Author Topic: daily something......  (Read 796156 times)

0 Members and 2 Guests are viewing this topic.

November 05, 2008, 12:17:21 pm
Reply #90

sowhat-x

  • Guest
...since a few days passed since the fuzz around the ms08-067 worm,
thought it's about time to move these here as well...  ;)
Quote
hxxp://zz.ushealthmart.com/download/67.exe
hxxp://www.ushealthmart.com/kernel/cmd.txt
hxxp://ce.10wrj.com/10wrjcenew.exe
hxxp://freegoogla.vicp.net/download/Loader.exe
hxxp://ls.cc86.info/mimi.1268772
hxxp://ls.lenovowireless.net/mimi.1268772
hxxp://ls.playswomen.com/mimi.1268772
hxxp://st.ushealthmart.com/download/webcc.exe

November 05, 2008, 07:18:43 pm
Reply #91

lanvin

  • Special Access
  • Full Member

  • Offline
  • *

  • 55
    • PC Security Labs
Code: [Select]
http://bot.10wrj.com/bot1102.exe
http://so.91526.com/jj.exe

thank you ;D
Welcome to my personal blog
http://www.pcsecuritylabs.net/jeffrey/

November 05, 2008, 07:25:30 pm
Reply #92

lanvin

  • Special Access
  • Full Member

  • Offline
  • *

  • 55
    • PC Security Labs
...since a few days passed since the fuzz around the ms08-067 worm,
thought it's about time to move these here as well...  ;)
Quote
hxxp://zz.ushealthmart.com/download/67.exe
hxxp://www.ushealthmart.com/kernel/cmd.txt
hxxp://ce.10wrj.com/10wrjcenew.exe
hxxp://freegoogla.vicp.net/download/Loader.exe
hxxp://ls.cc86.info/mimi.1268772
hxxp://ls.lenovowireless.net/mimi.1268772
hxxp://ls.playswomen.com/mimi.1268772
hxxp://st.ushealthmart.com/download/webcc.exe

thank you ;)
Welcome to my personal blog
http://www.pcsecuritylabs.net/jeffrey/

November 08, 2008, 06:55:07 pm
Reply #93

lanvin

  • Special Access
  • Full Member

  • Offline
  • *

  • 55
    • PC Security Labs
Code: [Select]
http://www.interfejs.tv/download/MediaCellConverterSetup.exe
117.23.205.227/new/001.cab
117.23.205.227/new/002.cab
117.23.205.227/new/003.cab
117.23.205.227/new/004.cab
117.23.205.227/new/005.cab
117.23.205.227/new/006.cab
117.23.205.227/new/007.cab
117.23.205.227/new/008.cab
117.23.205.227/new/009.cab
117.23.205.227/new/010.cab
http://www.flaxweb.org/botnet1/bot_stuff/bot1.exe
http://193.27.246.185/zx/xvid.exe
http://alwayssam.com/lal222.exe
Welcome to my personal blog
http://www.pcsecuritylabs.net/jeffrey/

November 09, 2008, 01:26:20 am
Reply #94

sowhat-x

  • Guest
Various pdf-exploit variants,and different detection rates for the time being...
Quote
hxxp://218.93.205.42/cache/doc.pdf
hxxp://megsrdomain.cn/tor/exploits/pdf/2.pdf
hxxp://myfrooogle.cn/z/cache/doc.pdf
hxxp://nudeteens.in/4/cache/doc.pdf

