Author Topic: daily something...... (Read 844608 times)

RS-232 · April 29, 2009, 11:13:38 am

Quote

hxxp://betbigwager.cn/in.cgi?income
hxxp://hotslotpot.cn/in.cgi?income
hxxp://litecarfinestsite.cn/in.cgi?income
hxxp://litecartop.cn/in.cgi?income
hxxp://lotultimatebet.cn/in.cgi?income

sparsha · April 29, 2009, 05:10:57 pm

Code: [Select]

http://nhgfngfdhngf.com/fff9999.php?aid=40012&uid=e0905079d41d8cd98f00b204e9800998ecf8427e&os=512

http://imageempires.com/perce/1e20a980a5c00739dd84315d884c4d49081fa0501bd2a074be995820802939a85eec2ff8a432377ec/64d050a1229/perce.jpg
http://sphericalart.com/item/be3049005510b7d9dd4431fdd86c2d79b80fa0a0bbd2e034ae4908f0f02989a86eccafc8e45297bea/c4a07021c2e/item.gif
http://imagesmonitor.com/werber/e4d08081926/216.jpg
http://em.pc-on-internet.com/eas?camp=22768&ty=ct&popt1=1220&popt2=DE
http://download.web-mediaplayer.com/Web-MediaPlayer_setup.php?grpid=2053&tag_id=717&nums=FFjwag.AAA&popt1=1220&popt2=DE

Rogues

Code: [Select]

http://pcantimalware.com/PCAntiMalwareScannerSetup.exe
http://pc-privacydefender.com/PCPrivacyDefenderScannerSetup.exe

http://totalsystemguard.com/page.php?id=44
http://totalvirushield.com/download.php?affid=00000
http://totalvirushield.com/install/ws.zip

http://pro-scanner-antivir-free.com/11041/3/
http://files.loads-antiviral-files.com/normal/setup_11041_3_1.exe

Fake codecs

Code: [Select]

http://kokc-softportal.com/softwarefortubeview.40006.exe
http://uploadsmovies.com/codec/106.exe

CkreM · April 30, 2009, 03:47:13 am

Trojan:

Code: [Select]

secure123.org/img/winagent.exehttp://www.virustotal.com/analisis/cae7efe27fcd81c66f8e050b937de712
Trojan:

Code: [Select]

neirrela92-ammi.cn/it021.exehttp://www.virustotal.com/analisis/4cd315b8b8cbcd96802332a6ba59d90d
Trojan:

Code: [Select]

fddporn.net/6007_1.exehttp://www.virustotal.com/analisis/e2cdbb3586041e93705d5e88a3d72d42
fake AV:

Code: [Select]

fddporn.com/av.26.0.exehttp://www.virustotal.com/analisis/7f7dccb45937295dd11c73a989330b61
the fake AV website:

Code: [Select]

antiwareprotect.comthe fake payment site:

Code: [Select]

https://secure.paysecureorder.com/order?agree=on&prodid=2&r=1.0&butt=
Exploit/trojan:

Code: [Select]

karavan.us/bon/index.phphttp://wepawet.cs.ucsb.edu/view.php?hash=6b8c81232ad4b6589475d706c22a061a&t=1241050191&type=js
Exploit/trojan:

Code: [Select]

karavan.us/sng/cache/readme.pdfhttp://wepawet.cs.ucsb.edu/view.php?hash=3738291a02aadc69a7c9ed9e692d9b67&t=1241050218&type=js

XiTri · April 30, 2009, 10:19:43 am

Code: [Select]

http://neono.biz/opi/index.php
http://neono.biz/opi/cache/readme.pdf
http://neono.biz/opi/cache/flash.swf
http://neono.biz/opi/load.php
http://neono.biz/myy/load.php

sriramp · April 30, 2009, 01:33:46 pm

hxxp://egangoff.com/images/pdf.php
hxxp://egangoff.com/images/builder.php - Flash

RS-232 · April 30, 2009, 04:18:00 pm

Quote

hxxp://liora.co.za/images/
http://wepawet.cs.ucsb.edu/view.php?hash=6751dee94cb3088705b66504d435a934&t=1241108619&type=js
http://www.virustotal.com/analisis/506618b146220329eb6ac64c552d0aed

sparsha · April 30, 2009, 04:54:15 pm

Code: [Select]


bitcoreguard.net
bitcoreguard.com
guardlab.com
guardav.com
coreguard2009.com
coreguard2009.biz
coreguard2009.net
coreguardlab2009.biz
coreguardlab2009.net
coreguardlab2009.com
guardlab2009.biz
guardlab2009.net
guardlab2009.com

http://coreguard2009.com/coreguardd.exe
http://guardlab2009.com/InstallerWF.exe

Another interesting site from this gang??

Code: [Select]

just4yourtranquillity.com

RS-232 · April 30, 2009, 05:31:59 pm

Quote

hxxp://bigbargin.cn/file1.exe

And that's what happens to lamers still using MicroJoiner in 2009...

http://www.virustotal.com/analisis/2977518dd680ba0acde393f6e9d58a10

From a well-known net neighbourhood...

