Author Topic: daily something......  (Read 832718 times)

0 Members and 1 Guest are viewing this topic.

May 07, 2009, 03:48:19 pm
Reply #390

CkreM

  • Special Access
  • Hero Member

  • Offline
  • *

  • 567
Koobface:
Code: [Select]
70.105.181.119/setup.exe
98.228.135.203/setup.exe
129.119.193.233/setup.exe
http://www.virustotal.com/analisis/89e1b7e8bf4f2be5773a1000a8dd3817
Mal-Aware

May 11, 2009, 03:40:51 am
Reply #391

CkreM

  • Special Access
  • Hero Member

  • Offline
  • *

  • 567
Koobface:
Code: [Select]
86.121.7.57/setup.exe
69.247.67.92/setup.exe
Trojan:
Code: [Select]
greatjobdealuk.info/isp/upload/socksbot.exe http://www.virustotal.com/analisis/ef89795fe5c6a42f855e37216328e0cb
Mal-Aware

May 11, 2009, 04:15:15 pm
Reply #392

Malware-Web-Threats

  • Special Members
  • Hero Member

  • Offline
  • *

  • 354
    • MalwareURL
216.240.143.7
Fake codec page:
Code: [Select]
hxxp://better-tube-show.com/xxplay.php?id=40009
Registrant: Bobby Macleod (bobbym806@ gmail.com)

216.240.148.9
Returns malware urls:
Code: [Select]
hxxp://hjtktyjyhhn.com/fff9999.php?aid=0&uid=00cd1a40d41d8cd98f00b204e9800998ecf8427e&os=512
Registrant: Jameson Jack (cyber38462@ hotmail.com)

Quote
hxxp://imageempires.com/perce/8020ac6db14a14e0ed94c17da86c8d0938cff0c02ba29014aee9a81000a9b998de6c0f98a422879eb/400/perce.jpg hxxp://picturesoffline.com/item/60b08c6de14a64b07d04519db83c3dc948ef80e0bbf2e054ae09d830c0194928cecc8fb814f2678e0/b01/item.gif
hxxp://pictureswall.com/werber/b0f/216.jpg
hxxp://sdfv-programs.com/file.exe
ThreatExpert

70.86.3.198 [c6.3.5646.static.theplanet.com]
Trojan Clicker:
Code: [Select]
hxxp://jump1.info/xxx.exe
hxxp://xxx.host800.com/xxx.exe
VirusTotal - 24/40 (60.00%)
Registrant: yong wang (edizhu@ hotmail.com)
Registrant: youguang wang (edisoho@ hotmail.com)

Trojan GameThief OnLineGames:
61.174.68.24
Code: [Select]
hxxp://www.361safae.cn/img/sri1.gif
hxxp://www.361safae.cn/img/sri2.gif
hxxp://www.361safae.cn/img/sri3.gif
hxxp://www.361safae.cn/img/sri4.gif
hxxp://www.361safae.cn/img/sri5.gif
hxxp://www.361safae.cn/img/sri6.gif
hxxp://www.361safae.cn/img/sri7.gif
hxxp://www.361safae.cn/img/sri8.gif
hxxp://www.361safae.cn/img/sri9.gif
Registrant: Xie Yang (ylaoda88@ 163.com)
VirusTotal
VirusTotal
VirusTotal
VirusTotal
VirusTotal
VirusTotal
VirusTotal
VirusTotal

60.173.10.53
Code: [Select]
hxxp://ipshougou.com/down/qqma.exe
Registrant: phyto, phyto  (support@ tongyong.net)
VirusTotal