November 09, 2008, 07:01:54 am
Reply #95

sowhat-x

  • Guest
Quote
hxxp://0012.ff-freehosting.com/vip/pdf.php?id=148754
hxxp://0012.ff-freehosting.com/vip/pdf.php?id=18802
hxxp://0012.ff-freehosting.com/vip/pdf.php?id=20408
hxxp://0012.ff-freehosting.com/vip/pdf.php?id=4777
hxxp://0012.ff-freehosting.com/vip/pdf.php?id=72811
hxxp://0012.ff-freehosting.com/vip/pdf.php?id=9678
hxxp://2.formybro.info/sis/getfile.php?f=pdf
hxxp://2.formybro.info/sis/getfile.php?f=vispdf
hxxp://59.125.229.78/tube/7/pdf.php?id=571
hxxp://78.157.142.122/us.pdf
hxxp://79.135.167.18/cgi-bin/index.cgi?16ee347b0100f060018c51855506ea6e98df025e5815210003000c000002bc17
hxxp://79.135.167.18/cgi-bin/index.cgi?c5c3b24c0100f060018c518555060c6ab3b1028d77d1970003000c000002bc17
hxxp://abb192.cn/exp/pdf.php?id=5093
hxxp://abb192.cn/spl3/pdf.php?id=14
hxxp://abc801.cn/exp/pdf.php?id=1619
hxxp://adultworld.name/new2/pdf.php
hxxp://bar-moscow.ru/2/sploits/test.pdf
hxxp://blonde.ff-freehosting.com/all/pdf.php?id=269235
hxxp://blonde.ff-freehosting.com/vip/pdf.php?id=116190
hxxp://blonde.ff-freehosting.com/vip/pdf.php?id=12768
hxxp://blonde.ff-freehosting.com/vip/pdf.php?id=244399
hxxp://blonde.ff-freehosting.com/vip/pdf.php?id=462713
hxxp://blonde.ff-freehosting.com/vip/pdf.php?id=49801
hxxp://blonde.ff-freehosting.com/vip/pdf.php?id=7121
hxxp://blonde.ff-freehosting.com/vip/pdf.php?id=76961
hxxp://blonde.ff-freehosting.com/vip/pdf.php?id=80963
hxxp://buterik.com/123/opdf.php
hxxp://dortumosio.com/adsl1/pdf.php
hxxp://dortumosio.com/adsl2/pdf.php
hxxp://dzenmoney.cn/pdf.php?id=2
hxxp://eliriumsoft.com/sup/cache/doc.pdf
hxxp://fdfgsdfvsdss.eu/webpage1/spl/pdf.pdf
hxxp://fiesta.1clinux.ru/pdf.php?acc=102&id=1
hxxp://golpii.com/25/1/getfile.php?f=pdf
hxxp://golpii.com/25/1/getfile.php?f=vispdf
hxxp://golpii.com/25/2/getfile.php?f=pdf
hxxp://golpii.com/25/2/getfile.php?f=pdf
hxxp://golpii.com/25/3/getfile.php?f=pdf
hxxp://golpii.com/25/3/getfile.php?f=vispdf
hxxp://google-moogle.net/fiesta/pdf.php?id=3858
hxxp://gtswiat.pl/grafika/gora2/ss/help.pdf
hxxp://hu1-hu1.cn/counter/getfile.php?f=pdf
hxxp://hu1-hu1.cn/counter/getfile.php?f=vispdf
hxxp://id-auto.ru/msn/pdf.php?id=14788
hxxp://lite.ff-freehosting.com/vip/pdf.php?id=19622
hxxp://lite.ff-freehosting.com/vip/pdf.php?id=221738
hxxp://lite.ff-freehosting.com/vip/pdf.php?id=28617
hxxp://lite.ff-freehosting.com/vip/pdf.php?id=6212
hxxp://lite.ff-freehosting.com/vip/pdf.php?id=8678
hxxp://lovekills.ru/kill/pdf.php?id=7323
hxxp://malemaleless.cn/adsl3/pdf.php
hxxp://onsline.com/spl/pdf.pdf
hxxp://ontilop.ru/.../sploits/test.pdf
hxxp://reddii.ru/traffic/sploit1/getfile.php?f=pdf
hxxp://reddii.ru/traffic/sploit1/getfile.php?f=vispdf
hxxp://soft.1clinux.ru/102.pdf
hxxp://srq3h.com/center/movies/images/xuk/help.pdf
hxxp://sunbizdirect.com/pdf.php?id=6626
hxxp://svinushka.net/forum/spl/pdf.pdf
hxxp://teentgp.cn/fiesta/pdf.php?id=16535
hxxp://v2bestcount.net/in/20/output.pdf
hxxp://v2statscount.net/in/34/output.pdf
hxxp://v2statscount.net/in/46/output.pdf
hxxp://v2statscount.net/in/65/output.pdf
hxxp://verzeih.com/state/2/cache/doc.pdf
hxxp://vn92.net/exp/14/pdf.php?id=3218
hxxp://vn92.net/exp/2/pdf.php?id=122
hxxp://vn92.net/exp/pdf.php?id=46688
hxxp://www.ivnnetwork.com/pdf.php?a=29826
hxxp://www.porngalleriesz.com/st/z/pdf.php?t=4&l=700
hxxp://ya-tracker.com/pdfdoc/flashba.pdf

