Malware Domain List

Malware Related => Malicious Domains => Topic started by: SysAdMini on December 10, 2008, 05:38:41 pm

Title: IE7 exploit
Post by: SysAdMini on December 10, 2008, 05:38:41 pm
Code: [Select]
hxxp://cc4y7.cn/{any number from 1 to 99}/ie7.htm
hxxp://cc4y7.cn/{any number from 1 to 99}/index.htm
hxxp://qqqqttrr.cn/1/zz10.htm
hxxp://sllwrnm1.cn/a1/ss.htm
hxxp://sllwrnm2.cn/a1/ss.htm
hxxp://sllwrnm3.cn/a1/ss.htm
hxxp://sllwrnm4.cn/a1/ss.htm
hxxp://sllwrnm5.cn/a1/ss.htm
hxxp://sllwrnm6.cn/a1/ss.htm
hxxp://sllwrnm7.cn/a1/ss.htm
hxxp://wieyou.com/iiee/explore.exe
http://baidu.bbtu06.cn/w63/w63.htm
Title: Re: IE7 exploit
Post by: Kayrac on December 10, 2008, 07:03:33 pm
explore.exe--->http://camas.comodo.com/cgi-bin/submit?file=993f5a040d2edb57b9181737e6d88632e735d330635c93f563ade2943fe22cbc

http://www.virustotal.com/analisis/afa826e926bcdaf0af2633f8b576eaf9

really good detection on that one atleast
Title: Re: IE7 exploit
Post by: SysAdMini on December 10, 2008, 07:22:24 pm
explore.exe--->http://camas.comodo.com/cgi-bin/submit?file=993f5a040d2edb57b9181737e6d88632e735d330635c93f563ade2943fe22cbc

http://www.virustotal.com/analisis/afa826e926bcdaf0af2633f8b576eaf9

really good detection on that one atleast

The payload is well detected. But there no protection against the exploit.

Title: Re: IE7 exploit
Post by: Kayrac on December 10, 2008, 07:24:12 pm
Correct, but atleast until they change the payload, it's better than nothing :-\
Title: Re: IE7 exploit
Post by: CM_MWR on December 11, 2008, 01:26:25 am
I like your point K,in reality,Windows is the exploit,its only a new flavor for the day.

Good they are using shit malware.  ;)
Title: Re: IE7 exploit
Post by: Kayrac on December 11, 2008, 02:47:10 am
I like your point K,in reality,Windows is the exploit,its only a new flavor for the day.

Good they are using shit malware.  ;)

you'd think with 0day IE exploits, which could be extremely effective, they'd create a newer undetected, or atleast less detected malware before putting it out there?, but maybe thats just me
Title: Re: IE7 exploit
Post by: Kayrac on December 11, 2008, 05:34:33 am
milw0rms site has it aswell

http://milw0rm.com/exploits/7410

http://milw0rm.com/exploits/7403
Title: Re: IE7 exploit
Post by: Kayrac on December 11, 2008, 10:42:19 am
http://www.microsoft.com/technet/security/advisory/961051.mspx
Title: Re: IE7 exploit
Post by: tjs on December 11, 2008, 10:17:53 pm
More details:
http://blogs.technet.com/mmpc/archive/2008/12/11/limited-exploitation-of-microsoft-security-advisory-961051.aspx

TJS
Title: Re: IE7 exploit
Post by: Orac on December 12, 2008, 11:05:37 am
More details:

http://www.shadowserver.org/wiki/pmwiki.php?n=Calendar.20081210