May 12, 2009, 08:09:50 am
Reply #393

CM_MWR

  • Special Members
  • Hero Member

  • Offline
  • *

  • 319
Drivebys

Code: [Select]
http://sdfv-programs.com/file.exe
http://wtopcompany.ru/cms/load.php
http://bdsm-movies.info/33/load.php
http://p0rn-movies.com/77/load.php
http://clicks100.ru/cms/index.php
http://clicks100.ru/cms/load.php?id=0
http://clicks100.ru/tmp/in.php?i=20661JNE1C4793&o=2
http://clicks100.ru/top100/iframe.php
http://beelposttraning.ru/s/default.cgi
http://beelposttraning.ru/s/in.cgi?3
http://dastrealworld.ru/dance.html
http://dastrealworld.ru/denunreal.html
http://dastrealworld.ru/maufeorl.html
http://dastrealworld.ru/ne/in.php
http://dwnld.offer-provider.com/secure/bec4d39b22049ff339f0b9e576c5299f/4a054ac1/vsm/vsm_free_setup.exe
http://dwnld.offer-provider.com/secure/ef6ca9ceb9b5bd94db5fa8bdd7889251/4a054035/vsm/vsm_free_setup.exe
http://internetnamestore.cn/cache/flash.swf
http://internetnamestore.cn/cache/readme.pdf
http://internetnamestore.cn/in.cgi?income23
http://internetnamestore.cn/in.cgi?income27
http://internetnamestore.cn/index.php
http://internetnamestore.cn/load.php?id=0
http://internetnamestore.cn/load.php?id=8
http://operative.cc/liveinternet/index.php
http://operative.cc/liveinternet/load.php?id=4679
http://operative.cc/liveinternet/pdf.php?id=4679
http://teyrebuf.cn/nuc/%E0%AC%8B%E0%AC%8BAAAAAAAAAAAAAAAAAAAAAAAAA
http://teyrebuf.cn/nuc/exe.php
http://teyrebuf.cn/nuc/index.php
http://teyrebuf.cn/nuc/spl/pdf.pdf
http://teyrebuf.cn/s/in.cgi?10
http://updateserver.info/cmp/controller.php?&ver=8&uid=dc2335ef&aid=astakiller&adm=adm&inst=1&br=IEXPLORE.EXE&os=XPSP2
http://updateserver.info/loads/astakiller.dll
http://zone2tech.info/skp66.exe

Mebroot

Code: [Select]
http://ijpabevvif.com/ld/gnh_2/gnh2.exe
http://ijpabevvif.com/ld/gnh_3/gnh3.exe
http://ijpabevvif.com/ld/gnh_4/gnh4.exe
http://ijpabevvif.com/ld/gnh_5/gnh5.exe
http://ijpabevvif.com/ld/gnh_7/gnh7.exe
http://ijpabevvif.com/ld/gnh_8/gnh8.exe
http://ijpabevvif.com/ld/gnh_9/gnh9.exe
http://ijpabevvif.com/ld/grg/grg.exe