...Hopefully these are enough pdf samples for people out there? ;)

November 10, 2008, 08:54:36 am
Reply #96

sowhat-x

  • Guest
Quote
hxxp://bhxtakekep.net/loaderadv563.exe
hxxp://71.18.116.75/pz/nana.exe
hxxp://72.8.146.36/3.exe
hxxp://alwayssam.com/lal222.exe
hxxp://alwayssam.com/so7.exe
hxxp://www.alwayssam.com/x3.exe

November 10, 2008, 09:02:10 am
Reply #97

sowhat-x

  • Guest
Small present for all malware hunters around...list is daily updated - have fun... :)
Quote
http://www3.malekal.com/exploit.txt

Credits for the hard work to be given were they should...and that is,to Malekal:
Quote
http://forum.malekal.com/index.php

November 10, 2008, 09:30:38 pm
Reply #98

cjeremy

  • Special Members
  • Full Member

  • Offline
  • *

  • 58
    • sudosecure
I am doing a short write up for my blog on the PDF exploits and was wondering if I could use some of these samples in my write up?  I will site source as MDL and the individuals that collected the samples such as sowhat if you all allow me to use them.  Just want to get your permissions before I do the write up, thanks in advance either way.

November 11, 2008, 12:32:48 am
Reply #99

sowhat-x

  • Guest
cjeremy,you don't need to reference anyone,after all,
most of them were found simply via googling...then sorting/removing dupes etc...

When I stumble upon kinda large amounts of stuff,
that was already spotted and posted by other people in public,
(eg.like the referenced material above that was gathered by Malekal),
I personally always give the reference/credits/link to the post in question as well...
That is both for people to be able to follow over by themselves the updates there,
plus for common reasons of politeness obviously...and that's all there is to it.  :)

Waiting for a good write-up with detailed analysis over at Sudosecure ;)

November 12, 2008, 12:26:08 am
Reply #100

lanvin

  • Special Access
  • Full Member

  • Offline
  • *

  • 55
    • PC Security Labs
Small present for all malware hunters around...list is daily updated - have fun... :)
Quote
http://www3.malekal.com/exploit.txt

Credits for the hard work to be given were they should...and that is,to Malekal:
Quote
http://forum.malekal.com/index.php


Thank you :)
Welcome to my personal blog
http://www.pcsecuritylabs.net/jeffrey/

November 12, 2008, 06:11:45 pm
Reply #101

sowhat-x

  • Guest
Quote
hxxp://ascoprguide.net/lel/load.php?xpl=pdf
It spawns 'load.exe'...Result: 6/35 (17.14%)
http://www.virustotal.com/analisis/d1e1d25d68004d4c8a3b2ad5e87174e9

Quote
hxxp://ascoprguide.net/lel/config/test.pdf
Result: 10/36 (17.14%)
http://www.virustotal.com/analisis/18a2be6aeec85eceea9ffa8fee14fb43

And it's EstDomains...from the same ip also:
Quote
hxxp://bestansia.net/lel/config/test.pdf
Result: 10/36 (27.78%)
http://www.virustotal.com/analisis/c529319c11a5eecb6318ecc2cfe6417f

Quote
hxxp://bestratebid.net/botout/test.pdf
Result: 12/36 (33.34%)
http://www.virustotal.com/analisis/2d33f75cf7dda11517a955de05bf4b00

