Author Topic: cashsurfing.biz  (Read 4159 times)

0 Members and 1 Guest are viewing this topic.

November 19, 2008, 08:35:36 am
Read 4159 times

cconniejean

  • Special Members
  • Jr. Member

  • Offline
  • *

  • 34
Code: [Select]
hxxp://cashsurfing.biz/index.php?username=farznik
AntiVir alert for recognition pattern of the HTML/Crypted.Gen HTML script virus.

0x0 iframes on bottom of page:
Code: [Select]
Malicious 0x0 iframes:
1. 'hxxp://yahoo-analytics.net/count.php?o=2'
The yahoo one now redirects to:'hxxp://chtest.gooanal(dot)net/?o=2'

2. 'hxxp://pinoc.org/count.php?o=2'
Redirects to: 'hxxp://www.com.org/?not_found=pinoc.org'

3. 'hxxp://google-analyze.org/count.php?o=2'
Redirects to: 'hxxp://chtest.gooanal.net/?o=2

November 19, 2008, 08:39:36 am
Reply #1

sowhat-x

  • Guest
Thanks cconniejean  :)
For the record,there was a "gooanal" domain spreading pdf exploits couple days ago as well...
Quote
hxxp://2.gooanal.net/sis/getfile.php?f=pdf

November 19, 2008, 11:46:05 am
Reply #2

sowhat-x

  • Guest
And another "gooanal" pdf sample...
Quote
hxxp://rent1.gooanal.net/frd/getfile.php?f=vispdf
Result: 6/36 (16.67%)
http://www.virustotal.com/analisis/74ff44a02678d6da8f079cdefcd4c395

November 19, 2008, 12:30:31 pm
Reply #3

cconniejean

  • Special Members
  • Jr. Member

  • Offline
  • *

  • 34
Thank you. When CashSurfing was first reported on our forum a contact was sent to the site owner. The contact page also has this on it too. Thanks again for the assistance.