exe
hxxp://ww.xnibi.com/71.swf
hxxp://mmm.xnibi.com/mm.exe
hxxp://dodolook.1008606.com/d.txt
hxxp://xiazai.cpushpop.com/2/ad2345.exe
hxxp://moltodos.com/fix/album.exe
hxxp://windows.loveyoushipin.com/win.css

Quote
hxxp://208.66.195.15/40E800142020202057202D444D574D414C393644383133376C0000003266000000017600000064EB00053013181A1E
hxxp://208.66.195.71/40e8001430303030303030303030303030303030303031306c0000004d66000000007600000002

Urls found in it's strings...
Quote
hxxp://bestdiabetesdrugs.com/
hxxp://mexicandrugstor.com/
hxxp://superdrugsworld.com/
hxxp://superdrugssite.com/
hxxp://bestanxietydrugs.com/
hxxp://georgescheapdrugs.com/
hxxp://buydrugsonlinehere.com/
hxxp://ulcerdrugsonline.com/
hxxp://bestdrugsinternational.com/
hxxp://besttopicaldrugs.com/

Quote
hxxp://fastupdateservice.com/zsa9/winsrc.dll
hxxp://fastupdateservice.com/toolbar313/wscmp.dll

Quote
hxxp://antispyware2008soft.com/soft/Antispyware2008.exe
hxxp://dl.internetsecuritydeluxe.com/en/SaveId.exe
hxxp://dl.internetsecuritydeluxe.com/en/UI.exe
hxxp://dwnld1.com/VRM_Free.exe
hxxp://infectionscanner.com/AntvrsInstall.cab
hxxp://windows-virus-scanner.com/2009/download/trial/AV2009Install_0011.exe
hxxp://wista-antivirus.com/setup_en.exe
hxxp://www.xpsecuritycenter.com/XPSecurityCenter/Binaries1.zip
hxxp://xpsecuritycenter.com/install/Installer.exe

That's all for now...  :)
Title: Re: Few unsorted - Part 3
Post by: JohnC on July 26, 2008, 08:37:00 pm
Thanks.
Title: Re: Few unsorted - Part 3
Post by: sowhat-x on July 27, 2008, 12:13:25 pm
Quote
hxxp://bally1.bally-bally.net/laco1.exe
Up to...
hxxp://bally1.bally-bally.net/laco7.exe

hxxp://bally2.bally-bally.net/laco8.exe
Up to...
hxxp://bally2.bally-bally.net/laco14.exe

hxxp://bally3.bally-bally.net/laco15.exe
Up to...
hxxp://bally3.bally-bally.net/laco22.exe

hxxp://bally4.bally-bally.net/laco23.exe
Up to...
hxxp://bally4.bally-bally.net/laco35.exe

Newer downloader list that I've digged...
Quote
hxxp://www.guccia.net/prada.txt

Quote
hxxp://f.fff661.cn/max0.exe
hxxp://f.fff661.cn/max1.exe
And up to...
hxxp://f.fff661.cn/max40.exe

Quote
hxxp://mm119mkssd.cn/inte/yy1.exe
Up to...
hxxp://mm119mkssd.cn/inte/yy30.exe

Quote
hxxp://russarch.santrex.net/files/update.exe
hxxp://www.bhfer.cn/flasha.swf