Quote

hxxp://downfilg.com/in.cgi?2&a=1.exe // where "1" can be substituted with whatever string you want...
hxxp://keygroundc.com/download/1%2Eexe
http://www.virustotal.com/analisis/00f4e6ad59857e5d9a0920052317a471

sparsha · April 30, 2009, 06:37:56 pm

Little bit of this and a little bit of that

Code: [Select]

http://fast-scanner-av-pro.com/11041/3/

http://thefullvirusscan.com/download.php?affid=08073

http://kekc-softportal.com/softwarefortubeview.40012.exe

http://upd.pccleansolution.com/?proto=4&rc=UAMS-0001-8882-7773&v=99.3.3.1&abbr=WBASE&platform=nt&os_version=5.1.2600.2.0&ac=B10511E3-DB89-4D8F-9666-5A0BA1ED885F&appid=UAMS&em=&pcid=2561334094&sv=

ReturnCode: 0
Text: 
ProductVersion: 99.3.3.351
File:MalwareDB3510.exe,3871295,684586667,http://dl.setforinfo.com/updates/83/153/MalwareDB3510.exe
File:vbpv.dat,10,-830365698,http://dl.setforinfo.com/updates/83/153/vbpv.dat
File:update.script,143,-1272521259,http://scripts.setforinfo.com/update_script.php?ids=285_287

RS-232 · April 30, 2009, 07:10:56 pm

Quote

hxxp://prodownloadmanager.com/install.php

RS-232 · April 30, 2009, 08:20:15 pm

http://www.bfk.de/bfk_dnslogger.html?query=195.2.253.41#result

traff.loadmore.eu is already in list...

traff.loadd.in is Virut-related:
http://www.threatexpert.com/report.aspx?md5=4586242be6d360f577725e1487c2d7cf
http://www.prevx.com/filenames/1076913952874868034-X1/KEYGEN_SPYHUNTER.SECURITY.SUITE.V3.7.19%5B.html

And regarding the other 2 domains there...

Quote

hxxp://fineles.yourfoxlink.net/download/1.exe // ...very well-detected,you can change "1" to whatever string you want...
http://www.virustotal.com/analisis/9739b2f5e6adee880d9b86687d2c7ba1
Result: 34/40 (85%)

Quote

hxxp://yourfoxlink.net/files/1.exe // ...you can change "1" to whatever string you want...
hxxp://www.virustotal.com/analisis/d113e8d8aae448d9ebe320b7f9c15696
Result:10/40 (25%)

CkreM · April 30, 2009, 11:14:55 pm

Trojans:

Code: [Select]

gertruweq.com/ee/gld.exehttp://www.virustotal.com/analisis/92dbc2bad00080a577cb17ecb7cfd7b2

Code: [Select]

gertruweq.com/ee/ret.exehttp://www.virustotal.com/analisis/9a8654be39f40883c05c6b44708596cd

Code: [Select]

gertruweq.com/ee/9.exehttp://www.virustotal.com/analisis/f3fc6085f437fb11591a79c2c1331e43

CkreM · May 01, 2009, 06:12:52 am

Exploit/trojan:

Code: [Select]

adul8tra.cn/forum/foxpdf.phphttp://wepawet.iseclab.org/view.php?hash=fbc7708cc988b8a5709796f83197a905&t=1241158354&type=js

Code: [Select]

k1l3r.ru/Y/include/spl.phphttp://wepawet.iseclab.org/view.php?hash=b673dbc9d832f66c67af103cb1dbf9e8&t=1240825850&type=js

Malware-Web-Threats · May 02, 2009, 12:06:50 am

Code: [Select]

hxxp://basesrv3.net/yes/load.phpVirusTotal: Trojan - 21/38 (55.26%)

Code: [Select]

hxxp://ldj5.biz/fo/exe.phpVirusTotal: Trojan - 11/40 (27.50%)
------------

Code: [Select]

hxxp://pushtutempo.com/uniq3/loads.php?id=88VirusTotal: Trojan - 4/40 (10%)
ThreatExpert
Anubis Report

connect to:

Code: [Select]

hxxp://verringo.cn/bmngr2/controller.php?action=bot&entity_list=&uid=&first=1&guid=13441600&rnd=3862340
hxxp://verringo.cn/bmngr2/controller.php?action=report&guid=0&rnd=3862340&uid=&entity=1239797538:unique_start

SysAdMini · May 02, 2009, 10:36:43 am

Code: [Select]

dolchepopka.ru/ol/in.phphttp://wepawet.cs.ucsb.edu/view.php?hash=c5e81e17c05c73c50ffd675d7932f33d&t=1241260417&type=js

Code: [Select]

http://dolchepopka.ru/1/load.php?id=6http://www.virustotal.com/de/analisis/b788baee70eaf595b2e8fc726484f8cf 10/40

Code: [Select]

http://dolchepopka.ru/ol/load.php?id=3http://www.virustotal.com/de/analisis/f95123d5cf3281012c6cc0766b381db1 4/40

Author Topic: daily something...... (Read 844608 times)

RS-232

Re: daily something......

sparsha

Re: daily something......

CkreM

Re: daily something......

XiTri

Re: daily something......

sriramp

Re: daily something......

RS-232

Re: daily something......

sparsha

Re: daily something......

RS-232

Re: daily something......

sparsha

Re: daily something......

RS-232

Re: daily something......

RS-232

Re: daily something......

CkreM

Re: daily something......

CkreM

Re: daily something......

Malware-Web-Threats

Re: daily something......

SysAdMini

Re: daily something......