Quote
hxxp://bestratebid.net/botout/load.php?xpl=mdac
Result: 6/36 (16.67%)
http://www.virustotal.com/analisis/cd62f24af130e17769147181f78a3f81

No other domains seem to exist in this ip...
http://www.robtex.com/ip/64.86.16.11.html

November 13, 2008, 09:49:39 am
Reply #102

sowhat-x

  • Guest
Code: [Select]
hxxp://59.34.197.63/exe1/b08.css
hxxp://59.34.197.63/exe1/b19.css
hxxp://59.34.197.63/exe1/bf.css
hxxp://59.34.197.63/exe1/bf.css
hxxp://59.34.197.63/exe1/ce.css
hxxp://59.34.197.63/exe1/ms.css
hxxp://59.34.197.63/exe1/re.css
hxxp://59.34.216.143/new/new34.exe
hxxp://59.34.216.143/new/new34.exe
hxxp://59.34.216.143/new/new35.exe
hxxp://59.34.216.143/new/new35.exe
hxxp://59.34.216.143/new/new36.exe
hxxp://59.34.216.225/new/new31.exe
hxxp://59.34.216.225/new/new32.exe
hxxp://59.34.216.225/new/new33.exe
hxxp://59.60.30.200/list/01.exe
hxxp://59.60.30.200/list/02.exe
hxxp://59.60.30.200/list/03.exe
hxxp://59.60.30.200/list/04.exe
hxxp://59.60.30.200/list/05.exe
hxxp://59.60.30.200/list/06.exe
hxxp://59.60.30.200/list/07.exe
hxxp://59.60.30.200/list/08.exe
hxxp://59.60.30.200/list/09.exe
hxxp://59.60.30.200/list/10.exe
hxxp://59.60.30.200/list/11.exe
hxxp://59.60.30.200/list/12.exe
hxxp://59.60.30.200/list/14.exe
hxxp://59.60.30.200/list/15.exe
hxxp://59.60.30.200/list/16.exe
hxxp://59.60.30.200/list/17.exe
hxxp://59.60.30.200/list/18.exe
hxxp://59.60.30.200/list/19.exe
hxxp://59.60.30.200/list/20.exe
hxxp://59.60.30.200/list/21.exe
hxxp://59.60.30.200/list/22.exe
hxxp://59.60.30.200/list/24.exe
hxxp://59.60.30.200/list/25.exe
hxxp://59.60.30.200/list/26.exe
hxxp://59.60.30.200/list/27.exe
hxxp://59.60.30.200/list/csmonet.exe
hxxp://59.60.30.200/list/msconet.exe
hxxp://61.160.210.41/new/new27.exe
hxxp://61.160.210.41/new/new28.exe
hxxp://61.160.210.41/new/new29.exe
hxxp://61.160.210.41/new/new30.exe
hxxp://61.160.210.42/new/new21.exe
hxxp://61.160.210.42/new/new22.exe
hxxp://61.160.210.42/new/new23.exe
hxxp://61.160.210.42/new/new24.exe
hxxp://61.160.210.42/new/new25.exe
hxxp://61.160.210.42/new/new26.exe
hxxp://61.160.210.43/new/new11.exe
hxxp://61.160.210.43/new/new12.exe
hxxp://61.160.210.43/new/new13.exe
hxxp://61.160.210.43/new/new15.exe
hxxp://61.160.210.44/new/new16.exe
hxxp://61.160.210.44/new/new17.exe
hxxp://61.160.210.44/new/new18.exe
hxxp://61.160.210.44/new/new19.exe
hxxp://61.160.210.44/new/new20.exe