Quote
hxxp://scan.wsp2008scanner.com/227/501/
hxxp://dwl.getwsp.com/load/setup_227_501_.exe
hxxp://dl.wspdl.com/get/?type=main&pin=227&lnd=501
hxxp://antispyguard-scanner.com/download/xpa_2008.exe
hxxp://antispyware2008soft.com/download.php?aff=1000
hxxp://cdn.bestdownloadsoft.com/mistikotitatuipologisti.com/MistikotitaTuIpologist/installer_gr.exe
hxxp://dl.internetsecuritydeluxe.com/en/download.php?landid=30&depid=maxc_isd08&cid=2271&parid=mc_548246151
hxxp://dl.internetsecuritydeluxe.com/en/InternetSecurityDeluxe.msi
hxxp://download.anvimaster.com/loading.php?actually=1&advid=0
hxxp://pc-cleanpro.com/download/4364/PCCleanPro_Installer_eng.exe
hxxp://spywatche.com/download.php?actually=1&advid=
hxxp://windows-virus-scanner.com/2009/download/trial/AV2009Install_0011.exe
hxxp://www.noadware.net/def/noadware4_072508.na.zip
hxxp://www.noadware.net/noadware.exe
hxxp://www.pc-antispy.com/download/4364/PCAntispy_Installer_eng.exe
hxxp://xlguarder.com/install.exe
Title: Re: Few unsorted - Part 3
Post by: JohnC on July 27, 2008, 08:30:18 pm
Thank you.
Title: Re: Few unsorted - Part 3
Post by: sowhat-x on July 29, 2008, 01:49:33 pm
Quote
hxxp://groupxxxvideo.com/
hxxp://big-nipples.groupxxxvideo.com/
hxxp://big-black-cocks.groupxxxvideo.com/
hxxp://penises.groupxxxvideo.com/
hxxp://gay-ass.groupxxxvideo.com
hxxp://girl-naked.groupxxxvideo.com
hxxp://pussy-fingering.groupxxxvideo.com
hxxp://double-fisting.groupxxxvideo.com
hxxp://ass-sex.groupxxxvideo.com
hxxp://hentai-videos.groupxxxvideo.com
hxxp://sexy-naked-girls.groupxxxvideo.com
hxxp://plzwait.info/in.cgi?2&seoref=
hxxp://antivirus2009-freescan.com/2009/1/freescan.php?aid=880061
hxxp://secureexpertcleaner.com/
hxxp://download.secureexpertcleaner.com/CleanerInstaller.exe
hxxp://registrydoctor2008.com/
hxxp://download.registrydoctor2008.com/RGD_FreeInstaller.exe
hxxp://virusremover2008.com/
hxxp://download.virusremover2008.com/VRM_Free.exe
hxxp://pestsweeper.com/setup_en.exe
hxxp://87.118.117.138/ho.php
hxxp://195.24.77.223/utest/ip.php
hxxp://206.51.226.211/spm/s_alive.php?id=DEC&tick=DEC&ver=200&smtp=ok&task=DEC
hxxp://206.51.237.93/spm/s_alive.php?id=xxx&tick=xxx&ver=200&smtp=ok
hxxp://213.155.0.240/cgi-bin/index.cgi?da003bee0100f0600222f5cb90060b46d6d902926c3dce0003001e000000000801
hxxp://58.65.239.115/check/n14041.htm
hxxp://66.199.237.36/iii.exe
hxxp://78.109.29.112/ho.php
hxxp://brakecodec.net/download/brakecodec.v.5.099,.exe
hxxp://codecservice1.com/service/index.php
hxxp://codecservice3.com/service/index.php
hxxp://codecservice6.com/service/index.php
hxxp://countermediagroup.com/ho.php
hxxp://neiron2009.com/check/vers155.php?q=1
hxxp://root.51113.com/root.gif
hxxp://siteresults1.com/feed/get.php
hxxp://siteresults2.com/feed/get.php
hxxp://sum4count.net/pictures1/ztool1
hxxp://sum4count.net/pictures1/ztool2
hxxp://sum4count.net/pictures1/ztool3
hxxp://sum4count.net/pictures1/ztool4
hxxp://v74.org/ex/1.swf
hxxp://v74.org/ex/index.php
hxxp://v84.org/in.cgi?4
hxxp://www.google-moogle.net/acrobat/
hxxp://www.google-moogle.net/acrobat/good_ip.php
hxxp://www.yourfavoritetube.com/cd///wmcodec_update.exe
hxxp://xpsecuritycenter.com/install/Installer.exe
Title: Re: Few unsorted - Part 3
Post by: sowhat-x on July 30, 2008, 01:53:57 pm
Zomg-haxor -> open dir...  8)

Quote
hxxp://antivirus2009-freescan.com/2009/download/
hxxp://antivirus2009-freescan.com/2009/download/trial/AV2009Install.exe
hxxp://antivirus2009-freescan.com/2009/download/trial/AV2009Install_.exe
hxxp://antivirus2009-freescan.com/2009/download/trial/backup0607_AV2009Install.exe
hxxp://antivirus2009-freescan.com/2009/download/trial/backup0707_AV2009Install.exe
hxxp://antivirus2009-freescan.com/2009/download/trial/backup080728-1731_AV2009Install.exe
hxxp://antivirus2009-freescan.com/2009/download/trial/backup080728-1737_AV2009Install.exe
hxxp://antivirus2009-freescan.com/2009/download/trial/backup080728-1740_AV2009Install.exe
hxxp://antivirus2009-freescan.com/2009/download/trial/backup080728-2015_AV2009Install.exe
hxxp://antivirus2009-freescan.com/2009/download/trial/backup080729-1117_AV2009Install.exe
hxxp://antivirus2009-freescan.com/2009/download/trial/backup080729-1154_AV2009Install.exe
hxxp://antivirus2009-freescan.com/2009/download/trial/backup080729-1755_AV2009Install.exe
hxxp://antivirus2009-freescan.com/2009/download/trial/backup080730-1039_AV2009Install.exe
hxxp://antivirus2009-freescan.com/2009/download/trial/backup080730-1044_AV2009Install.exe
hxxp://antivirus2009-freescan.com/2009/download/trial/backup080730-1435_AV2009Install.exe
hxxp://antivirus2009-freescan.com/2009/download/trial/backup0907_AV2009Install.exe
hxxp://antivirus2009-freescan.com/2009/download/trial/backup1007_AV2009Install.exe
hxxp://antivirus2009-freescan.com/2009/download/trial/backup1307_AV2009Install.exe
hxxp://antivirus2009-freescan.com/2009/download/trial/backupAV2009Install.exe
hxxp://antivirus2009-freescan.com/2009/download/trial/backup_AV2009Install.exe
hxxp://antivirus2009-freescan.com/2009/download/trial/not_crypted/AV2009Install.exe
hxxp://antivirus2009-freescan.com/2009/download/trial/crypts0307/_AV2009install(2).exe
hxxp://antivirus2009-freescan.com/2009/download/trial/crypts0307/_AV2009install(3).exe
hxxp://antivirus2009-freescan.com/2009/download/trial/crypts0307/_AV2009install(4).exe
hxxp://antivirus2009-freescan.com/2009/download/trial/crypts0307/_AV2009install(5).exe

