Author Topic: daily something...... (Read 855727 times)

DiFor · March 19, 2009, 12:13:20 pm

Full file list on the server with sploits:

06014.htm
92.htm
gif.gif.htm
lz.htm
lz2.htm
office.htm
old.htm
real.gif
real2.htm
sina.htm
swf.htm
swf2.htm
swfobject.js
tj.htm
UU.htm

CkreM · March 19, 2009, 04:46:24 pm

Rogue

Code: [Select]

http://mostpopularscan.com/
http://fullantispywareonlinescane.com/
http://fullantispywareonlinescane.com/promo/download/trial/InstallAVg_444.exe
http://filefixpro.com
http://free-web-scaners.com/disk/?code=286

sparsha · March 20, 2009, 05:03:51 am

Rogue related sites:

Code: [Select]

webscannertools.com
central-scan.com/full.exe

Fullantispywareonlinescane.com
antispywareupdateservice.com/download/security.bmp
platinumsecurityupdate.com/tsc/winsource.dll
thankyouforinstall.cn/order_xp.php?ver=444
powerfullantivirusproduct.com/order_av.php?ver=444

SysAdMini · March 20, 2009, 08:56:31 am

Code: [Select]

asionigolo.com/stats.php?id=21946398
leonads.com/stats-xp/1/

redirect to

Code: [Select]

84654321.cn/index.phphttp://wepawet.iseclab.org/view.php?hash=a9f579db0d42f30653ad3c7470164cdb&t=1237539274&type=js

sowhat-x · March 20, 2009, 09:02:34 am

Quote

hxxp://sadcwed.hostindianet.com/cache/readme.pdf

Result: 3/39 (7.7%):
http://www.virustotal.com/analisis/e0bbd1fd0710e2d670f8fb2fad822dc6

Quote

hxxp://sadcwed.hostindianet.com/cache/flash.swf

Result: 1/39 (2.57%)
http://www.virustotal.com/analisis/040394b274ccb44c3188719fd77448c8

SysAdMini · March 20, 2009, 10:19:42 am

Quote from: sowhat-x on March 20, 2009, 09:02:34 am

Quote
hxxp://sadcwed.hostindianet.com/cache/readme.pdf

Code: [Select]

perfectnamestore.cn/in.cgi?income4
namebuyline.cn/in.cgi?income2

redirect you to this site. Some days ago they led to LuckySploit, today the lead to these exploits.

SysAdMini · March 20, 2009, 03:24:41 pm

Code: [Select]

nuevas-videpostales.serveftp.net/retrieve/verpostal/ActiveX-Installer.exe
http://www.virustotal.com/analisis/a81a097348e41b3b8e27f79ed612812a 9/39
MD5...: 35414bbe4473ee111f54f5369da4a453
a-squared   4.0.0.101   2009.03.20   P2P-Worm.Win32.Palevo!IK
BitDefender   7.2   2009.03.20   Worm.P2P.Agent.Q
GData   19   2009.03.20   Worm.P2P.Agent.Q
Ikarus   T3.1.1.48.0   2009.03.20   P2P-Worm.Win32.Palevo
McAfee+Artemis   5558   2009.03.19   Generic!Artemis
Microsoft   1.4502   2009.03.20   Worm:Win32/Silly_P2P.G
Prevx1   V2   2009.03.20   High Risk Cloaked Malware
Sophos   4.39.0   2009.03.20   Sus/Autorun-E
Symantec   1.4.4.12   2009.03.20   W32.SillyFDC

SysAdMini · March 20, 2009, 03:47:33 pm

Code: [Select]

m.ef44ee.cn/a2/google.htmhttp://wepawet.cs.ucsb.edu/view.php?hash=186377db538ece3350e1a6a5e8089c5c&t=1237563886&type=js

sowhat-x · March 21, 2009, 02:19:07 am

Quote

...redirect you to this site. Some days ago they led to LuckySploit, today the lead to these exploits.

There's more than one malware domains in the same ip... here's another one for example:
hxxp://ghrgt.hostindianet.com
My guess they'll continue registering domains over it every once in a while...
http://www.robtex.com/ip/94.247.3.151.html

Edit: Seems like the whole of 94.247.0.0/22 should be monitored for possible "updates",heh...

SysAdMini · March 21, 2009, 02:26:41 am

Quote from: sowhat-x on March 21, 2009, 02:19:07 am

Edit: Seems like the whole of 94.247.0.0/22 should be monitored for possible "updates",heh...

Oh yes.

http://www.bfk.de/bfk_dnslogger.html?query=94.247.3.151#result

sowhat-x · March 21, 2009, 02:29:34 am

I like it when they make it easy for us...
http://www.bfk.de/bfk_dnslogger.html?query=94.247.3.150#result
http://www.bfk.de/bfk_dnslogger.html?query=94.247.3.152#result

sowhat-x · March 21, 2009, 03:23:25 am

Quote

hxxp://porn-money.org/in.cgi?5
hxxp://dissolute-office.com/123.php
hxxp://gujjipuzzi.net/in.cgi?pipka
hxxp://benyodil.cn/pagess.html
hxxp://benyodil.cn/senks/al1/1/info.php
hxxp://gcounter.cn
hxxp://divinets.cn/z/5.htm
hxxp://divinets.cn/z/z.htm
hxxp://agkt.info/evo/count.php?o=4
hxxp://agkt.info/evo/exploits/x19.php?o=2&t=1237604581&i=1430963245

Quote

hxxp://tayforlive.ru/loader.exe
hxxp://20-ka.cn/bots/svchost.exe
hxxp://rampartech.com
hxxp://typyxiolix.com/stats-xp/
hxxp://84654321.cn/load.php
hxxp://pingpinghost.com/license.exe

CkreM · March 21, 2009, 05:35:39 pm

some malware

Code: [Select]

http://www.milehighhomefinder.com/include/class/tinymce1/a.exe
http://c-0p.cn:6135/qwer/lzz.css

CkreM · March 21, 2009, 05:47:25 pm

Ambler trojan c&c panel login:

Code: [Select]

http://www.mybussines.biz/best/admin.php
http://fixet.ru/admin.php

CkreM · March 22, 2009, 09:10:47 am

rogue:

Code: [Select]

win-pc-defender.com
http://www.threatnuker.com/bin/ThreatNukerSetup.exe

Author Topic: daily something...... (Read 855727 times)

DiFor

Re: daily something......

CkreM

Re: daily something......

sparsha

Re: daily something......

SysAdMini

Re: daily something......

sowhat-x

Re: daily something......

SysAdMini

Re: daily something......

SysAdMini

Re: daily something......

SysAdMini

Re: daily something......

sowhat-x

Re: daily something......

SysAdMini

Re: daily something......

sowhat-x

Re: daily something......

sowhat-x

Re: daily something......

CkreM

Re: daily something......

CkreM

Re: daily something......

CkreM

Re: daily something......