Author Topic: rogueAV in Mandarin or Cantonese???  (Read 3006 times)

0 Members and 1 Guest are viewing this topic.

September 14, 2010, 09:02:29 pm
Read 3006 times

crunchtime

  • Special Access
  • Full Member

  • Offline
  • *

  • 54
Not sure what language they are using but this looks like rogueAV to me:
hxxp://update.onescan.co.kr/bin/onescanU.exe
hxxp://update.onescan.co.kr/bin/onescan.exe
hxxp://update.onescan.co.kr/bin/uninst_onescan.exe
hxxp://update.onescan.co.kr/bin/onescanBK.exe
hxxp://update.onescan.co.kr/bin/onescandm.exe

The IP hosting the domain onescan.co.kr is hosting some additional variants:
ns.greenvaccine.co.kr    A    115.68.13.175
onescan.co.kr    A    115.68.13.175
ns.onescan.co.kr    A    115.68.13.175
ns.proboan.co.kr    A    115.68.13.175
ns.infocleannet.co.kr    A    115.68.13.175