Quote
hxxp://dwl.getwsp.com/load/setup_227_509_.exe
hxxp://dwl.wspdownload.com/load/setup_1_1_.exe

Quote
hxxp://download.aav2008.com/setup.php?actually=1&advid=29
hxxp://setup.regclean.com/setupxv.exe
hxxp://setup.antispywarebot.com/setupxv.exe
hxxp://download.antispywarebot.com/setup.exe
hxxp://download.errorsweeper.com/setup.exe
hxxp://download.regclean.com/setup.exe
hxxp://www.errorsmartdownload.com/setupxv.exe
hxxp://setup.adwarealert.com/setupxv.exe

Domain names of the "main" sites as well...
Quote
hxxp://scan.wsp2008scanner.com/227/509/
hxxp://sales.winspywareprotect.com/
hxxp://winspywareprotect.com/
hxxp://aav2008.com/
hxxp://adwarealert.com/
hxxp://restore-pc.com/download.php
hxxp://antispywarebot.com/
hxxp://regclean.com/

Quote
hxxp://fayhvkfnvu.com/dl/loadadv670.exe
hxxp://2005-search.com/go.exe
hxxp://ravup.kmip.net/iee.exe
hxxp://funny-pictures.com/desktopmate.exe
hxxp://trf-loader.org/trf/tools/calc.exe
hxxp://www.fenomen-games.com/dfiles/Concentration_dwn.exe
hxxp://www.smalltool.net/new.exe
hxxp://smart-security.biz/
hxxp://hotadulttube08.com/freemovie/1045/0/
hxxp://megabestsoftnah2008.com/soft/zadpdchbptl/eb97787c/MediaTubeCodec_ver1.1045.0.exe
hxxp://yourfavoritetube.com/cd/98/3/wmcodec_update.exe
hxxp://91.142.64.91/cgi-bin/news.cgi?user1
hxxp://91.142.64.91/cgi-bin/news.cgi?user2
hxxp://91.142.64.91/cgi-bin/news.cgi?user3
hxxp://91.142.64.91/cgi-bin/news.cgi?user4
Title: Re: Few unsorted - Part 3
Post by: JohnC on July 30, 2008, 08:06:56 pm
Thanks.
Title: Re: Few unsorted - Part 3
Post by: sowhat-x on July 30, 2008, 11:45:29 pm
Quote
hxxp://216.93.188.81/drm/savenow/SecureInstall_LOFS020701Inst.exe
hxxp://217.73.66.1/minidialler/PR.exe
hxxp://62.21.83.40/~mariusz/webreporter/postcard.exe
hxxp://ads.z-quest.com/ax/83122.exe
hxxp://ads.z-quest.com/ax/acdt-pid67N.exe
hxxp://antivirusprotectionsite.com/download/platinumpartner/AntivirusProtection.exe
hxxp://cdn.downloadcontrol.com/files/installers/cab/SystemDoctor2006FreeInstall.cab
hxxp://cdn.downloadcontrol.com/files/installers/Install-Errorprotector-Free.exe
hxxp://cdn.downloadcontrol.com/files/installers/PCTurboProInstallerFree.exe
hxxp://cdn.downloadcontrol.com/files/installers/SystemDoctor2006FreeInstall.exe
hxxp://cdn.downloadcontrol.com/installprivacyprotectorfree.exe
hxxp://d.45so.com/download/A.exe
hxxp://deposito.trafficredlight.net/11679-23.exe
hxxp://deposito.trafficredlight.net/11680-23.exe
hxxp://dist.checkin100.com/1-fe5e180d56ed9c233080898276c260cc.exe
hxxp://dist.checkin100.com/mirar_distro_876260.exe
hxxp://doctor-antivirus.com/promo/at.exe
hxxp://doctorantivirus2008a.com/
hxxp://download.cdn.errorsafe.com/files/installers/cab/ErrorSafeNewReleaseInstall.cab
hxxp://download.cdn.errorsafe.com/files/installers/ErrorSafeFreeInstallW.exe
hxxp://download.cdn.winsoftware.com/files/installers/cab/WinAntiSpyware2006FreeInstall.cab
hxxp://download.cdn.winsoftware.com/files/installers/cab/WinAntiSpyware2007FreeInstall.cab
hxxp://download.cdn.winsoftware.com/files/installers/cab/WinAntiVirusPro2006FreeInstall.cab