hxxp://61.160.213.143/mb.txt
hxxp://61.164.118.209/new/new1.exe
hxxp://61.164.118.209/new/new10.exe
hxxp://61.164.118.209/new/new2.exe
hxxp://61.164.118.209/new/new3.exe
hxxp://61.164.118.209/new/new4.exe
hxxp://61.164.118.209/new/new5.exe
hxxp://61.164.118.209/new/new8.exe
hxxp://61.164.118.209/new/new9.exe
hxxp://61.164.118.211/new/new10.exe
hxxp://61.164.118.211/new/new6.exe
hxxp://61.164.118.211/new/new7.exe
hxxp://61.164.118.211/new/new8.exe
hxxp://61.164.118.211/new/new9.exe
hxxp://ad.uu500.com/3d226f621b4a032c.exe
hxxp://dddd.nihao69.cn/down/ko.exe
hxxp://down.cvz2.cn/hb/0.exe
hxxp://down.cvz2.cn/hb/1.exe
hxxp://down.cvz2.cn/hb/10.exe
hxxp://down.cvz2.cn/hb/11.exe
hxxp://down.cvz2.cn/hb/12.exe
hxxp://down.cvz2.cn/hb/13.exe
hxxp://down.cvz2.cn/hb/14.exe
hxxp://down.cvz2.cn/hb/15.exe
hxxp://down.cvz2.cn/hb/16.exe
hxxp://down.cvz2.cn/hb/17.exe
hxxp://down.cvz2.cn/hb/18.exe
hxxp://down.cvz2.cn/hb/19.exe
hxxp://down.cvz2.cn/hb/2.exe
hxxp://down.cvz2.cn/hb/20.exe
hxxp://down.cvz2.cn/hb/21.exe
hxxp://down.cvz2.cn/hb/22.exe
hxxp://down.cvz2.cn/hb/24.exe
hxxp://down.cvz2.cn/hb/25.exe
hxxp://down.cvz2.cn/hb/26.exe
hxxp://down.cvz2.cn/hb/27.exe
hxxp://down.cvz2.cn/hb/28.exe
hxxp://down.cvz2.cn/hb/29.exe
hxxp://down.cvz2.cn/hb/3.exe
hxxp://down.cvz2.cn/hb/30.exe
hxxp://down.cvz2.cn/hb/31.exe
hxxp://down.cvz2.cn/hb/32.exe
hxxp://down.cvz2.cn/hb/33.exe
hxxp://down.cvz2.cn/hb/4.exe
hxxp://down.cvz2.cn/hb/5.exe
hxxp://down.cvz2.cn/hb/6.exe
hxxp://down.cvz2.cn/hb/7.exe
hxxp://down.cvz2.cn/hb/8.exe
hxxp://down.cvz2.cn/hb/9.exe
hxxp://down.nihao69.cn/down/ko.exe
hxxp://eiv.baidu.com/other/ff.js
hxxp://facaizhifuok.cn/root/svcos.exe
hxxp://m.c5x8.com/mm.exe
hxxp://qq.caogui03.cn/cha/ca01.exe
hxxp://qq.caogui03.cn/ma/cw01.exe
hxxp://qq.caogui03.cn/ma/cw02.exe
hxxp://qq.caogui03.cn/ma/cw03.exe
hxxp://qq.caogui03.cn/ma/cw04.exe
hxxp://qq.caogui03.cn/ma/cw05.exe
hxxp://qq.caogui03.cn/ma/cw06.exe
hxxp://qq.caogui03.cn/ma/cw07.exe
hxxp://qq.caogui03.cn/ma/cw08.exe
hxxp://qq.caogui03.cn/ma/cw09.exe
hxxp://qq.caogui03.cn/ma/cw10.exe
hxxp://qq.caogui03.cn/ma/cw11.exe
hxxp://qq.caogui03.cn/ma/cw12.exe
hxxp://qq.caogui03.cn/ma/cw14.exe
hxxp://qq.caogui03.cn/ma/cw15.exe
hxxp://qq.caogui03.cn/ma/cw16.exe
hxxp://qq.caogui03.cn/ma/cw17.exe
hxxp://qq.caogui03.cn/ma/cw18.exe
hxxp://qq.caogui03.cn/ma/cw19.exe
