Author Topic: Malicious Domains By SpiderLover  (Read 34308 times)

0 Members and 1 Guest are viewing this topic.

May 02, 2010, 05:31:41 pm
Reply #30

SpiderLover

  • Sr. Member

  • Offline
  • ****

  • 137
Exploit/Not sure if they're using a kit.
Code: [Select]
http://def.ignorelist.com/info/us1.html/s002106203317r0409Rb28b2372X01bf1f30Y4a624ce5Z0100f060Edit: Forgot to check the database, many apologies.

May 04, 2010, 02:13:38 pm
Reply #31

SpiderLover

  • Sr. Member

  • Offline
  • ****

  • 137
Code: [Select]
194.8.250.43/main.php?land=20&affid=12400Fake Scanner Page.

May 04, 2010, 02:16:44 pm
Reply #32

SpiderLover

  • Sr. Member

  • Offline
  • ****

  • 137
Code: [Select]
http://download-hosting-now.com/get.php?sc=1&id=neonFake AV.

May 04, 2010, 04:43:32 pm
Reply #33

SpiderLover

  • Sr. Member

  • Offline
  • ****

  • 137
Fake Scanner Page.
Code: [Select]
194.8.250.160/main.php?land=20&affid=12400

May 04, 2010, 04:58:15 pm
Reply #34

SpiderLover

  • Sr. Member

  • Offline
  • ****

  • 137
Fake Scanner Page.
Code: [Select]
http://download-hosting-now.com/secure2/?id=neon

May 04, 2010, 05:45:22 pm
Reply #35

SpiderLover

  • Sr. Member

  • Offline
  • ****

  • 137
Any idea as to what this is?
Code: [Select]
abidin.ab.funpic.de/ActiveX.exeVirusTotal: 6/40
http://www.virustotal.com/analisis/0bfb3a97357c16608d5f00c0ec588ba2ea5228944e923452ba0f8d6b18b244f7-1272994347

Something interesting I noticed when running it in Sandboxie, perhaps making it a keylogger...
Location of the file: "C:\Sandbox\Windows_XP\DefaultBox\drive\C\Windows\Temp\downloadfromweb.txt"

Quote
[VirusTotal - Free Online Virus and Malware Scan - Result - Microsoft Internet E]-[1:35:43 PM]

[Sandboxie Control]-[1:35:46 PM]

[Windows Explorer]-[1:35:51 PM]

[DefaultBox]-[1:35:52 PM]

[user]-[1:35:53 PM]

[current]-[1:35:54 PM]

[Cookies]-[1:35:54 PM]

[current]-[1:35:55 PM]

[Local Settings]-[1:35:56 PM]

[History]-[1:35:57 PM]

[History.IE5]-[1:35:58 PM]

[Sandboxie Control]-[1:36:00 PM]

[VirusTotal - Free Online Virus and Malware Scan - Result - Microsoft Internet E]-[1:36:13 PM]

[Sandboxie Control]-[1:36:19 PM]

[VirusTotal - Free Online Virus and Malware Scan - Result - Microsoft Internet E]-[1:36:21 PM]
 [Ctrl] c
[Sandboxie Control]-[1:36:41 PM]

[VirusTotal - Free Online Virus and Malware Scan - Result - Microsoft Internet E]-[1:36:44 PM]

[Sandboxie Control]-[1:37:11 PM]

[Windows Explorer]-[1:37:26 PM]

[DefaultBox]-[1:37:26 PM]

[user]-[1:37:27 PM]

[current]-[1:37:28 PM]

[Cookies]-[1:37:29 PM]

[current]-[1:37:30 PM]

[Local Settings]-[1:37:30 PM]

[Temporary Internet Files]-[1:37:32 PM]

[Sandboxie Control]-[1:37:33 PM]

[VirusTotal - Free Online Virus and Malware Scan - Result - Microsoft Internet E]-[1:37:35 PM]

[Start Menu]-[1:38:22 PM]

[Microsoft Internet Explorer]-[1:38:23 PM]

[http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome - Microsoft I]-[1:38:24 PM]

[No page to display - Microsoft Internet Explorer]-[1:38:27 PM]
threatexpert.com [Enter]

[ThreatExpert - Automated Threat Analysis - Microsoft Internet Explorer]-[1:38:34 PM]