hxxp://download.cdn.winsoftware.com/files/installers/cab/WinAntiVirusPro2007FreeInstall.cab
hxxp://download.cdn.winsoftware.com/files/installers/WinAntiSpyware2007FreeInstall.exe
hxxp://download.cdn.winsoftware.com/files/installers/WinAntiVirusPro2006FreeInstall.exe
hxxp://download.cdn.winsoftware.com/files/installers/WinAntiVirusPro2007FreeInstall.exe
hxxp://download.errorsafe.com/files/installers/ErrorSafeFree_new.exe
hxxp://download.errorsafe.com/files/installers/ErrorSafeFreeInstall.exe
hxxp://download.errorsafe.com/files/installers/ErrorSafeNewReleaseInstall.exe
hxxp://download.privacy-kit.com/privacykit_setup.exe
hxxp://download.uav2008.com/install.php?actually=1&advid=2654
hxxp://downloads.virusrescue.com/releases/5335/vr_setup_3_0.exe
hxxp://files-pl.starware.com/installs/links/entertainment.exe
hxxp://files-pl.starware.com/installs/links/jokes_en-gb.exe
hxxp://files-pl.starware.com/installs/links/music.exe
hxxp://files-pl.starware.com/installs/links/weatherstudio.exe
hxxp://files.dertion.com/dragracer/DragRacer-v3-Setup.exe
hxxp://k8l.info/ax/acdt-pid67N.exe
hxxp://ksn.a1001186.wrs.mcboo.com/17PHolmes.cmt
hxxp://ndhome.netvigator.com/~graceho3/u.exe
hxxp://pest-patrol.com/
hxxp://platinumpartner.com/software/AdwareRemover/SpyBase/spydb.exe
hxxp://qtas.net/mumie.exe
hxxp://sec.storageguardsoft.com/securepccleaner.com/SecurePCCleaner/installer_en.exe
hxxp://static.zangocash.com/Setup/Seekmo/Setup.exe
hxxp://uav2008.com/
hxxp://ucleaner.com/download/6010/MjI6Ojg5/UltimateCleaner_Installer.exe
hxxp://up.re7an.net/tmp378/cnf380/peper_0.htm ->  Fake Google virus alert page
hxxp://users.skynet.be/fa088362/gp/i.exe
hxxp://webspyshield.com/a/setup.exe
hxxp://www.crackfind.org/install.exe
hxxp://www.doctor2antivirus.com/promo/at.exe
hxxp://www.filefrog.net/images/jrP20166.jpg
hxxp://www.filefrog.net/images/V3n82028.jpg
hxxp://www.pest-patrol.com/distribs/1/pp_lite.exe (note: it's 'pest-patrol.com',not pestpatrol.com)
hxxp://www.ucleaner.com/download/6010/MjI6Ojg5/UltimateCleaner_Installer.exe
hxxp://xbs.mtree.com/mt/dialers/fc/MultiDistFC.CAB
hxxp://xbs.sea.mtree.com/mt/dialers/fc/MultiDistFC.CAB
hxxp://xbs.sea.mtree.com/mt/dialers/fc/UniDist.CAB
hxxp://y5k.pp265.com/ax/wmp11exe.exe
Title: Re: Few unsorted - Part 3
Post by: sowhat-x on July 31, 2008, 03:53:29 pm
Quote
hxxp://upa.netsool.net/laco1.exe
Up to...
hxxp://upa.netsool.net/laco7.exe
Quote
hxxp://upb.netsool.net/laco8.exe
Up to...
hxxp://upb.netsool.net/laco14.exe
Quote
hxxp://upc.netsool.net/laco15.exe
Up to...
hxxp://upc.netsool.net/laco22.exe
Quote
hxxp://upd.netsool.net/laco23.exe
Up to...
hxxp://upd.netsool.net/laco35.exe
Quote
hxxp://qxz7.cn/hb/1.exe
Up to..
hxxp://qxz7.cn/hb/26.exe
Quote
hxxp://58.53.128.61/new/new1.exe
Up to...
hxxp://58.53.128.61/new/new28.exe
Quote
hxxp://tta.netfeei.cn/aoo1.exe
Up to..
hxxp://ttd.netfeei.cn/aoo22.exe
Quote
hxxp://mm119mkssd.cn/inte/yy1.exe
Up to...
hxxp://mm119mkssd.cn/inte/yy30.exe
Quote
hxxp://soft.hohoye.com/adco1.exe
Up to...
hxxp://soft.hohoye.com/adco16.exe
Quote
hxxp://user.hohoye.com/adco17.exe
Up to...
hxxp://user.hohoye.com/adco32.exe