Misc

Code: [Select]
http://www.dofulfill.info/Packer.dll
http://www.dofulfill.info/TRSOCR.dat
http://www.dofulfill.info/TRSOCR.ini
http://www.dofulfill.info/TRSOCR.dll
http://www.dofulfill.info/AdvOcr.dll
http://www.casadosrelojoeiros.com.br/Imagens/lo.jpg
http://www.onlyfreegames.net/screen41.jpg
http://www.onlyfreegames.net/screen42.jpg
http://61.19.252.95/apaches.gif
http://61.19.252.95/apachew.gif
http://866muma.3322.org/csru.exe
http://866muma.3322.org/csrb.exe
http://866muma.3322.org/csrx.exe
http://866muma.3322.org/csrp.exe
http://61.147.120.58/fuckq1q1q1q1q1q1q1q1/kill.exe
http://61.147.120.58/fuckq1q1q1q1q1q1q1q1/1.exe
http://61.147.120.58/fuckq1q1q1q1q1q1q1q1/2.exe
http://61.147.120.58/fuckq1q1q1q1q1q1q1q1/3.exe
http://61.147.120.58/fuckq1q1q1q1q1q1q1q1/4.exe
http://61.147.120.58/fuckq1q1q1q1q1q1q1q1/5.exe
http://61.147.120.58/fuckq1q1q1q1q1q1q1q1/6.exe
http://61.147.120.58/fuckq1q1q1q1q1q1q1q1/7.exe
http://61.147.120.58/fuckq1q1q1q1q1q1q1q1/8.exe
http://61.147.120.58/fuckq1q1q1q1q1q1q1q1/9.exe
http://61.147.120.58/fuckq1q1q1q1q1q1q1q1/10.exe
http://61.147.120.58/fuckq1q1q1q1q1q1q1q1/11.exe
http://61.147.120.58/fuckq1q1q1q1q1q1q1q1/12.exe
http://61.147.120.58/fuckq1q1q1q1q1q1q1q1/13.exe
http://61.147.120.58/fuckq1q1q1q1q1q1q1q1/14.exe
http://61.147.120.58/fuckq1q1q1q1q1q1q1q1/15.exe
http://61.147.120.58/fuckq1q1q1q1q1q1q1q1/16.exe
http://61.147.120.58/fuckq1q1q1q1q1q1q1q1/17.exe
http://61.147.120.58/fuckq1q1q1q1q1q1q1q1/18.exe
http://61.147.120.58/fuckq1q1q1q1q1q1q1q1/19.exe
http://61.147.120.58/fuckq1q1q1q1q1q1q1q1/20.exe
http://61.147.120.58/fuckq1q1q1q1q1q1q1q1/21.exe
http://61.147.120.58/fuckq1q1q1q1q1q1q1q1/22.exe
http://61.147.120.58/fuckq1q1q1q1q1q1q1q1/23.exe
http://61.147.120.58/fuckq1q1q1q1q1q1q1q1/24.exe
http://61.147.120.58/fuckq1q1q1q1q1q1q1q1/25.exe
http://61.147.120.58/fuckq1q1q1q1q1q1q1q1/26.exe
http://61.147.120.58/fuckq1q1q1q1q1q1q1q1/27.exe
http://61.147.120.58/fuckq1q1q1q1q1q1q1q1/28.exe
http://61.147.120.58/fuckq1q1q1q1q1q1q1q1/29.exe
http://61.147.120.58/fuckq1q1q1q1q1q1q1q1/30.exe
http://61.147.120.58/fuckq1q1q1q1q1q1q1q1/31.exe
http://61.147.120.58/fuckq1q1q1q1q1q1q1q1/32.exe
http://61.147.120.58/fuckq1q1q1q1q1q1q1q1/33.exe
http://122.224.48.228/fuckq1q1q1q1q1q1q1q1/a.exe
http://122.224.48.228/fuckq1q1q1q1q1q1q1q1/b.exe
http://122.224.48.228/fuckq1q1q1q1q1q1q1q1/c.exe
http://122.224.48.228/fuckq1q1q1q1q1q1q1q1/d.exe
http://122.224.48.228/fuckq1q1q1q1q1q1q1q1/e.exe
http://122.224.48.228/fuckq1q1q1q1q1q1q1q1/f.exe
http://122.224.48.228/fuckq1q1q1q1q1q1q1q1/g.exe