hxxp://qq.caogui03.cn/ma/cw20.exe
hxxp://qq.caogui03.cn/ma/cw21.exe
hxxp://qq.caogui03.cn/ma/cw22.exe
hxxp://qq.caogui03.cn/ma/cw23.exe
hxxp://qq.caogui03.cn/ma/cw25.exe
hxxp://qq.caogui03.cn/ma/cw26.exe
hxxp://qq.caogui03.cn/ma/cw28.exe
hxxp://qq.caogui03.cn/ma/cw29.exe
hxxp://qq.caogui03.cn/ma/cw30.exe
hxxp://qq.caogui03.cn/ma/cw31.exe
hxxp://qq.caogui03.cn/ma/sw02.exe
hxxp://qq.caogui03.cn/ma/sw03.exe
hxxp://tom.tom63.cn/liebiao/new.txt
hxxp://tom.tom63.cn/list/01.exe
hxxp://tom.tom63.cn/list/02.exe
hxxp://tom.tom63.cn/list/03.exe
hxxp://tom.tom63.cn/list/04.exe
hxxp://tom.tom63.cn/list/05.exe
hxxp://tom.tom63.cn/list/06.exe
hxxp://tom.tom63.cn/list/07.exe
hxxp://tom.tom63.cn/list/08.exe
hxxp://tom.tom63.cn/list/09.exe
hxxp://tom.tom63.cn/list/10.exe
hxxp://tom.tom63.cn/list/11.exe
hxxp://tom.tom63.cn/list/12.exe
hxxp://tom.tom63.cn/list/14.exe
hxxp://tom.tom63.cn/list/15.exe
hxxp://tom.tom63.cn/list/16.exe
hxxp://tom.tom63.cn/list/17.exe
hxxp://tom.tom63.cn/list/18.exe
hxxp://tom.tom63.cn/list/19.exe
hxxp://tom.tom63.cn/list/20.exe
hxxp://tom.tom63.cn/list/21.exe
hxxp://tom.tom63.cn/list/22.exe
hxxp://tom.tom63.cn/list/24.exe
hxxp://tom.tom63.cn/list/25.exe
hxxp://tom.tom63.cn/list/26.exe
hxxp://txt.50nb.com/update/cs.txt
hxxp://u.uu500.com/a8da234k8asdf.exe
hxxp://ulm-haafeulm-haa.com/blotch/0610.bin
hxxp://www.asmkuang.cn/1.exe
hxxp://www.asmkuang.cn/2/m15.swf
hxxp://www.asmkuang.cn/2/m16.swf
hxxp://www.asmkuang.cn/2/m28.swf
hxxp://www.asmkuang.cn/2/m45.swf
hxxp://www.asmkuang.cn/2/m47.swf
hxxp://www.asmkuang.cn/2/m64.swf
hxxp://www.dabao8.net/ma.exe
hxxp://www.deewoo.net/dl.exe
hxxp://www.deewoo.net/gside.exe
hxxp://www.ffxihn.com/yy/yy.exe
hxxp://www.flash-install.com/Adobe_flash_codec.exe
hxxp://www.flash-install.com/video.swf
hxxp://www.kaolabao.net/bo/BO1024.exe
hxxp://www.kaolabao.net/bo/update.ini
hxxp://www.longlong7.cn/bo/BO1030.exe
hxxp://www.oiuyt.net/ad.jpg
hxxp://www.oiuytr.net/down/ko.exe
hxxp://www.oiuytr.net/new/a255.css
hxxp://www.play0nlink.com/ma/xia.exe
hxxp://www.wq9q.cn/root/svcos.exe
hxxp://www.yipinci.com/upfile/vip.exe
hxxp://www.youxi668.com/ie7.exe
hxxp://www.zyy9888.net/test/13.exe
hxxp://x.ccd6.com/dd/1.exe
hxxp://x.ccd6.com/dd/10.exe
hxxp://x.ccd6.com/dd/2.exe
hxxp://x.ccd6.com/dd/6.exe
hxxp://x.ccd6.com/dd/9.exe
hxxp://x.ccd6.com/dd/x.gif
hxxp://x.ccd6.com/xx.exe