[VirusTotal - Free Online Virus and Malware Scan - Result - Microsoft Internet E]-[1:39:13 PM]

[ThreatExpert - Automated Threat Analysis - Microsoft Internet Explorer]-[1:39:16 PM]

[ThreatExpert - Submit Your Sample Online - Microsoft Internet Explorer]-[1:39:39 PM]

[Open]-[1:40:25 PM]

[Choose file]-[1:40:25 PM]

[ThreatExpert - Submit Your Sample Online - Microsoft Internet Explorer]-[1:40:27 PM]
EMAIL REMOVED [Shift] 'yah [Back]  [Back]  [Back] yahoo.com
[Sandboxie Control]-[1:40:42 PM]

[Windows Explorer]-[1:40:46 PM]

[DefaultBox]-[1:40:46 PM]

[drive]-[1:40:49 PM]

[C]-[1:40:49 PM]

[Windows]-[1:40:50 PM]

[Temp]-[1:40:51 PM]

[Untitled - Notepad]-[1:40:53 PM]

[downloadfromweb - Notepad]-[1:40:53 PM]

[Temp]-[1:41:10 PM]

[Untitled - Notepad]-[1:41:11 PM]

[downloadfromweb - Notepad]-[1:41:11 PM]

[Temp]-[1:41:17 PM]

[ThreatExpert - Submit Your Sample Online - Microsoft Internet Explorer]-[1:41:20 PM]

[Temp]-[1:41:34 PM]

[downloadfromweb Properties]-[1:41:37 PM]
 [Ctrl] c
[Temp]-[1:41:42 PM]

Will get a ThreatExpert report up soon.

May 04, 2010, 05:56:02 pm
Reply #36

SpiderLover

  • Sr. Member

  • Offline
  • ****

  • 137

May 05, 2010, 10:17:37 pm
Reply #37

SpiderLover

  • Sr. Member

  • Offline
  • ****

  • 137
Fake AV.
Code: [Select]
http://www.rtsantivirus2010.com/SetupRSTAV2010.msi

May 06, 2010, 12:55:04 am
Reply #38

SpiderLover

  • Sr. Member

  • Offline
  • ****

  • 137
Fake AV/Security Tool.
Code: [Select]
http://www.claribell.pl/sklep/images/news/hd_codec.exe

May 06, 2010, 01:35:53 am
Reply #39

SpiderLover

  • Sr. Member

  • Offline
  • ****

  • 137

May 06, 2010, 03:04:50 am
Reply #40

SpiderLover

  • Sr. Member

  • Offline
  • ****

  • 137
Fake AV Scanner Page/Download.
Code: [Select]
lemanu1f1duo.com/go/
Code: [Select]
lemanu1f1duo.com/go/avs.exe

May 06, 2010, 03:21:20 am
Reply #41

SpiderLover

  • Sr. Member

  • Offline
  • ****

  • 137
Fake AV Downloads.
Code: [Select]
http://hyper-security5.com/download/RunAV_15.exe
Code: [Select]
http://hyper-security5.com/download/RunAV_369s2.exe
Code: [Select]
http://hyper-security5.com/download/RunAV_103s1.exe

May 07, 2010, 01:16:04 am
Reply #42

SpiderLover

  • Sr. Member

  • Offline
  • ****

  • 137
Fake AV Scanner Page/Download.
Code: [Select]
http://grahscansecurity.org/
Code: [Select]
http://grahscansecurity.org:81/download.php?q=bd6744c31329d8a1090105d6dd355393&load_counter=1

May 07, 2010, 04:11:24 pm
Reply #43

SpiderLover

  • Sr. Member

  • Offline
  • ****

  • 137
VirTool:Win32/CeeInject.gen!DN
Code: [Select]
http://s25-ac.photosharebox.com/cache/2437657/IMAGEN029.JPG/get.phpVirusTotal: 9/41
http://www.virustotal.com/analisis/3448f183c509eab2047409d0b8d25d51f95eb50ecfd424bdfd01adbc51cdf8f4-1273248526

May 08, 2010, 12:18:31 am
Reply #44

SpiderLover

  • Sr. Member

  • Offline
  • ****

  • 137
Fake AV.
Code: [Select]
download-hosting-now.org/get.php