And some unsorted stuff as well...
Quote
hxxp://3876373tr.org/basiu/cfg.bin
hxxp://87.118.110.78/
hxxp://87.118.110.78/prxget.php?serv=
hxxp://91.203.92.18/progs/tcwaer/rkopgkbp.php?adv=adv502
hxxp://abc-powers.com/check/vers195.php
hxxp://acdedblshd.com/progs/tdarf/vwjjbss.php?adv=adv540
hxxp://albpda.freehostia.com/
hxxp://b6755.nb.host-domain-lookup.com/bins/int/sn_pkz.int
hxxp://brakecodec.net/download/brakecodec.v.1.109.exe
hxxp://candy-country.com/botcool/auth.php
hxxp://cjadmin.35k.net/cc/list.htm
hxxp://ctree.1gb.in/soft/ChristmasTree.zip
hxxp://digitalroute69.com/l.php?aid=381.25
hxxp://e18810.nb.host-domain-lookup.com/bins/int/9kgen_up.int
hxxp://H18303.nb.host-domain-lookup.com/bins/int/7k19_up.int
hxxp://incestmovs.net/movie.htm
hxxp://j25937.nb.host-domain-lookup.com/bins/int/upd_admn.int
hxxp://l.mezzicodec.net
hxxp://mezzicodec.net/ -> (note -> Fake CastleCops webpage)
hxxp://mortgages-4-all.com/check/versionl.php
hxxp://p4570.bins.lop.com/bins/int/9kgen_up.int
hxxp://policy-studies.cn/fbi_facebook.exe
hxxp://scanner.shredder-scan.com/5/?advid=511
hxxp://truemaybe.com/check/n14042.htm
hxxp://u9848.nb.host-domain-lookup.com/bins/int/kr3.int
hxxp://virus-quick-scan.com/?wmid=1017&l=12&it=2&s=5087
hxxp://www.ddellywwear.com/web/cfg.bin
hxxp://xscanner.shredder-scan.com/setup/file.php?xid=install_511_MHw1fDB8fHx8fHw_
hxxp://z12276.nb.host-domain-lookup.com/bins/int/tp_map16.int
Title: Re: Few unsorted - Part 3
Post by: JohnC on August 02, 2008, 06:21:47 pm
Thanks.
Title: Re: Few unsorted - Part 3
Post by: sowhat-x on August 04, 2008, 05:39:02 pm
Quote
hxxp://online-xpcleaner.com/download/XPcleaner_v880011.exe
hxxp://windows-scannernv.com/2008/trial/XPAinstall_881234.exe
hxxp://virus-webscanner.com/XPantivirus2008_B28.exe
hxxp://virus9-webscanner.com/2009/download/trial/AV2009Install_0011.exe
hxxp://stat.axpfixer.com/download/AdvancedXPFixerInstaller.exe
hxxp://www.axpfixer.com/
hxxp://axpdefender08.com/download/AdvancedXPDefenderInstaller.exe
hxxp://stat.malwareprotector08.com/download/MalwareProtector2008Installer.exe
hxxp://malwareprotector08.com/
hxxp://stat.av-xp-08.com/download/AntivirusXP2008Installer.exe
hxxp://www.av-xp-08.com/
hxxp://spywareisolator.com/spywareisolator_installer.exe
hxxp://power-antivirus-2009.com/setup/Install.exe
hxxp://vipantispy.com/setup_en.exe
hxxp://vipantispyware.com/setup_en.exe
hxxp://trace-sweeper.com/files/tracesweeper_setup.exe
hxxp://windows-privacy-protection.com/
hxxp://spymaxx.com/download.php?aid=
hxxp://antispystorm2008.com/download.php?aid=
hxxp://casinobigbonus.com/data/
hxxp://casinobigbonus.com/SmartDownload.exe
hxxp://casinobigbonus.com/data/ip0.php?name=
hxxp://66.232.98.112/spm/s_tasks.php?id=DEC&ver=203
hxxp://196.32.220.3/video-nude-anjelina.avi.exe
hxxp://www.tubescollection.com/m5/index.php?id=1114&n=teen&a=SatyrIconIc&v=928400.666
hxxp://www.releasedvideo.com/download.php?id=1114
hxxp://red-codec.net/download/red-codec.exe
hxxp://0bucksforpornmovie.com/freecontent/
Title: Re: Few unsorted - Part 3
Post by: sowhat-x on August 06, 2008, 03:16:23 am
Quote
hxxp://pua.tianshia.net/push1.exe
Up to...
hxxp://pud.tianshia.net/push35.exe

