Author Topic: daily something......  (Read 797415 times)

0 Members and 1 Guest are viewing this topic.

March 19, 2009, 12:13:20 pm
Reply #180

DiFor

  • Jr. Member

  • Offline
  • **

  • 19
Full file list on the server with sploits:
Code: [Select]
06014.htm
92.htm
gif.gif.htm
lz.htm
lz2.htm
office.htm
old.htm
real.gif
real2.htm
sina.htm
swf.htm
swf2.htm
swfobject.js
tj.htm
UU.htm

March 19, 2009, 04:46:24 pm
Reply #181

CkreM

  • Special Access
  • Hero Member

  • Offline
  • *

  • 567
Rogue

Code: [Select]
http://mostpopularscan.com/
http://fullantispywareonlinescane.com/
http://fullantispywareonlinescane.com/promo/download/trial/InstallAVg_444.exe
http://filefixpro.com
http://free-web-scaners.com/disk/?code=286


Mal-Aware

March 20, 2009, 05:03:51 am
Reply #182

sparsha

  • Special Members
  • Hero Member

  • Offline
  • *

  • 305
Rogue related sites:

Code: [Select]
webscannertools.com
central-scan.com/full.exe

Fullantispywareonlinescane.com
antispywareupdateservice.com/download/security.bmp
platinumsecurityupdate.com/tsc/winsource.dll
thankyouforinstall.cn/order_xp.php?ver=444
powerfullantivirusproduct.com/order_av.php?ver=444

March 20, 2009, 08:56:31 am
Reply #183

SysAdMini

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 3335
Code: [Select]
asionigolo.com/stats.php?id=21946398
leonads.com/stats-xp/1/
redirect to
Code: [Select]
84654321.cn/index.phphttp://wepawet.iseclab.org/view.php?hash=a9f579db0d42f30653ad3c7470164cdb&t=1237539274&type=js
Ruining the bad guy's day

March 20, 2009, 09:02:34 am
Reply #184

sowhat-x

  • Guest
Quote
hxxp://sadcwed.hostindianet.com/cache/readme.pdf

Result: 3/39 (7.7%):
http://www.virustotal.com/analisis/e0bbd1fd0710e2d670f8fb2fad822dc6

Quote
hxxp://sadcwed.hostindianet.com/cache/flash.swf

Result: 1/39 (2.57%)
http://www.virustotal.com/analisis/040394b274ccb44c3188719fd77448c8

March 20, 2009, 10:19:42 am
Reply #185

SysAdMini

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 3335
Quote
hxxp://sadcwed.hostindianet.com/cache/readme.pdf

Code: [Select]
perfectnamestore.cn/in.cgi?income4
namebuyline.cn/in.cgi?income2

redirect you to this site. Some days ago they led to LuckySploit, today the lead to these exploits.
Ruining the bad guy's day

March 20, 2009, 03:24:41 pm
Reply #186

SysAdMini

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 3335
Code: [Select]
nuevas-videpostales.serveftp.net/retrieve/verpostal/ActiveX-Installer.exe
http://www.virustotal.com/analisis/a81a097348e41b3b8e27f79ed612812a 9/39
MD5...: 35414bbe4473ee111f54f5369da4a453
a-squared   4.0.0.101   2009.03.20   P2P-Worm.Win32.Palevo!IK
BitDefender   7.2   2009.03.20   Worm.P2P.Agent.Q
GData   19   2009.03.20   Worm.P2P.Agent.Q
Ikarus   T3.1.1.48.0   2009.03.20   P2P-Worm.Win32.Palevo
McAfee+Artemis   5558   2009.03.19   Generic!Artemis
Microsoft   1.4502   2009.03.20   Worm:Win32/Silly_P2P.G
Prevx1   V2   2009.03.20   High Risk Cloaked Malware
Sophos   4.39.0   2009.03.20   Sus/Autorun-E
Symantec   1.4.4.12   2009.03.20   W32.SillyFDC
Ruining the bad guy's day

March 20, 2009, 03:47:33 pm
Reply #187

SysAdMini

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 3335
Ruining the bad guy's day

March 21, 2009, 02:19:07 am
Reply #188

sowhat-x

  • Guest
Quote
...redirect you to this site. Some days ago they led to LuckySploit, today the lead to these exploits.
There's more than one malware domains in the same ip... here's another one for example:
hxxp://ghrgt.hostindianet.com
My guess they'll continue registering domains over it every once in a while...
http://www.robtex.com/ip/94.247.3.151.html

Edit: Seems like the whole of 94.247.0.0/22 should be monitored for possible "updates",heh...

March 21, 2009, 02:26:41 am
Reply #189

SysAdMini

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 3335
Edit: Seems like the whole of 94.247.0.0/22 should be monitored for possible "updates",heh...

Oh yes.

http://www.bfk.de/bfk_dnslogger.html?query=94.247.3.151#result
Ruining the bad guy's day

March 21, 2009, 02:29:34 am
Reply #190

sowhat-x

  • Guest

March 21, 2009, 03:23:25 am
Reply #191

sowhat-x

  • Guest
Quote
hxxp://porn-money.org/in.cgi?5
hxxp://dissolute-office.com/123.php
hxxp://gujjipuzzi.net/in.cgi?pipka
hxxp://benyodil.cn/pagess.html
hxxp://benyodil.cn/senks/al1/1/info.php
hxxp://gcounter.cn
hxxp://divinets.cn/z/5.htm
hxxp://divinets.cn/z/z.htm
hxxp://agkt.info/evo/count.php?o=4
hxxp://agkt.info/evo/exploits/x19.php?o=2&t=1237604581&i=1430963245

Quote
hxxp://tayforlive.ru/loader.exe
hxxp://20-ka.cn/bots/svchost.exe
hxxp://rampartech.com
hxxp://typyxiolix.com/stats-xp/
hxxp://84654321.cn/load.php
hxxp://pingpinghost.com/license.exe

March 21, 2009, 05:35:39 pm
Reply #192

CkreM

  • Special Access
  • Hero Member

  • Offline
  • *

  • 567
some malware
Code: [Select]
http://www.milehighhomefinder.com/include/class/tinymce1/a.exe
http://c-0p.cn:6135/qwer/lzz.css
Mal-Aware

March 21, 2009, 05:47:25 pm
Reply #193

CkreM

  • Special Access
  • Hero Member

  • Offline
  • *

  • 567
Ambler trojan c&c panel login:

Code: [Select]
http://www.mybussines.biz/best/admin.php
http://fixet.ru/admin.php
Mal-Aware

March 22, 2009, 09:10:47 am
Reply #194

CkreM

  • Special Access
  • Hero Member

  • Offline
  • *

  • 567
rogue:

Code: [Select]
win-pc-defender.com
http://www.threatnuker.com/bin/ThreatNukerSetup.exe
Mal-Aware