http://122.224.48.228/fuckq1q1q1q1q1q1q1q1/h.exe
http://122.224.48.228/fuckq1q1q1q1q1q1q1q1/45.exe
http://122.224.48.228/fuckq1q1q1q1q1q1q1q1/46.dll
http://122.224.48.228/fuckq1q1q1q1q1q1q1q1/47.dll
http://122.224.48.228/fuckq1q1q1q1q1q1q1q1/a.exe
http://122.224.48.228/fuckq1q1q1q1q1q1q1q1/48.dll
http://122.224.48.228/fuckq1q1q1q1q1q1q1q1/a.exe
http://122.224.48.228/fuckq1q1q1q1q1q1q1q1/49.dll
http://122.224.48.228/fuckq1q1q1q1q1q1q1q1/a.exe
http://122.224.48.228/fuckq1q1q1q1q1q1q1q1/51.dll
http://122.224.48.228/fuckq1q1q1q1q1q1q1q1/i.exe
http://122.224.48.228/fuckq1q1q1q1q1q1q1q1/j.exe
http://122.224.48.228/fuckq1q1q1q1q1q1q1q1/k.exe
http://122.224.48.228/fuckq1q1q1q1q1q1q1q1/cap.exe
http://122.224.48.228/fuckq1q1q1q1q1q1q1q1/m.exe
http://122.224.48.228/fuckq1q1q1q1q1q1q1q1/hun.dll
http://down.aqbo.cn/soft/tool/%E5%AE%A2%E6%88%B7%E7%AB%AF%E4%B8%8B%E8%BD%BD13354.exe
http://f1.hf3y5.com/1/AcX.exe
http://f1.hf3y5.com/9/AcX.exe
http://d1.hf3y5.com/1/AcX.exe
http://h1.dgfg4.com/01/AeX.exe
http://h1.dgfg4.com/02/AeX.exe
http://h1.dgfg4.com/03/AeX.exe
http://h1.dgfg4.com/04/AeX.exe
http://h1.dgfg4.com/06/AeX.exe
http://h1.dgfg4.com/07/AeX.exe
http://h1.dgfg4.com/08/AeX.exe
http://h1.dgfg4.com/09/AeX.exe
http://h1.dgfg4.com/10/AeX.exe
http://h1.dgfg4.com/11/AeX.exe
http://h1.dgfg4.com/12/AeX.exe
http://h1.dgfg4.com/13/AeX.exe
http://h1.dgfg4.com/14/AeX.exe
http://h1.dgfg4.com/15/AeX.exe
http://h1.dgfg4.com/16/AeX.exe
http://h1.dgfg4.com/17/AeX.exe
http://h1.dgfg4.com/18/AeX.exe
http://h1.dgfg4.com/20/AeX.exe
http://h1.dgfg4.com/21/AeX.exe
http://www.ppggg.com.cn/www.exe
http://www.ppppg.com.cn/www.exe
http://www.pppph.com.cn/www.exe
http://www.ppppj.com.cn/www.exe
http://exe316.com/xiao/111.exe
http://exe316.com/xiao/aa14.exe
http://exe316.com/xiao/aa18.exe
http://exe316.com/xiao/aa28.exe
http://exe316.com/xiao/aa33.exe
http://gm.adsl8899.cn/nl34.exe
http://gm.adsl8899.cn/nl37.exe
http://gm.adsl8899.cn/nl38.exe
http://gm.adsl8899.cn/nl40.exe
http://up.cj-vv.cn:889/up1/up.exe
http://u2.ovfr6.com/lmm/S15.exe
http://u2.ovfr6.com/lmm/S16.exe
http://u2.ovfr6.com/lmm/S21.exe
http://u2.ovfr6.com/lmm/S01.exe
http://u3.ovfr6.com/lmm/M33.exe
http://u3.ovfr6.com/lmm/M37.exe
http://u3.ovfr6.com/lmm/M15.exe
http://u3.ovfr6.com/lmm/M24.exe
http://u3.ovfr6.com/lmm/M02.exe
http://u2.ovfr6.com/lmm/S13.exe
http://u2.ovfr6.com/lmm/S17.exe
http://u2.ovfr6.com/lmm/S20.exe
http://u2.ovfr6.com/lmm/S11.exe
http://u2.ovfr6.com/lmm/S02.exe
http://u9.ovfr6.com/cjj/a1.exe
http://u9.ovfr6.com/cjj/a2.exe
