Malware Domain List

Malware Related => Malicious Domains => Topic started by: hhhobbit on December 16, 2010, 06:22:26 pm

Title: PhishTank submissions
Post by: hhhobbit on December 16, 2010, 06:22:26 pm
From PhishTank:

http://www.villeblevin.fr/uploads/associations/ConsultaMultaOnline.php

http://triatlon.org/install_versao2010.exe

Normal websites, but the URLs are being distributed in email or they wouldn't be at PhishTank
Title: Re: PhishTank submissions
Post by: hhhobbit on December 16, 2010, 06:35:20 pm
Oops, one more:

http://www.radiojovemrio.com/site/media/arquivo/Dsc_14021.html

Downloads a file called  lnstall.exe
(that is an "L" at the start, not a Capital "I" (eye),
or a "1" (one)

I asked PhishTank to give us a "malware" button.  No soap. That gives me a dilemna.  Should I click on "it's a phish" which it is not or "it's not a phish"  which it is but designating it as such ignores the obvious fact that it is an extremely dangerous URL.  In fact, by clicking on it is okay basically protects the malware from that point on. Most of them start with less than 5 AV detecting at VirusTotal or only 1-2 at Jotti.

More will be added as I find them at PhishTank.  I was trolling for patterns to add to the PAC filter.  Everything I have tried just seem to give FPs and little to no protection.  Phishers are always changing their MO.

Title: Re: PhishTank submissions
Post by: hhhobbit on December 09, 2011, 01:02:44 pm
A new one:

http://chronicworship.com/plugins/content/user_logout_SFWM.php

First redirect was to
www.sairaah.com

Second redirect was to:
www.clubs.chuyenluongthevinh.com

The name of file in both cases was:
PDF-to-Word-Trial-09-12-2011-Setup.com

Kaspersky Name:
Trojan.Win32.Jorik.Vobfus.kel
Title: PhishTank submissions
Post by: hhhobbit on December 09, 2011, 01:11:27 pm
Another one:

epaper.yosungroup.com/epaper/images/4/4m89fh39fg95.pac

This is a PAC filter that filters out everything good and directs you to something bad.
My PAC filter blocks all files with extension ".pac".
Title: Re: PhishTank submissions
Post by: michajp on January 26, 2012, 03:07:31 pm
Hello,


Normal websites, but the URLs are being distributed in email or they wouldn't be at PhishTank



I believe that PhishTank does not only get submissions of links which are distributed by mail.

Cheers