Malware Domain List

Malware Related => Malicious Domains => Topic started by: philipp on July 18, 2008, 11:43:12 am

Title: youreasyretirement.com
Post by: philipp on July 18, 2008, 11:43:12 am
received several of those today:

Code: [Select]
Return-Path: <accounting@beschulte.de>
X-Original-To: uucp@xxx.de
Delivered-To: uucp@xxx.de
X-policyd-weight: using cached result; rate: -5.5
Received: from tap.prospect.volia.net (tap.prospect.volia.net [77.123.206.138])
by family.xxx.de (Postfix) with SMTP id 985149FA32BA
for <uucp@xxx.de>; Fri, 18 Jul 2008 10:53:28 +0200 (CEST)
Content-Return: allowed
X-Mailer: CME-V6.5.4.3; MSN
Message-Id: <20080718135115.13617.qmail@tap.prospect.volia.net>
To: <uucp@xxx.de>
Subject: Free Video
From: <uucp@xxx.de>
MIME-Version: 1.0
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Date: Fri, 18 Jul 2008 10:53:28 +0200 (CEST)
X-DSPAM-Result: Spam
X-DSPAM-Processed: Fri Jul 18 10:53:35 2008
X-DSPAM-Confidence: 0.9922
X-DSPAM-Probability: 1.0000
X-DSPAM-Signature: 48805a0f179125876319797

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<head>
  <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
 </head>
        <html>
<body>
<tr>
<td class=EC_container bgcolor="#F2F2F2">
<table cellpadding=0 cellspacing=0 width="100%">
<tr>
<td>
                                                                                       
                                                <font color="#FF0000"><a href="http://www.youreasyretirement.com/images/scan.exe"><b><font size="+1">Free Video Nude Anjelia Jolie <b></a></font></p>
                    </td>
</tr>
<tr>
<td class=EC_legal>
<strong>About this mailing: </strong><br>
You are receiving this e-mail because you subscribed to MSN Featured Offers. Microsoft respects your privacy. If you do not wish to receive this MSN Featured Offers e-mail, please click the "Unsubscribe" link below. This will not unsubscribe
you from e-mail communications from third-party advertisers that may appear in MSN Feature Offers. This shall not constitute an offer by MSN. MSN shall not be responsible or liable for the advertisers' content nor any of the goods or service
 advertised. Prices and item availability subject to change without notice.<br><br>

_2008 Microsoft | <a href="http://www.msn.com" target="_blank">Unsubscribe</a> | <a href="http://www.msn.com" target="_blank">More Newsletters</a> | <a href="http://www.msn.com" target="_blank">Privacy</a><br><br>
Microsoft Corporation, One Microsoft Way, Redmond, WA 98052

               

</td>
</tr>
</table>
</td>
</tr>
</table>



        </div>
    </div>

          </div>
   
    </body>
</html>

--> hxxp://www.youreasyretirement.com/images/scan.exe (md5: 29e20a4a5df73afee7acb3194f244b8e)
Title: Re: youreasyretirement.com
Post by: MysteryFCM on July 19, 2008, 12:27:41 pm
Tis a crypt.xpack variant. Looking at the site itself, it looks like a scammers, so I'm not hopeful of the domain owner sorting this out.

I've got in touch with Gnax, but they're always terribly slow in responding.
Title: Re: youreasyretirement.com
Post by: philipp on July 19, 2008, 12:51:50 pm
thanks MysteryFCM.

Here are some more:

hxxp://www.nortonsoft.com/supportlogic/smilies/video-nude-anjelia.avi.exe
hxxp://www.resellrightsgems.com/hostgator/scan.exe
Title: Re: youreasyretirement.com
Post by: sowhat-x on July 19, 2008, 02:54:58 pm
Quote
hxxp://www.back-pain-helper.com/images/scan.exe
Same MD5 as MysteryFCM's sample above...
Title: Re: youreasyretirement.com
Post by: sowhat-x on July 19, 2008, 03:09:51 pm
And one "angelia" as well...
Quote
hxxp://www.alfatrade.com.br/img/img_center_home/video-nude-anjelia.avi.exe
Title: Re: youreasyretirement.com
Post by: MysteryFCM on July 19, 2008, 03:18:21 pm
Quote
hxxp://www.back-pain-helper.com/images/scan.exe
Same MD5 as MysteryFCM's sample above...

Or philipp's even ;)
Title: Re: youreasyretirement.com
Post by: JohnC on July 20, 2008, 12:15:56 pm
Thank you.
Title: Re: youreasyretirement.com
Post by: philipp on July 22, 2008, 09:49:11 am
Code: [Select]
http://www.clubfreedom.ru/images/.../video-nude-anjelia.avi.exe
Title: Re: youreasyretirement.com
Post by: sowhat-x on July 22, 2008, 12:39:09 pm
Quote
hxxp://www.blogjing.com/images/video-nude-anjelia.avi.exe
hxxp://www.gechen.com/images/video-nude-anjelia.avi.exe
hxxp://www.cookiegift.com.co/_vti_txt/video-nude-anjelia.avi.exe
hxxp://www.altusmimarlik.com/images/havas/Thumbnails/video-nude-anjelia.avi.exe
Title: Re: youreasyretirement.com
Post by: philipp on July 25, 2008, 09:48:33 am
Code: [Select]
http://avtodesk.biz/images/.../video-nude-anjelia.avi.exe
http://www.expancia.net/images/project/.../video-nude-anjelia.avi.exe
http://www.edu-association.ru/img/.../video-nude-anjelia.avi.exe
http://argusandmatador.com/images/imgs/video-nude-anjelia.avi.exe
http://otul.com.ar/sitios/johnfoos/video-nude-anjelia.avi.exe
http://www.inaemfraga.com/img/icons/video-nude-anjelia.avi.exe
Title: Re: youreasyretirement.com
Post by: philipp on July 28, 2008, 09:48:19 am
Code: [Select]
http://knockonwoodworks.com/images/video-nude-anjelia.avi.exe
http://sedmikraska.wz.cz/images/_vti_cnf/video-nude-anjelia.avi.exe
http://www.icandyart.biz/SpryAssets/video-nude-anjelia.avi.exe
Title: Re: youreasyretirement.com
Post by: JohnC on July 30, 2008, 07:08:55 pm
Thanks.