http://u9.ovfr6.com/cjj/a8.exe
http://u9.ovfr6.com/cjj/a6.exe
http://u9.ovfr6.com/cjj/a9.exe
http://u9.ovfr6.com/cjj/a10.exe
http://u9.ovfr6.com/cjj/sb.exe
http://u9.ovfr6.com/ttt/01/01.exe
http://adimsceibh.com/progs/royyl/lvreefo.php
http://bddanhdnfl.net/progs/royyl/lvreefo.php
http://adimsceibh.com/progs/royyl/yhrrrrsfob
http://bddanhdnfl.net/progs/royyl/yhrrrrsfob
http://aaqkweoslz.com/progs/royyl/clmvviwj.php
http://aaqkweoslz.com/progs/royyl/cyiivvvjjw.php
http://aaqkweoslz.com/progs/royyl/ggcqqdde.php
http://aaqkweoslz.com/progs/royyl/kqddj.php
http://aaqkweoslz.com/progs/royyl/lvreefo.php
http://aaqkweoslz.com/progs/royyl/wspcpq.php
http://aaqkweoslz.com/progs/royyl/yhrrrrsfob
http://adimsceibh.com/progs/royyl/clmvviwj.php
http://adimsceibh.com/progs/royyl/cyiivvvjjw.php
http://adimsceibh.com/progs/royyl/ggcqqdde.php
http://adimsceibh.com/progs/royyl/kqddj.php
http://adimsceibh.com/progs/royyl/lvreefo.php
http://adimsceibh.com/progs/royyl/wspcpq.php
http://adimsceibh.com/progs/royyl/yhrrrrsfob
http://bazrvxedfe.net/aasuper0.php
http://bazrvxedfe.net/aasuper1.php
http://bazrvxedfe.net/aasuper2.php
http://bazrvxedfe.net/aasuper3.php
http://bddanhdnfl.net/aasuper0.php
http://bddanhdnfl.net/aasuper1.php
http://bddanhdnfl.net/aasuper2.php
http://bddanhdnfl.net/aasuper3.php
http://bhlmxnopqc.net/loaderadv563.exe
http://beelposttraning.ru/s/default.cgi
http://beelposttraning.ru/s/in.cgi?3
http://aksajans.com/1/6244.exe
http://aksajans.com/1/nfr.exe
http://aksajans.com/1/pp.06.exe
http://www.361safae.cn/img/sri1.gif
http://www.361safae.cn/img/sri2.gif
http://www.361safae.cn/img/sri3.gif
http://www.361safae.cn/img/sri4.gif
http://www.361safae.cn/img/sri5.gif
http://www.361safae.cn/img/sri6.gif
http://www.361safae.cn/img/sri7.gif
http://www.361safae.cn/img/sri8.gif
http://www.361safae.cn/img/sri9.gif
http://jump1.info/xxx.exe
http://xxx.host800.com/xxx.exe
http://imageempires.com/perce/8020ac6db14a14e0ed94c17da86c8d0938cff0c02ba29014aee9a81000a9b998de6c0f98a422879eb/400/perce.jpg http://picturesoffline.com/item/60b08c6de14a64b07d04519db83c3dc948ef80e0bbf2e054ae09d830c0194928cecc8fb814f2678e0/b01/item.gif
http://pictureswall.com/werber/b0f/216.jpg
http://89.149.227.200/item/1090.exe
http://89.149.227.200/item/1091.exe
http://89.149.227.200/item/1092.exe
http://89.149.227.200/item/1093.exe
http://89.149.227.200/item/1094.exe
http://89.149.227.200/item/1095.exe
http://89.149.227.200/item/1096.exe
http://89.149.227.200/item/1097.exe
http://89.149.227.200/item/1098.exe
http://89.149.227.200/item/1099.exe


