Malware Domain List

Malware Related => Malicious Domains => Topic started by: Edgar Bangkok on February 11, 2008, 02:38:30 am

Title: Storm Worm change page and name of malware (valentine.exe)
Post by: Edgar Bangkok on February 11, 2008, 02:38:30 am
New layout for storm worm pages with random images gif and valentine.exe malware     ;)

http://edetools.blogspot.com/2008/02/nuova-pagina-per-storm-worm-con.html


many  ip numbers list for test malware  in storm tracker site

http://www.trustedsource.org/TS?do=threats&subdo=storm_tracker


Edgar from Bangkok    :D
Title: Re: Storm Worm change page and name of malware (valentine.exe)
Post by: sowhat-x on February 11, 2008, 03:13:01 am
...He,that's kind of funny - didn't knew that MDL guys also have...telepathy abilities!!  :D
Was doing exactly the same thing yesterday...checking the addresses from TrustedSource,
also mentioned their blog in the 'Malware Analysis Blogs' thread...

Sequencial numbering in .gifs...thanks Edgar,nice work there...as always.  8)
Quickly checked the domain names (not the dynamic addresses/proxies) from TrustedSource above,
the following ones are missing from the list...
Quote
ibank-halifax.com
freshcards2008.com
familypostcards2008.com
happy2008toyou.com
hohoho2008.com
merrychristmasdude.com
newyearcards2008.com
happycards2008.com
happysantacards.com
hellosanta2008.com
newyearwithlove.com
parentscards.com
ptowl.com
tibeam.com
eqcorn.com
ltbrew.com
bnably.com
wxtaste.com
snlilac.com
Title: Re: Storm Worm change page and name of malware (valentine.exe)
Post by: Edgar Bangkok on February 12, 2008, 02:27:58 am
Today (12 feb in Bangkok Thailand)  the malware valentine.exe and file sony.exe  (hosted same page) change many
Virus total dont show problem over this files ( only suspicius file from E SAFE), Report VT is empty.!!!!!!!
Only Sunbelt sandbox find file created from malware. Norman sandbox  and Anubis dont find all.

http://edetools.blogspot.com/2008/02/storm-worm-nullo-virus-total.html



Edgar from Bangkok  :D