Quote
hxxp://www.bcfti.cn/update.exe
hxxp://www.bvhui.cn/update.exe
hxxp://www.cfgyu.cn/update.exe
hxxp://www.dfery.cn/update.exe
hxxp://www.juiyv.cn/update.exe
hxxp://www.mnufg.cn/update.exe
hxxp://www.rtfvg.cn/update.exe
hxxp://www.tirws.cn/update.exe
hxxp://www.vbklo.cn/update.exe
hxxp://www.xcyhb.cn/update.exe

Same hash in all update.exe crap:
MD5 - CF325A3F3D7DD2A2538B51A53535B701

Quote
hxxp://a1.nlloaa.net/adco1.exe
Up to...
hxxp://a1.nlloaa.net/adco16.exe
Quote
hxxp://b2.nlloaa.net/adco17.exe
Up to...
hxxp://b2.nlloaa.net/adco32.exe

Quite a few exploit packs among the following...
Quote
hxxp://win-defender.com/SmalInst.php?sid=st&gid=st
hxxp://dl1.pyroantispy.com/d/1/pyrodistrib.exe
hxxp://download.online-scanning-computer.com/download/AntvrsInstall.exe
hxxp://www.emexdobrasil.com.br/web/orkut.com/album.orkut.com.exe
hxxp://www.emexdobrasil.com.br/web/youtube.com/watch.youtube.com.exe
hxxp://www.versatilite.com.br/web/youtube.com/watch.youtube.com.exe
hxxp://196.32.220.3/alex/c.exe
hxxp://196.32.220.3/s4/a.exe
hxxp://196.32.220.3/s4/e.exe
hxxp://196.32.220.3/0.exe
hxxp://seivomerutam.info/spam/
hxxp://red-codec.net/download/red-codec.v.3.191.exe
hxxp://hotxxxadult.com/gertrude/96188711/1/player.php?m=Y2xpcF8xMC53bXY=&id=1000
hxxp://66.96.214.197/40E8001430303030303030303030303030303030303031306C000000466600000001760000005CEB0005300831475D
hxxp://66.96.214.197/40E8001430303030303030303030303030303030303031306C000000466600000001760000005CEB0005306592A8BE
hxxp://66.96.214.197/40E8001430303030303030303030303030303030303031306C000000466600000001760000005CEB00053032516374
hxxp://66.96.214.197/40E8001430303030303030303030303030303030303031306C000000466600000001760000005CEB000530486D8399
hxxp://66.96.214.197/40E8001430303030303030303030303030303030303031306C000000466600000001760000005CEB00053089B5CCE3
hxxp://66.96.214.197/40E8001430303030303030303030303030303030303031306C000000466600000001760000005CEB000530E40E243A
hxxp://66.96.214.197/40E8001430303030303030303030303030303030303031306C000000466600000001760000005CEB000530E8071A2C
hxxp://66.96.214.197/40E8001430303030303030303030303030303030303031306C0000004666000000007600000642EB00053041667A8F
hxxp://66.96.214.197/40E8001430303030303030303030303030303030303031306C000000466600000001760000005CEB000530668CA1B6
hxxp://66.96.214.197/40E8001430303030303030303030303030303030303031306C0000004666000000007600000642EB000530B9E3F70C
hxxp://66.96.214.197/40E8001430303030303030303030303030303030303031306C0000004666000000007600000642EB000530A9D7EC00
hxxp://66.96.214.197/40E8001430303030303030303030303030303030303031306C000000466600000001760000005CEB0005300B354B60
hxxp://wolmos.com/templates/Default/images/zone.php
hxxp://tulipes.ru/images/
hxxp://ini7.com/lc10092.html
hxxp://3pigs.info/t/?
hxxp://google-analystyc.com/in.cgi?ch777&ead779
hxxp://5foot.net/t/
hxxp://sum4count.net/strong/184/?5d529f
hxxp://tr.sforge.info/ts/in.cgi?client049&a9f4ef
hxxp://208.72.168.176/e_049_11/index.php
hxxp://polanddreams.com/check/versionl.php
hxxp://codechost.com/codecpack.v.1.0.141.exe
hxxp://1st-tube.com/teens/index.php?id=141
hxxp://pressdownloadtostart.com/exe2/3913162.exe
hxxp://onlythebestvid.com/exclusive2/id/3913162/1/black/white/
hxxp://tdsin.info/std/go.php?sid=4
hxxp://sltest.info/tds/go.php?sid=4
hxxp://megabestsoftnah-2008.com/soft/zusdcghktcg/44500587/MediaTubeCodec_ver1.1513.0.exe
hxxp://hotadulttube08.com/amateur/1/2/042d97/1513/0/
hxxp://91.203.68.14/vip/
hxxp://91.203.68.14/sory/dtyeryeras.js
hxxp://ieskok.info/in.cgi?6&seoref=
hxxp://www.watchnenjoy.com/index.php?id=1273&style=white
hxxp://www.handmadeclips.com/m4/index.php?id=1273
hxxp://www.releasedvideo.com/download.php?id=1273
hxxp://realonlinevideo2008.com/movie/blue/0/21/1202/3/
hxxp://technichost.info/tech/go.php?sid=1
hxxp://onlinetube.info/tds/go.php?sid=1
hxxp://amateur.niche-planet.com/install.php?uid=2940e79305b3abae9869d310e5a52f3c
hxxp://monsterlink.org/spl/index.php
hxxp://www.ptp4ever.net/banniere.php?ref=freakout&fond=white
hxxp://red-caviar-kamchatka.com/spl/index.php
hxxp://svchost.us/spl/index.php
hxxp://vebalo.com/spl3/index.php
hxxp://vebalo.com/sbt/index.php
hxxp://mysploit.biz/fi/index.php
hxxp://searchtimes.com/index.php?AID=66285
hxxp://cdpuvbhfzz.com/dl/adv578.php
hxxp://try-count.net/strong/035/
hxxp://mdfc.info/
Title: Re: Few unsorted - Part 3
Post by: sowhat-x on August 07, 2008, 12:20:07 am
Only few rogues for today...
Quote
hxxp://download.fast-pc-scanner-online.com/download/AntvrsInstall.exe
hxxp://win-antivir-2008.com/a/Install.exe
hxxp://win-defender.com/SmalInst.php?sid=st&gid=st
hxxp://antispyspider.biz/files/antispyspider.msi
hxxp://spyzooka.net/download/spyzookasetup.exe
hxxp://malwscan.com/download.php?actually=1&advid=
hxxp://winxprotector.com/setup/file.php?xid=install_511_MHwwfHx8fHx8fA_
hxxp://download.winxdefender.com/defender_setup.exe
hxxp://spyware-sweeper.net/download.php?actually=1&advid=
hxxp://adwareremover2007.com/download.php?actually=1&advid=
hxxp://magicantispy.com/download.php?actually=1&advid=
hxxp://xscanner.malwarealarm.com/a/Install115.exe
Title: Re: Few unsorted - Part 3
Post by: SysAdMini on August 07, 2008, 12:45:10 pm

