Malware Domain List
Malware Related => Malicious Domains => Topic started by: hhhobbit on December 16, 2010, 06:22:26 pm
-
From PhishTank:
http://www.villeblevin.fr/uploads/associations/ConsultaMultaOnline.php
http://triatlon.org/install_versao2010.exe
Normal websites, but the URLs are being distributed in email or they wouldn't be at PhishTank
-
Oops, one more:
http://www.radiojovemrio.com/site/media/arquivo/Dsc_14021.html
Downloads a file called lnstall.exe
(that is an "L" at the start, not a Capital "I" (eye),
or a "1" (one)
I asked PhishTank to give us a "malware" button. No soap. That gives me a dilemna. Should I click on "it's a phish" which it is not or "it's not a phish" which it is but designating it as such ignores the obvious fact that it is an extremely dangerous URL. In fact, by clicking on it is okay basically protects the malware from that point on. Most of them start with less than 5 AV detecting at VirusTotal or only 1-2 at Jotti.
More will be added as I find them at PhishTank. I was trolling for patterns to add to the PAC filter. Everything I have tried just seem to give FPs and little to no protection. Phishers are always changing their MO.
-
A new one:
http://chronicworship.com/plugins/content/user_logout_SFWM.php
First redirect was to
www.sairaah.com
Second redirect was to:
www.clubs.chuyenluongthevinh.com
The name of file in both cases was:
PDF-to-Word-Trial-09-12-2011-Setup.com
Kaspersky Name:
Trojan.Win32.Jorik.Vobfus.kel
-
Another one:
epaper.yosungroup.com/epaper/images/4/4m89fh39fg95.pac
This is a PAC filter that filters out everything good and directs you to something bad.
My PAC filter blocks all files with extension ".pac".
-
Hello,
Normal websites, but the URLs are being distributed in email or they wouldn't be at PhishTank
I believe that PhishTank does not only get submissions of links which are distributed by mail.
Cheers