May 12, 2009, 08:57:51 am
Reply #394

CkreM

  • Special Access
  • Hero Member

  • Offline
  • *

  • 567
Mebroot
Code: [Select]
http://ijpabevvif.com/ld/gnh_2/gnh2.exe
http://ijpabevvif.com/ld/gnh_3/gnh3.exe
http://ijpabevvif.com/ld/gnh_4/gnh4.exe
http://ijpabevvif.com/ld/gnh_5/gnh5.exe
http://ijpabevvif.com/ld/gnh_7/gnh7.exe
http://ijpabevvif.com/ld/gnh_8/gnh8.exe
http://ijpabevvif.com/ld/gnh_9/gnh9.exe
http://ijpabevvif.com/ld/grg/grg.exe

hamm,they changed thier way of infection again?
Mal-Aware

May 12, 2009, 10:47:20 am
Reply #395

sursmurf

  • Special Access
  • Full Member

  • Offline
  • *

  • 68

May 12, 2009, 02:34:13 pm
Reply #396

CkreM

  • Special Access
  • Hero Member

  • Offline
  • *

  • 567
KoobFace:
Code: [Select]
71.202.219.18/setup.exe
208.97.2.97/setup.exe
Trojan:
Code: [Select]
yourelitehosting.ru/taskmgr.exehttp://www.virustotal.com/analisis/4b38b6888024000227a834d65b612365
Trojan:
Code: [Select]
5file.ru/vkphoto.exe http://www.virustotal.com/analisis/b4c968b1eb1f4fa95fa9eca46b09adeb
Trojan:
Code: [Select]
bureau.co.il/web/system.exehttp://www.virustotal.com/analisis/31e365b7f7c555b50d752a9eb118ce1a

Fake AV:
Code: [Select]
adware-help.com/promo/anti-virus-1.php?uid=70e191e0aaeac213213a62e4c05c9977the downloaded file:
Code: [Select]
installz.cn/stubfiles/70e19.exehttp://www.virustotal.com/analisis/b18edcbad2b207e305d789afb32cd4e6
Mal-Aware

May 12, 2009, 11:28:56 pm
Reply #397

CM_MWR

  • Special Members
  • Hero Member

  • Offline
  • *

  • 319
Quote
hamm,they changed thier way of infection again?

Is strange yes, not sure what to make of it , see the iframes launch but nothing happens, then I can fetch binary locally using a direct link.

Maybe they know who i am by now.  :'(

May 13, 2009, 03:04:42 am
Reply #398

CkreM

  • Special Access
  • Hero Member

  • Offline
  • *

  • 567
redirects to rogue:
Code: [Select]
gorankscan.com
Fake AV:
Code: [Select]
scanlux4.info
pornproductions09.com/scan/?id=268
and the d/l file:
pornproductions09.net/codec.exe
http://www.virustotal.com/analisis/51f9f528c0444f84faa229177660ed09

Mebroot:
Code: [Select]
hiyuxngvif.com/cgi-bin/index.cgi?dxhttp://wepawet.cs.ucsb.edu/view.php?hash=8cadb9cae57538f219069c6cb2d44555&t=1242183318&type=js
Mal-Aware

May 13, 2009, 03:53:15 pm
Reply #399

michajp

  • Full Member

  • Offline
  • ***

  • 59
While checking some old LuckySploit URL, the following popped up instead:

Code: [Select]
hxxp://addobeflashplayer.net/update/?promoid=FbU9dTs
hxxp://addobeflashplayer.net/update/?promoid=Ve8Tnv4

With installer at:
Code: [Select]
hxxp://addobeflashplayer.net/get/flashplayer/current/install_flash_player.exe
http://www.virustotal.com/analisis/3185d068ff2871765328dcdc86d7affc

May 14, 2009, 05:55:07 am
Reply #400

CkreM

  • Special Access
  • Hero Member

  • Offline
  • *

  • 567
Mal-Aware

May 14, 2009, 10:19:45 am
Reply #401

SysAdMini

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 3335
Ruining the bad guy's day

May 14, 2009, 11:54:38 am
Reply #402

SysAdMini

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 3335
Ruining the bad guy's day

May 14, 2009, 07:20:35 pm
Reply #403

sparsha

  • Special Members
  • Hero Member

  • Offline
  • *

  • 305
Code: [Select]
http://internetsecuritymetrics.com/hitin.php?land=30&affid=01986
http://videoporntrue.net/pcdef.exe

May 14, 2009, 09:48:12 pm
Reply #404

SysAdMini

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 3335
Ruining the bad guy's day