daily something......

[sursmurf]

Trojan:

Code: [Select]

hXXp://mediahousenamebuyvideo.cn:8080/load.phpVT 8/40
http://www.virustotal.com/sv/analisis/93a126695d599d3c50147010fe2f337155f211b8fd43256e9ec89c77e4ed84bb-1244666759

PDF:

Code: [Select]

hXXp://mediahousenamebuyvideo.cn:8080/cache/readme.pdfVT 15/40
http://www.virustotal.com/sv/analisis/948c50b18fcd2a2f71faf6257fcddcdacfa5ed55af17ceafecced4bdd8ebab8a-1244666624

Flash:

Code: [Select]

hXXp://mediahousenamebuyvideo.cn:8080/cache/flash.swfVT 22/39
http://www.virustotal.com/sv/analisis/8fa7088e7dae6ff5f9c4f5eaff14de22e2198b28946472486a5045e44d0d5b5d-1244666646

[promised]

banker

hxxp://71.174.51.86/images/logout.jpg

[Malware-Web-Threats]

Code: [Select]

jenesaisrien.com:8080/load.php
vds659.sivit.org:8080/load.php
shopmoviefestival.cn:8080/load.php
s72-38-121-90.static.comm.cgocable.net:8080/load.php
static-86-94.is.net.pl:8080/load.php
s15238535.onlinehome-server.info:8080/load.php
tweetwitter.com:8080/load.php
gianttopdiscover.cn:8080/load.php
247orders.com:8080/load.php
4-job.com:8080/load.php
server.edwinbuckley.co.uk:8080/load.php
infostore.ca:8080/load.php
roleski.pl:8080/load.php
wtssurvey.com:8080/load.php
findabigrig.cn:8080/load.php
shopmovieproduction.cn:8080/load.php
fancystarlight.com:8080/load.php
lomianki.com:8080/load.php
thegeekdude.com:8080/load.php
theadsensekid.com:8080/load.php
thehomename.cn:8080/load.php
eszafiry.com:8080/load.php
mlodapara.com:8080/load.php
obraczki.com:8080/load.php
readymixbet.cn:8080/load.php
namemartfilmlife.cn:8080/index.php
xbuzzer.com:8080/load.php
spigotinch.com:8080/load.php
smsconnectnow.com:8080/load.php
numberingcite.com:8080/load.php
typicalprecedent.com:8080/load.php
findyourbigidea.cn:8080/load.php
findbigthinkers.cn:8080/load.php
bigskytopguide.cn:8080/load.php
michaelsbestway2findalawyer.cn:8080/load.php
hugetopseek.cn:8080/load.php

VirusTotal
ThreatExpert

hxxp://78.109.29.116/new/controller.php?action=bot&entity_list=&uid=1&first=1&guid=13441600&rnd=981633

[Malware-Web-Threats]

redirects by telemedia.m77s[.]cn:
Wepawet

exploits:

Code: [Select]

f97q.cn/images/index.php
Wepawet

pdf:

Code: [Select]

f97q.cn/images/spl/pdf.pdf
Wepawet

trojan:

Code: [Select]

f97q.cn/images/exe.php
VirusTotal - 6/40 (15.00%)
Anubis

From ANUBIS:1032 to 78.109.25.217:80 - [r99u.cn] 
Request: GET /myl/464664.php?id=470261258&v=101&tm=33&b=9671316727 
Response: 200 "OK" 
Request: GET /myl/exe/loader.exe 
Response: 200 "OK"

 

[CkreM]

Trojan:

Code: [Select]

fer5woi.ru/1t.exeTrojan:

Code: [Select]

dirtylivesex.net/fuflo_v1.exehttp://www.virustotal.com/analisis/4784550551e642a6f133bfec4877af63a801d48f01e7fa6c33378abf1ed167e9-1244732363
Trojan:

Code: [Select]

rezident77.ru/files/s66.exehttp://www.virustotal.com/analisis/403f79bd1e23384be42728583872ba6eb43621db55c7a7aaea242f79938f8f24-1244732262

Exploits:

Code: [Select]

domainzzoom.ru/in.phphttp://wepawet.iseclab.org/view.php?hash=dacf686bc48b5f9aec70cc8cbc6b248e&t=1244731801&type=js
PDF:

Code: [Select]

domainzzoom.ru/pdf.phpfake AV:

Code: [Select]

domainzzoom.ru/load.php?id=2http://www.virustotal.com/analisis/d1c8dea9489502866622d1d45d0a0fe80eb06ede51b32484711416a96cd1df1f-1244731949

fake payment site:

Code: [Select]

securebillingsoftware.com/buy.php?affid=03500

[Malware-Web-Threats]

redirects:

Code: [Select]

thelotmachine.cn:8080/in.cgi
thenetnameshop.cn:8080/in.cgi
compoundcapitolgroup.cn:8080/in.cgi
mixlotworld.cn:8080/in.cgi
superlottry.cn:8080/in.cgi
webnamemart.cn:8080/in.cgi

payloads:

Code: [Select]

adsl.141.255.0.72.maskatel.ca:8080/load.php
bunchguide.cn:8080/load.php
bigtopfindsite.cn:8080/load.php
bigtopfindsite.cn:8080/cache/readme.pdf
bigtopfindsite.cn:8080/cache/flash.swf
filmlifeimages.cn:8080/load.php
filmlifeimages.cn:8080/cache/readme.pdf
filmlifeimages.cn:8080/cache/flash.swf
findbigshots.cn:8080/load.php
findbigshots.cn:8080/cache/readme.pdf
findbigshots.cn:8080/cache/flash.swf
giantpremium.cn:8080/load.php
giantpremium.cn:8080/cache/readme.pdf
giantpremium.cn:8080/cache/flash.swf
gianttopnano.cn:8080/load.php
gianttopnano.cn:8080/cache/readme.pdf
gianttopnano.cn:8080/cache/flash.swf
mediahomenameshopmovie.cn:8080/load.php
mediahomenameshopmovie.cn:8080/cache/readme.pdf
mediahomenameshopmovie.cn:8080/cache/flash.swf
nameshopinternational.cn:8080/load.php
nameshopinternational.cn:8080/cache/readme.pdf
nameshopinternational.cn:8080/cache/flash.swf
newnetnameshop.cn:8080/load.php
newnetnameshop.cn:8080/cache/readme.pdf
newnetnameshop.cn:8080/cache/flash.swf
shopmovielife.cn:8080/load.php
shopmovielife.cn:8080/cache/readme.pdf
shopmovielife.cn:8080/cache/flash.swf
yournameshop.cn:8080/load.php
yournameshop.cn:8080/cache/readme.pdf
yournameshop.cn:8080/cache/flash.swf

exe:
http://www.virustotal.com/analisis/25db455ed35b759dc3a6924359bd72c37f9cc3b13edac98a96894e344d45078d-1244797876
http://anubis.iseclab.org/?action=result&task_id=1c7642f4324780a04014ee1900012c257

pdf:
http://wepawet.iseclab.org/view.php?hash=d21d612330db155dcbd75191a9b7c021&t=1244801268&type=js

flash:
http://wepawet.iseclab.org/view.php?hash=3e05fc4fd1c7a49f8478da9c76c7c435&type=swf
http://www.virustotal.com/analisis/8fa7088e7dae6ff5f9c4f5eaff14de22e2198b28946472486a5045e44d0d5b5d-1244133184

http://www.threatexpert.com/report.aspx?md5=7264e961f25beaa201906e4086caa1ce

[bobby]

Code: [Select]

http://nyfilmlife.cn:8080/index.phpleads to:

Code: [Select]

http://gianttoplocate.cn:8080/load.php?id=0
http://gianttoplocate.cn:8080/load.php?id=1
http://nyfilmlife.cn:8080/cache/readme.pdf
http://nyfilmlife.cn:8080/cache/flash.swf
http://gianttoplocate.cn:8080/landig.php?id=4

[CM_MWR]

FO

[CkreM]

Fake AV:

Code: [Select]

pornotube912.com/scan/Trojan:

Code: [Select]

194.33.180.41/rferfref5.exehttp://www.virustotal.com/analisis/5859892e44a0ab804ea7ec37b6313f089e2f47d87ee83c3528e84ccdea35e4a8-1245048501

Exploits:

Code: [Select]

rtm-books.co.uk/ad/index.phphttp://wepawet.iseclab.org/view.php?hash=7bba4edc1abb1608785379e50afad535&t=1245048299&type=js
PDF:

Code: [Select]

rtm-books.co.uk/ad/include/two.pdfTrojan:

Code: [Select]

rtm-books.co.uk/ad/load.phphttp://www.virustotal.com/analisis/4a92f221548e9c84903ab15ec49281ffd16f0c74ee4e075bbaab48f6dbeb8c19-1245048374

Exploits:

Code: [Select]

viva-delpinata2.com/2/index.phphttp://wepawet.iseclab.org/view.php?hash=cf45d657fe06a83f99b2d6518f4714ca&t=1245048311&type=js
PDF:

Code: [Select]

viva-delpinata2.com/2/notTheoryCites.pdfFlash:

Code: [Select]

viva-delpinata2.com/2/normalLeap.swfTrojan:

Code: [Select]

viva-delpinata2.com/2/update.phphttp://www.virustotal.com/analisis/3b21cb087180f5d3cc067d9fd8198b745635130038aa5587d7e3b1f4e9ee37c8-1245022898

[sparsha]

New Rogue sites

Code: [Select]


protectionsystem.org
protectionsystemlab.com/psystem.exe

Core-guard-antivirus.com
fullguardlab.com
fullprotect.org

http://gosoonscan.com/?uid=13002
http://planscan4.info/download/install.php

http://ina4id.com/download/InternetAntivirusPro.exe
http://ina4id.com/download/file.exe



[CkreM]

AV downloader

Code: [Select]

joomlaprojects.cn/file.exehttp://www.virustotal.com/analisis/a56d5fcf47517f96978014bee0d1ca5a67be4d9d2725643c9f91e947f2d48c1e-1245081896

