Malware Domain List

Malware Related => Malicious Domains => Topic started by: eoin.miller on August 26, 2009, 06:53:23 pm

Title: Windows Protection Suite
Post by: eoin.miller on August 26, 2009, 06:53:23 pm
Once installed, malware calls home to

Code: [Select]
User-Agent: Mozilla/3.0 (compatible; TALWinInetHTTPClient)
Accept: text/html, */*
Proxy-Connection: Keep-Alive

Response back includes domains for which to talk to:
Code: [Select]



Also contacts to produce html/image content for the fraud payment site:

Fraudulant payment processing is handled by,WIPS_EN_00,WIPS_EN_01,ACTF_EN,EDS_EN_S&sku_checked=1&nid=15edf56585c7bc5a46d843def95b7c48&affid=7&lid=wvXP;b_Unknown;1;11011;0;0;-1;10

Some of the domains are in the MDL, but the following domains are not and should be considered for being added to MDL: