Malware Domain List

Malware Related => Malicious Domains => Topic started by: rawdata on March 24, 2011, 11:14:38 am

Title: And more Trojan/Bancos
Post by: rawdata on March 24, 2011, 11:14:38 am

The site is hosted at:

Code: [Select]

http://210.18.21.12.sify.net/images/view.asp?4959322000000 (210.18.21.12)
This redirects to:

Code: [Select]

http://70.168.253.213/includes/DOC2421995221142442.exethis is a Trojan/Downloader, which after being run downloads files from:

Code: [Select]

http://www.neslhk.com/obr/biling/a.gif
http://www.neslhk.com/obr/biling/b.gif
http://www.neslhk.com/obr/biling/li.gif
The following requests for this trojan are returning 404:

Code: [Select]

http://www.naturesunshinegt.com/plugins/system/legacy/wab.php
http://www.colegiometas.com.br/hwid.ini

A fake receipt is stored at:

Code: [Select]

http://70.46.79.251/PSP/PSP/comprovativo.html


Title: Re: And more Trojan/Bancos
Post by: volksjaeger on March 30, 2011, 02:50:24 am

Trojan;

Code: [Select]

www.controlacnenow.com/?p=3437JS/Clicker.CA
JS/Downloader.Agent
TrojanClicker:HTML/Iframe.J
http://www.virustotal.com/file-scan/report.html?id=10de2ff2f02348192b7696ce4c9b563045a1a5a79a80653b082ccce142a031db-1301452951