Malware Domain List

Malware Related => Malicious Domains => Topic started by: sowhat-x on November 16, 2007, 06:41:26 am

Title: mama.jopenkk.com
Post by: sowhat-x on November 16, 2007, 06:41:26 am
Quote
hxxp://mama.jopenkk.com/down/dogdel.exe

Quote
hxxp://mama.jopenkk.com/down/arpkk.exe
-> Rar sfx archive,containing Winpcap's dlls and driver,
and also some other NsPacked packet sniffer or so...

Quote
hxxp://mama.jopenkk.com/down/hosts.exe
And here's what I've found in the strings of this last one hosts.exe,
my guess JohnC will love this one...  :)

Quote
hxxp://rrr.jopenkk.com/down/a.txt

For the sake of easiness,I copy/paste a.txt's contents,
some nice guys here,we've met a few of them before...
I've replaced the string "www" with "ccc",
in order for the links to not be directly clickable...
Quote
127.0.0.1 ccc.851733.cn
127.0.0.1 ccc.9669093.com
127.0.0.1 ccc.2gvn.cn
127.0.0.1 vvv.3x7x.cn
127.0.0.1 366ip.com
127.0.0.1 aa.18dd.net
127.0.0.1 wvw.8x9x8.cn
127.0.0.1 rrr.rfhwfhw.com
127.0.0.1 pu.xiahou2008.com
127.0.0.1 sdo.969111.com
127.0.0.1 ccc.15197.com
127.0.0.1 down.18dd.net
127.0.0.1 xxx.cslr1.com
127.0.0.1 zzz.cslr1.com
127.0.0.1 wvw.xiahou2008.com
127.0.0.1 xiahou2008.com
127.0.0.1 zzz.cslr1.com
127.0.0.1 cao.ganbibi.com
127.0.0.1 w.1030829.com
127.0.0.1 q.1030829.com
127.0.0.1 ccc.cwliu.cn
127.0.0.1 d5.xihai.com
127.0.0.1 ccc.dream5920.cn
127.0.0.1 web.2008yi.com
127.0.0.1 mmm.mm5208.com
127.0.0.1 xx.9365.org
127.0.0.1 ccc.puma166.com
127.0.0.1 mlcro-soft.cn
127.0.0.1 ccc.mlcro-soft.cn
127.0.0.1 mms.nmmmn.com
127.0.0.1 ccc.171l73.cn
127.0.0.1 171l73.cn
127.0.0.1 pu.puma163.com
127.0.0.1 ccc.5415.info
127.0.0.1 ccc.so14.cn
127.0.0.1 so14.cn
127.0.0.1 5415.info
127.0.0.1 ddd.nmmmn.com
127.0.0.1 ccc.puma166.com
127.0.0.1 ccc.nmmmn.com
127.0.0.1 ccc.my1231.com
127.0.0.1 ccc.ndnd.info
127.0.0.1 xz.88889999.info
127.0.0.1 ccc.ndnd.info
127.0.0.1 iii.832823.cn
127.0.0.1 aaa.369678.cn
127.0.0.1 imobile.8866.org
127.0.0.1 xxx.745970.com
127.0.0.1 ooo.745970.com
127.0.0.1 xxx.18dmm.com
127.0.0.1 ooo.18dmm.com
127.0.0.1 down.dj7788.cn
127.0.0.1 i.ip777.net
127.0.0.1 ccc.686ip.cn
127.0.0.1 z.glo123.com
127.0.0.1 ccc.puma166.com
127.0.0.1 ccc.17y1.cn
127.0.0.1 ccc.csfqw.com
127.0.0.1 go.bannerbox.cn
127.0.0.1 59.34.197.239
127.0.0.1 ccc.17y1.cn
127.0.0.1 go.ipcenter.cn
127.0.0.1 ccc.520018.com
127.0.0.1 ccc.851733.cn
127.0.0.1 xz.88889999.info
127.0.0.1 miss123.xicp.net
127.0.0.1 ccc.060s.com
127.0.0.1 ccc.wjlys.com
127.0.0.1 ccc.globbs.com
127.0.0.1 ccc.glocn.com
127.0.0.1 ccc.glo123.com
127.0.0.1 mil.globbs.com
127.0.0.1 ccc.tql2l.com
127.0.0.1 59.34.197.239
127.0.0.1 go.bannerbox.cn
127.0.0.1 ip.adanywhere.cn
127.0.0.1 ccc.chattime.cn
127.0.0.1 ccc.b1ueidea.com
127.0.0.1 www1.winopen.cn
127.0.0.1 ccc.fundbase.cn
127.0.0.1 xxx.745970.com
127.0.0.1 ccc.heiwuya.cn
127.0.0.1 ccc.heiwuya.cn
127.0.0.1 ccc.f1ash512.com
127.0.0.1 ccc.heijingang.cn
127.0.0.1 mlcro-soft.cn
127.0.0.1 union.mmtw.cn
127.0.0.1 ccc.tql2l.com
127.0.0.1 mms.nmmmn.com
127.0.0.1 ccc.17jiaoyou.cn
127.0.0.1 ccc.goodchat.cn
127.0.0.1 jjj.jfhwfhw.com
127.0.0.1 ip1.adanywhere.cn
127.0.0.1 ooo.832823.cn
127.0.0.1 ads.ganbibi.com
127.0.0.1 ccc.ioco.info
127.0.0.1 ccc.nmmmn.com
127.0.0.1 ccc.88889999.info
127.0.0.1 ddd.369678.cn
127.0.0.1 5x.3x7x.cn
Title: Re: mama.jopenkk.com
Post by: JohnC on November 16, 2007, 02:22:10 pm
Those domains are more than likely all malicious in that hosts file. Looks like the author of the malware which uses it is trying to protect the computer from other widely known malicious sites, in an effort to cut out the competition. Similar things have been done by IRC bots in the past, with options to patch systems after exploiting them.

Thanks for the domains. I'll try and get through some of the ones in that hosts file soon to :)