Malware Domain List
Malware Related => Malicious Domains => Topic started by: sowhat-x on November 16, 2007, 06:41:26 am
-
hxxp://mama.jopenkk.com/down/dogdel.exe
hxxp://mama.jopenkk.com/down/arpkk.exe
-> Rar sfx archive,containing Winpcap's dlls and driver,
and also some other NsPacked packet sniffer or so...
hxxp://mama.jopenkk.com/down/hosts.exe
And here's what I've found in the strings of this last one hosts.exe,
my guess JohnC will love this one... :)
hxxp://rrr.jopenkk.com/down/a.txt
For the sake of easiness,I copy/paste a.txt's contents,
some nice guys here,we've met a few of them before...
I've replaced the string "www" with "ccc",
in order for the links to not be directly clickable...
127.0.0.1 ccc.851733.cn
127.0.0.1 ccc.9669093.com
127.0.0.1 ccc.2gvn.cn
127.0.0.1 vvv.3x7x.cn
127.0.0.1 366ip.com
127.0.0.1 aa.18dd.net
127.0.0.1 wvw.8x9x8.cn
127.0.0.1 rrr.rfhwfhw.com
127.0.0.1 pu.xiahou2008.com
127.0.0.1 sdo.969111.com
127.0.0.1 ccc.15197.com
127.0.0.1 down.18dd.net
127.0.0.1 xxx.cslr1.com
127.0.0.1 zzz.cslr1.com
127.0.0.1 wvw.xiahou2008.com
127.0.0.1 xiahou2008.com
127.0.0.1 zzz.cslr1.com
127.0.0.1 cao.ganbibi.com
127.0.0.1 w.1030829.com
127.0.0.1 q.1030829.com
127.0.0.1 ccc.cwliu.cn
127.0.0.1 d5.xihai.com
127.0.0.1 ccc.dream5920.cn
127.0.0.1 web.2008yi.com
127.0.0.1 mmm.mm5208.com
127.0.0.1 xx.9365.org
127.0.0.1 ccc.puma166.com
127.0.0.1 mlcro-soft.cn
127.0.0.1 ccc.mlcro-soft.cn
127.0.0.1 mms.nmmmn.com
127.0.0.1 ccc.171l73.cn
127.0.0.1 171l73.cn
127.0.0.1 pu.puma163.com
127.0.0.1 ccc.5415.info
127.0.0.1 ccc.so14.cn
127.0.0.1 so14.cn
127.0.0.1 5415.info
127.0.0.1 ddd.nmmmn.com
127.0.0.1 ccc.puma166.com
127.0.0.1 ccc.nmmmn.com
127.0.0.1 ccc.my1231.com
127.0.0.1 ccc.ndnd.info
127.0.0.1 xz.88889999.info
127.0.0.1 ccc.ndnd.info
127.0.0.1 iii.832823.cn
127.0.0.1 aaa.369678.cn
127.0.0.1 imobile.8866.org
127.0.0.1 xxx.745970.com
127.0.0.1 ooo.745970.com
127.0.0.1 xxx.18dmm.com
127.0.0.1 ooo.18dmm.com
127.0.0.1 down.dj7788.cn
127.0.0.1 i.ip777.net
127.0.0.1 ccc.686ip.cn
127.0.0.1 z.glo123.com
127.0.0.1 ccc.puma166.com
127.0.0.1 ccc.17y1.cn
127.0.0.1 ccc.csfqw.com
127.0.0.1 go.bannerbox.cn
127.0.0.1 59.34.197.239
127.0.0.1 ccc.17y1.cn
127.0.0.1 go.ipcenter.cn
127.0.0.1 ccc.520018.com
127.0.0.1 ccc.851733.cn
127.0.0.1 xz.88889999.info
127.0.0.1 miss123.xicp.net
127.0.0.1 ccc.060s.com
127.0.0.1 ccc.wjlys.com
127.0.0.1 ccc.globbs.com
127.0.0.1 ccc.glocn.com
127.0.0.1 ccc.glo123.com
127.0.0.1 mil.globbs.com
127.0.0.1 ccc.tql2l.com
127.0.0.1 59.34.197.239
127.0.0.1 go.bannerbox.cn
127.0.0.1 ip.adanywhere.cn
127.0.0.1 ccc.chattime.cn
127.0.0.1 ccc.b1ueidea.com
127.0.0.1 www1.winopen.cn
127.0.0.1 ccc.fundbase.cn
127.0.0.1 xxx.745970.com
127.0.0.1 ccc.heiwuya.cn
127.0.0.1 ccc.heiwuya.cn
127.0.0.1 ccc.f1ash512.com
127.0.0.1 ccc.heijingang.cn
127.0.0.1 mlcro-soft.cn
127.0.0.1 union.mmtw.cn
127.0.0.1 ccc.tql2l.com
127.0.0.1 mms.nmmmn.com
127.0.0.1 ccc.17jiaoyou.cn
127.0.0.1 ccc.goodchat.cn
127.0.0.1 jjj.jfhwfhw.com
127.0.0.1 ip1.adanywhere.cn
127.0.0.1 ooo.832823.cn
127.0.0.1 ads.ganbibi.com
127.0.0.1 ccc.ioco.info
127.0.0.1 ccc.nmmmn.com
127.0.0.1 ccc.88889999.info
127.0.0.1 ddd.369678.cn
127.0.0.1 5x.3x7x.cn
-
Those domains are more than likely all malicious in that hosts file. Looks like the author of the malware which uses it is trying to protect the computer from other widely known malicious sites, in an effort to cut out the competition. Similar things have been done by IRC bots in the past, with options to patch systems after exploiting them.
Thanks for the domains. I'll try and get through some of the ones in that hosts file soon to :)