Malware Domain List

Malware Related => Malware Analysis => Topic started by: cleanmx on January 23, 2010, 02:14:31 pm

Title: threadexpert weired behaviour
Post by: cleanmx on January 23, 2010, 02:14:31 pm
hi @all

I notice my submission by email to threadexpert are only recognized or honored in a fraction of cases.

has anybody a reliable contact to them ?
I recently dropped a note to them by web-form they provide for this purpose, but i get *no* feedback from them.




--gerhard
Title: Re: threadexpert weired behaviour
Post by: SysAdMini on January 23, 2010, 03:04:38 pm
ThreatExpert submission by email ?? I haven't heard about his method.
What is the email address ?
Title: Re: threadexpert weired behaviour
Post by: cleanmx on January 23, 2010, 03:08:40 pm
"tesubmit@threatexpert.com"
you have to register 1st...
I use "abuse@clean.mx" as sender ... notice clean.mx is my domain  :)

just a example: edit content is zip with password "infected"

Code: [Select]
From: abuse@clean.mx
To: tesubmit@threatexpert.com
Subject: [clean-mx] http://support.clean-mx.de/clean-mx/viruses?id=369734
Precedence: bulk
MIME-Version: 1.0
X-Mailer: vi
X-Virus-Scanned: by netpilot GmbH at clean-mx.de
Content-type: multipart/mixed;  boundary="----=_NextPart"
Message-Id: <20100123.1264258079.369734@dbserv.netpilot.net>
Date: Sat, 23 Jan 2010 15:47:59 +0100

This is a multi-part message in MIME format.

------=_NextPart
Content-Type: text/plain; charset="iso-8859-1"


184638c05711f16fc3a28fddf2d03f24        http://m19citizen.cn/2/load.php

------=_NextPart
Content-Transfer-Encoding: base64
Content-Type: application/zip; name="369734.zip"
...
...
Title: Re: threadexpert weired behaviour
Post by: CM_MWR on January 23, 2010, 10:50:29 pm
Ive seen some very odd behaviour all the way around there over the last week, I thought it was possibly some changes brought on through symantec but we could yasml sergei and see if there is any type response  ???