Fake AV:

Code: [Select]

antivirus-2009-ppro.com/cgi-bin/download.pl?code=0000282http://www.virustotal.com/analisis/078c85cd91583f821aaf3d8c5588785fab192d32ae09a7fad5da0f45e668e2c7-1245082096

Code: [Select]

joomlaprojects.cn/install.exehttp://www.virustotal.com/analisis/7f041ff1df6e693585fdf1c5be1fb39c2de3d1c0f358ae35612c48da39ebbda9-1245082461

Code: [Select]

haos-in.ru/3_install.exehttp://www.virustotal.com/analisis/c60c9f6772c6416c366783b5edf8c96b619fcd86bdafdcb737bcd388cd7d668c-1245084099


Fake payment sites:

Code: [Select]

advanced-virusremover2009.com/buy/?code?code=0000282
https://www.securebillingsoftware.com/buy.php?affid=05100   (works with https only)
Trojan:

Code: [Select]

onuka.cn/dll/em.txthttp://www.virustotal.com/analisis/d979c2f805ce2e01d21e49aad39e3ff0f2aa7e98c86b0e5671a7c4868bfa5640-1245082890
Trojan:

Code: [Select]

218.6.12.82/winrar.exehttp://www.virustotal.com/analisis/b687f6673db5072334cb6a13f6d59f303cf3302258939b93403fb26bbae6e984-1245083262

[Malware-Web-Threats]

redirects:

Code: [Select]

globalmixgroup.cn:8080/in.cgi

payloads:

Code: [Select]

bigbestlite.cn:8080/load.php
bigbestlite.cn:8080/cache/readme.pdf
bigbestlite.cn:8080/cache/flash.swf

bigtopfestival.cn:8080/load.php
bigtopfestival.cn:8080/cache/readme.pdf
bigtopfestival.cn:8080/cache/flash.swf

mixbetonline.cn:8080/load.php
mixbetonline.cn:8080/cache/readme.pdf
mixbetonline.cn:8080/cache/flash.pdf

themixbet.cn:8080/load.php
themixbet.cn:8080/cache/readme.pdf
themixbet.cn:8080/cache/flash.swf

VirusTotal: 1/40
ThreatExpert

[CkreM]

Trojans:

Code: [Select]

almasto.net/ins.exe
biggerz.net/ins.exe
Camposceola.com/ins.exehttp://www.virustotal.com/analisis/33c3518f7555aa7b407570e8174133563621629ff2ff8e3c468ffca8da703f3b-1245123021

Code: [Select]

almasto.net/sdfsdf.exehttp://www.virustotal.com/analisis/3e9314888ad11497839781d9a4c9325e36caf86d59bc1ac7ece987e9c56a777b-1245122926

Code: [Select]

friendslinks.com/0/new.exehttp://www.virustotal.com/analisis/68fbe09bcbe4464d9644a57444d9e94f43fd04a2fe42a35ab0f0274cbf14f9ce-1245121971

Code: [Select]

xz.ub9.net/winres.exehttp://www.virustotal.com/analisis/396abb55f933c0df23e78582f5b13738bb799d260618959998f0245c058704f3-1245123148

Code: [Select]

heyjoy.cn/612.exehttp://www.virustotal.com/analisis/652c1cff90096824647b2377b4850fb47f4b6f6abe470eb0114f51d9de86a2a6-1245123263

Exploits:

Code: [Select]

almasto.net/lnk.php?embedded=falsehttp://wepawet.cs.ucsb.edu/view.php?hash=27262e8c3f678960412e6ecd940ccd3f&t=1245109604&type=js

Fake AV downloader:

Code: [Select]

friendslinks.com/0/loyalbox.exehttp://www.virustotal.com/analisis/776c883badde97f0577d6b11eb759ea9f85302a96d79f4446d3eb4e4399051a0-1245122144

Code: [Select]

porno-tube-xxx.us/loader/index.php?userid=id_0079http://www.virustotal.com/analisis/26e35006830b010d1d7c97541f1cf960e3b9e8d4d611e5b991132c1634fe92c2-1245122608

Fake AV:

Code: [Select]

you-adult-tube.co.cc/setup.exehttp://www.virustotal.com/analisis/f2dd78517405edeeacc4b06eab567a54e54b9306d18f02ed620a55cb45abbcbd-1245122729

gives koobface related malware links:

Code: [Select]

upr15may.com/ld/gen.php

[CM_MWR]

FO

[CkreM]

Code: [Select]

yag0yag0.co.cc/index2.phpwepawet seems to fail on this one.
http://jsunpack.jeek.org/dec/go?url=yag0yag0.co.cc_new_index2.php
flash:

Code: [Select]

yag0yag0.co.cc/new/i.swfhttp://wepawet.cs.ucsb.edu/view.php?hash=8fdc5af28af58910fedd022b60bd40f2&type=swf
Trojan:

Code: [Select]

yag0yag0.co.cc/new/img.phphttp://www.virustotal.com/analisis/40515c53fea41dcbf7aa7342dda135ee981781500d7b9c6750e9204a5f8ce091-1245293368