hxxp://ahleinaks.ru/millioner/millionertest.bin

See : http://www.avira.com/en/threats/section/fulldetails/id_vir/4251/tr_spy.zbot.dnv.htm

hxxp://dr-mahmoud.com/rix.exe

See : http://www.avira.com/en/threats/section/fulldetails/id_vir/4261/tr_spy.zbot.dpf.html

Title: Re: Few unsorted - Part 3
Post by: Kayrac on August 07, 2008, 01:25:04 pm
rix.exe downloads fake antivirus/rogue programs

didn't see any 'sending' of data, but i'm no expert and didn't let it run very long :)

-brian

no time to check out the other but perhaps later
Title: Re: Few unsorted - Part 3
Post by: JohnC on August 07, 2008, 07:31:54 pm
Thanks.
Title: Re: Few unsorted - Part 3
Post by: sowhat-x on August 08, 2008, 06:42:04 am
Quote
hxxp://scanner.power-antivirus-2009.com/setup/setup_1096_MHwzNXww_.exe
hxxp://pcprotectioncenter2008.com/download.php?aid=

Quote
hxxp://thehotcollegebabes.com/aplanet.exe
hxxp://thehotcollegebabes.com/a173.exe
Title: Re: Few unsorted - Part 3
Post by: Kayrac on August 08, 2008, 11:36:53 am
all from the same malware, some is call home, others is exe's :)

Code: [Select]
<@Kayrac> Host: www.fghie87134.com/bin/AGTMKCLSU.php?key=
<@Kayrac> Host: www.fghie87134.com/bin/AGTMKCLSF.php
<@Kayrac> Host: 121.125.68.121/Modules/T/fbpo3tqm6kdw.exe
<@Kayrac> Host: www.fghie87134.com/log/proc.php?mode=3&key=&maddr=000c29b80bd7
<@Kayrac> Host: www.fghie87134.com/bin/AGTMKCLSS.php?key=
<@Kayrac> Host: 121.125.68.121/wallpaper/baccarat3/JbWtghxOb4Cs.exe
<@Kayrac> Host: 121.125.68.121/wallpaper/baccarat3/W0UMSZNG0WkM.exe
<@Kayrac> Host: www.kjfbk07814.com/log/proc.php?key=JbWtghxOb4Cs
<@Kayrac> Host: www.fghie87134.com/bin/AGTMKCLSH.php?key=
<@Kayrac> Host: www.kjfbk07814.com/og/proc.php?key=W0UMSZNG0WkM

