new domain:
-hxxp://brekoshentos.info/1/tmp/des.jar
-http://195.242.161.138/1/tmp/des.jar
malware:
hxxp://www.fondospara.com/js/1/tmp/
source:
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<html>
<head>
<title>Index of /js/1/tmp</title>
</head>
<body>
<h1>Index of /js/1/tmp</h1>
<ul><li><a href="/js/1/"> Parent Directory</a></li>
<li><a href="all.pdf"> all.pdf</a></li>
<li><a href="allv7.pdf"> allv7.pdf</a></li>
<li><a href="collab.pdf"> collab.pdf</a></li>
<li><a href="des.jar"> des.jar</a></li>
<li><a href="flash.swf"> flash.swf</a></li>
<li><a href="geticon.pdf"> geticon.pdf</a></li>
<li><a href="ie.html"> ie.html</a></li>
<li><a href="libtiff.pdf"> libtiff.pdf</a></li>
<li><a href="newplayer.pdf"> newplayer.pdf</a></li>
<li><a href="printf.pdf"> printf.pdf</a></li>
<li><a href="vistaie7.html"> vistaie7.html</a></li>
<li><a href="vistan7ie8.html"> vistan7ie8.html</a></li>
<li><a href="vistan7other.html"> vistan7other.html</a></li>
<li><a href="xpie7.html"> xpie7.html</a></li>
<li><a href="xpie8.html"> xpie8.html</a></li>
<li><a href="xpother.html"> xpother.html</a></li>
</ul>
<address>Apache/2.2.11 (Unix) mod_ssl/2.2.11 OpenSSL/0.9.7a Phusion_Passenger/2.2.11 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 Server at w/w/w.fondospara.com Port 80</address>
</body></html>
sample analisis of colllab.pdf
http://wepawet.iseclab.org/view.php?hash=e973ea02ca811ae7b03e55ed6704bcb7&t=1272016961&type=js
Topic: url malware domain (Read 3909 times)
