daily something......

[CkreM]

Fake AV:

Code: [Select]

ameraif.cn
amayrex.cn
adiosma.cn
ameycva.cn
apauzy.cn
securitytoolsworld.com
K00bface:

Code: [Select]

niceshoot89.com/software/04f456eca8/30000/1/Setup.exehttp://www.virustotal.com/analisis/33ee8d94223dc222cb5a4358f5ab4366dd3c4eeb43d2a7d2a2a3905c4e36cb25-1245307967

[CkreM]

Koobface:

Code: [Select]

nicevideo18.net/software/ea2faf7008/11400/1/Setup.exe
Exploits:

Code: [Select]

adultfex.com/lb/index.phphttp://wepawet.iseclab.org/view.php?hash=ffcb0d874f69382bc4e54caf0b450406&t=1245563029&type=js
PDF:

Code: [Select]

adultfex.com/lb/humourAlwaysHumour.pdfFlash:

Code: [Select]

adultfex.com/lb/usesHumour.swfTrojan:

Code: [Select]

adultfex.com/lb/update.phphttp://www.virustotal.com/analisis/4718ef3d0a751e94ce3a0e20385283d995ee82136e9638892eaf6bbc4795a3e5-1245563087

Trojans:

Code: [Select]

slil.ru/27769294/2fcdca20.4a3e7138/adware_crypt.exehttp://www.virustotal.com/analisis/0a08059aeaa955de3f5d08546f28c83db855d761082c4205811819195e185b04-1245566730

Code: [Select]

freshdownloadcenter.com/install.48232.exehttp://www.virustotal.com/analisis/debf5446d9ed6394fa72bb78f52e4e6ccffe0e4ec8960a3b7c0a2e92a714c369-1245566838

Code: [Select]

www.adult-you-tube.info/downloads/setup.exehttp://www.virustotal.com/analisis/38700a97d35bf78118d3c48d5f37a9150c18d194de58adb43dc6da27942bfc6b-1245567493

Code: [Select]

72.9.108.26/install_10.exehttp://www.virustotal.com/analisis/186ef67fadf42ac6eaee2b5d26a093e9adef6178caa8b42bd3f825405892c4c8-1245567635

Code: [Select]

adwareindependence.com/ppc/f494.exehttp://www.virustotal.com/analisis/b5006cc39bf7a7ff6a1b71c6d9033f67657cffae429ae34bc01b3c2f42ea7157-1245567981

Fake AV(malware doctor):

Code: [Select]

adwareindependence.com/scan/mlw.exehttp://www.virustotal.com/analisis/bfc294ae9aa0da8fd65544bdea740fc48b94b1608c7f9d99e6092153dd2029cd-1245567989

Fake payment site:

Code: [Select]

secure.best-internet-payments.com/cgi-bin/nph-pr/pandora/softcore/buy_soft.php?productid=malwaredoc01&advert=494malware calls home(receive malware links with the right parameters):

Code: [Select]

softwaresense-search.com/stat.php

[CkreM]

Exploits:

Code: [Select]

sterlate.comhttp://wepawet.iseclab.org/view.php?hash=f74e05ee99c0e925663a3451f1d85f34&t=1245570059&type=js
PDF:

Code: [Select]

sterlate.com/cache/readme.pdfFlash:

Code: [Select]

sterlate.com/cache/flash.swf(downloaded malware is offline)

Exploits:

Code: [Select]

sterlate.com/sng/index.phphttp://wepawet.iseclab.org/view.php?hash=d78519f72f81a626f04873713067717f&t=1245651339&type=js
PDF:

Code: [Select]

sterlate.com/sng/cache/readme.pdfFlash:

Code: [Select]

sterlate.com/sng/cache/flash.swfhttp://wepawet.iseclab.org/view.php?hash=253639a3e73fff185fbd4c489ab0335b&type=swf
Trojan:

Code: [Select]

sterlate.com/sng/load.php?id=5http://www.virustotal.com/analisis/a8ed3a72616d4d87020d37d7d2b90e2fcc32a5133d535d091970998fe39cd129-1245411696


Exploits(wepawet fails on this one):

Code: [Select]

forum.sc00d.cn/index.phphttp://jsunpack.jeek.org/dec/go?url=forum.sc00d.cn_index.php
PDF:

Code: [Select]

forum.sc00d.cn/pdf.php?id=11Trojan:

Code: [Select]

forum.sc00d.cn/load.php?id=11&spl=4http://www.virustotal.com/analisis/ff60d4703813e84c5237c95aa0f0c52295945c8f76f03152fa4dd6972e1b3263-1245649899

Trojans:

Code: [Select]

nsmercuryplanet.ru/dast.exehttp://www.virustotal.com/analisis/7d515de9754257b6d5cbc05682bb7d82d2d7c92786f51bb9fecd291f64ad6739-1245649810

Code: [Select]

gold-smerch.cn/flash.exehttp://www.virustotal.com/analisis/140a5961f36bd6a2645f77e74defd8985084f6a6fed6592920aba48eb511ea7d-1245649827

Malware calls home:

Code: [Select]

bytecode.biz/stats/in.php

[sparsha]

More rogue sites:

Code: [Select]