Quote
hxxp://2.gooanal.net/sis/getfile.php?f=pdf
Result: 9/36 (25.00%)
http://www.virustotal.com/analisis/70473d5c4c6da5906a23e02a06aa38f5

Quote
hxxp://dortumosio.com/11/pdf.php
Result: 11/36 (30.56%)
http://www.virustotal.com/analisis/4ac9dbbd008674a3608d641a6901baa1

November 14, 2008, 03:04:35 pm
Reply #103

lanvin

  • Special Access
  • Full Member

  • Offline
  • *

  • 55
    • PC Security Labs
Code: [Select]
http://msaknust.com/images/menu.jpg  (C:\Windows\BitDefender.exe)
http://www.comprafacilsac.com/r1.exe
https://www.box.net/shared/static/kiur88kidh.exe
http://www.playitontheweb.com/01/img/amigo.exe
http://www.cobrancasweb.com/imagens/imagem.jpg
http://www.cobrancasweb.com/imagens/imagem1.jpg
http://www.oiuytre.net/down/ko.exe
http://www.mensagemevangelica.com.br/download/biblia_digital.exe
http://server.microlite20.com/~admin271/ldr.exe
http://www.staffcop.com/download/staffcop.exe

http://77.93.75.148/img/cntr.dll?sid=D8545F5A4F080F0F000D54585C59595D5D4F1F545B365C365836085B51363A0C1B1F000A0C4939080A02495B4F0A000D545D282F582F5C2C2B5E585B285D50285D502F2B5128582C5E5D5E2A585A5F5C2C4F081D54502A285A515C5959505F2C5B58582D2D50505D50585C59595D5D282A2F2F2F2F4F1E1D545E505D5B5C0C5B5E59584F0B00545A5B594F04061B1901000D54001B185D4F1B0C1F000D54505D5C5D69B101

http://77.93.75.148/img/cntr.dll?sid=6E545F5A4F080F0F000D54585F5F5A51514F1F545B365C365836085B51363A0C1B1F000A0C4939080A02495A4F0A000D545C2F2B5C502B5150595E5E2B5D2B59502B5A2C282B5F50582B2D585E5E502F5C4F081D545D5C592A2F2A5A59505E5A2D58582D2D50585F59585F5F5A5151282A2F2F2F2F4F1E1D545D5D0B5E5C0C5B5E59584F0B00545A5B594F04061B1901000D54001B185D4F1B0C1F000D54505D5B5F690701

http://77.93.75.148/img/cntr.dll?sid=E0545F5A4F080F0F000D54585F5F5A51514F1F545B365C365836085B51363A0C1B1F000A0C4939080A02495A4F0A000D545E5D502C505C5C5E595B2D285D2F5E2D282A2B5B2D502B2B2F515F2A2F582B504F081D542C2F2F5D2C2F5B5F505F2D2F58582D2D2B5E2C2A585F5F5A5151282A2F2F2F2F4F1E1D54510A0B0B5C0C5B5E59584F0B00545A5B594F04061B1901000D54001B185D4F1B0C1F000D54505D5B5F698901

http://85.17.166.232/form/index.dll?setid=irq4&affid=164573&uid=F12497C0820D11DD9EE5164573CFFFFF&rid=zdez&guid=3B2EA59765304A519BF58B34667106AA

http://85.17.166.232/form/index.dll?setid=an2g&affid=166350&uid=B6D91FFC927D11DD85CB166350CFFFFF&rid=gl2vmclr&guid=251CCB529BF24D359ABDF4494AE0949E

http://85.17.166.232/form/index.dll?setid=irq4&affid=150044&uid=13B8E62A758811DD84E5150044CFFFFF&rid=zdez&guid=605760C6C2F54BBF8701D02E80E28BEC

http://scanner.rapid-antivirus.com/setup/install_4746_NnwzNnwxMDIwMDAwMDAwfHx8fHx8fHw_.exe
http://iabestscan.com/common/destrub.js
Welcome to my personal blog
http://www.pcsecuritylabs.net/jeffrey/

November 14, 2008, 03:54:16 pm
Reply #104

SysAdMini

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 3335
Code: [Select]
91.203.93.61/25/2/getfile.php?f=pdf
beshragos.com/work/getfile.php?f=pdf

and some more in this nice article

http://ddanchev.blogspot.com/2008/11/embassy-of-brazil-in-india-compromised.html
Ruining the bad guy's day