-Brian :)
Title: Re: Few unsorted - Part 3
Post by: sowhat-x on August 09, 2008, 05:52:49 am
One more 'hotcollegebabes' crap...seems to be reasonably detected though:
Quote
hxxp://thehotcollegebabes.com/mails.list

Quote
hxxp://fastupdateserver.com/zsa09/winsystem.dll -> Result: 5/36 (13.89%)
hxxp://fastupdateserver.com/zsa09/zs880000.exe -> Result: 11/36 (30.56%)

Quote
hxxp://sum4count.net/pictures/proxy.jpg
hxxp://sum4count.net/pictures/search.jpg
hxxp://sum4count.net/pictures/tibs.jpg
hxxp://sum4count.net/pictures/tool.jpg
hxxp://sum4count.net/pictures/winlogon.jpg
hxxp://try-count.net/pic/proxy.jpg
hxxp://try-count.net/pic/search.jpg
hxxp://try-count.net/pic/tibs.jpg
hxxp://try-count.net/pic/tool.jpg
hxxp://try-count.net/pic/winlogon.jpg
hxxp://pluscount.net/pyewgjhfdgjhdf/proxy.jpg
hxxp://pluscount.net/pyewgjhfdgjhdf/search.jpg
hxxp://pluscount.net/pyewgjhfdgjhdf/tibs.jpg
hxxp://pluscount.net/pyewgjhfdgjhdf/tool.jpg
hxxp://pluscount.net/pyewgjhfdgjhdf/winlogon.jpg
Detection rates over at VirusTotal currently at about 20-25 %...

Newer dl lists for the masses...  ;)
Quote
hxxp://aboutdr.cn/uk.txt
hxxp://dlxc.ccxtt.com/xtt.txt
hxxp://v.gogodown.com.cn/x.txt
hxxp://www.aloou.net/ac.txt
hxxp://www.guccia.net/prada.txt
hxxp://www.mj5640ibn.com/praasd.txt
hxxp://www.qxzzj.cn/csa.txt
Title: Re: Few unsorted - Part 3
Post by: Kayrac on August 09, 2008, 04:17:37 pm
zlob variant from

Code: [Select]
http://flwinstrument.com/mp3download.php?fn=MP3-2%255B4%255D.mp3&id=1651
does a crapload

Code: [Select]
iexplorerclue.com/redirect.php
Host: 69.50.164.50/this/is/stereo/music.php?param=0;1651;1537
http://www.wav2008.com/?advid=177
http://www.topsafetysoft.com/soft/?c=616513
http://windows-defense.com/2009/1/_freescan.php?aid=880348

drops tons of files, installs a toolbar, tries to get you to dl AV 2008 etc etc

-Brian
Title: Re: Few unsorted - Part 3
Post by: sowhat-x on August 10, 2008, 08:46:05 am
Quote
hxxp://213.155.0.242/cgi-bin/in.cgi?us01&101dea
hxxp://66.96.248.197/spm/s_tasks.php?id=DEC&ver=200
hxxp://noclegi_klimkowka.w.interia.pl/images/ie7.0.exe

Quote
hxxp://66.197.167.21/40E800142020202020202020202020205236364153344E316C0000001466000000007600000642EB000530B73CB726
hxxp://58.65.235.41/llll/tadm/ldr.exe
hxxp://58.65.235.41/llll/tadm/cfg.bin
hxxp://suspended-domain.ru/cfg.bin

Quote
hxxp://fleshkatera.cn/sys/index.php?id=0005
hxxp://fleshkatera.cn/sys/index.php?id=0006
hxxp://fleshkatera.cn/sys/index.php?id=0007

Quote
hxxp://abc-powers.com/check/n14048.htm
hxxp://main40.com/check/n14048.htm
Title: Re: Few unsorted - Part 3
Post by: sowhat-x on August 10, 2008, 02:28:24 pm
Plus one more... ;)
Quote
hxxp://snow-job.com/check/n14042.htm

PS:Thread closed for now...off to summer vacation for some time,he-he...  ;)
I'll return fresh,fast and furious for "Few Unsorted - Part 4" though... ;D
Title: Re: Few unsorted - Part 3
Post by: JohnC on August 13, 2008, 09:20:56 am
Thank you.