Malware Domain List

Malware Related => Malicious Domains => Topic started by: SysAdMini on March 31, 2010, 05:06:50 pm

Title: Paypal malware modifies hosts file
Post by: SysAdMini on March 31, 2010, 05:06:50 pm
Someone reported malware on

Code: [Select]
esdem.net/updatePayPal.scr
This malware modifies hosts file and adds these entries.

Code: [Select]
206.217.196.222 www.paypal.com
206.217.196.222 paypal.com
206.217.196.222 www.paypal.com.au
206.217.196.222 paypal.com.au
Then it opens Paypal page in a new browser window.

Detection is low. VT 5/42

http://www.virustotal.com/analisis/6fd5fdb3ae861dd4bebbf7f00bf084e0799d5513364cbcff597782823f09a1d9-1270054871


http://camas.comodo.com/cgi-bin/submit?file=6fd5fdb3ae861dd4bebbf7f00bf084e0799d5513364cbcff597782823f09a1d9

http://www.sunbeltsecurity.com/cwsandboxreport.aspx?id=12058167&cs=B3BD81C17CC5A5C62A9DC2921D8A775D
Title: Re: Paypal malware modifies hosts file
Post by: Evilcry on April 01, 2010, 02:46:52 pm
Hi,

Just reversed this malicious application, here the link:

http://evilcodecave.blogspot.com/2010/04/paypal-malware-fake-update-analysis.html

Regards,
Giuseppe 'Evilcry' Bonfa'