Internetware-safe.com
Kingpinservers.info
Mal-warexls.net

http://youravprotection.com/support
http://www.registerantivirus.com/
http://www.avprotectionstat.com/index.php


[sursmurf]

Code: [Select]

hXXp://ribboninn.com/djellow.exe
[VT 5/41]
http://www.virustotal.com/sv/analisis/3a93b168267d7ddc8c034303b817e0ea297a000df40761bb7f5a79faa68bb295-1245847100

[sursmurf]

Another site, same file as above

Code: [Select]

http://76380.webhosting29.1blu.de/djellow.exe

[sursmurf]

New binary and URL

Code: [Select]

http://www.hzcpwl.cn/djellow.exe
[VT 6/41]
http://www.virustotal.com/sv/analisis/2b27e47c7f8d2195d5473d400a1e4ccec79049c6d84203e27003e5e2daaa95b7-1245924902

[sursmurf]

Code: [Select]

http://transein.com/_test_01-07/getexe.php
[VT 5/41]
http://www.virustotal.com/sv/analisis/7d168c70d66f83b9876c31227af4e595b5d40ea03df6a624f8669c2cddb9661f-1245929271

[sursmurf]

Code: [Select]

http://213.182.197.42/load.php[VT 10/41]
http://www.virustotal.com/sv/analisis/2cc7714f5b1d89fd90aa73df48f1770f1e7222553fe1955542ca82194f114d18-1245941662

PDF

Code: [Select]

http://213.182.197.42/pdf.php[VT 10/41]
http://www.virustotal.com/sv/analisis/0ce86e1f37aa5fd6651a2d40bf9b3c3d9dce6859a4fabf0e72fdff2de42a1f1d-1245941687


Flash

Code: [Select]

http://213.182.197.42/swf.php[VT 9/41]
http://www.virustotal.com/sv/analisis/ff04bb1c9f9b2d20ec22cabbd6c7d6e382762961080440a9418731a4b05be15d-1245941702

[CkreM]

Trojans:

Code: [Select]

satanic.easycoding.org/file.exehttp://www.virustotal.com/analisis/eb70c986ee061898ce2c23e2b37a92a65458f0744aebe2e4e7838a70023cafec-1245985908

Code: [Select]

keule557.cn/2.exehttp://www.virustotal.com/analisis/0bb0fab4f476de542bcae7b8338793e705d4bbaad2511210e94958784e45aec3-1245985956

Code: [Select]

keule557.cn/805.exehttp://www.virustotal.com/analisis/d1ab115a3b62876adcbd571be2be685e1af1672f506b8a084e52308fc5dbdcd9-1245985980

Code: [Select]

usrvnu.ru/infect.phphttp://www.virustotal.com/analisis/b7b4f921db11b06919834a8f8b2c96efabe8d6919da067ea011d736e37c2187e-1245986114

Code: [Select]

roons.cn/ded/Project2.exehttp://www.virustotal.com/analisis/d07e34d88fa067fe1d942670df0dad29e555fd5841a19f46d47dd56f50f74be5-1245986217

Trojan Pinch:

Code: [Select]

woons.cn/pinch_no_cript.exe

[sursmurf]

zbot

Code: [Select]

http://javiercubel.com/statement_45365352.exe
[VT9/41]
http://www.virustotal.com/sv/analisis/046d3796c3dc4620f2c54c6439f11a5f4dd3faf4d513ed0dcb9f640780009022-1246020252

[sursmurf]

Zbot

Code: [Select]

http://update.microsoft.com.hillij.com/microsoftofficeupdate/isapdl/default.aspx/officexp-KB910721-FullFile-ENU.exe
[VT 13/41]
http://www.virustotal.com/sv/analisis/b6c9a2125a43133d681be0e27aac281f404e29b5e6f031d04a789ff6f0bc8218-1246048421

[cjeremy]

PSW Trojan Fun:

Code: [Select]

http://winddk.ch.ma/dd.txtLeads to:

Code: [Select]

http://ztb.cztv.tv/360/1.exe
http://ztb.cztv.tv/360/2.exe
http://ztb.cztv.tv/360/7.exe
http://ztb.cztv.tv/360/88.exe
http://ztb.cztv.tv/360/9.exe

Been a while since I visited.  Hope all is well with everyone!

[sursmurf]

Code: [Select]

http://artmarket.or.kr/ecard.exe
[VT 6/41]
http://www.virustotal.com/sv/analisis/89e12bf34116897c63b6e1a98a328e16222f33dab4b2aee2400c60aa3e7a1aaf-1246197175

[Malware-Web-Threats]

195.190.13.106 / Cutwail

Code: [Select]

hxxp://109438129432.cn/load.phpVirusTotal - 23/40 (57.50%)

Code: [Select]

hxxp://234273849543.cn/load.phpVirusTotal - 23/40 (57.50%)

Code: [Select]

hxxp://438723847234.cn/load.phpVirusTotal - 12/41 (29.27%)
ThreatExpert

--
61.235.123.140
exploits / trojan

Code: [Select]

hxxp://witsibux.cn/hi/index.php
hxxp://witsibux.cn/hi/update.php
hxxp://witsibux.cn/hi/belowNotH.pdf
hxxp://witsibux.cn/hi/humourOf.swf
Wepawet
VirusTotal - 2/41 (4.88%)