Author Topic: www1.po0op.cn  (Read 6460 times)

0 Members and 1 Guest are viewing this topic.

January 28, 2008, 07:15:34 am
Read 6460 times

jimmyleo

  • Special Members
  • Jr. Member

  • Offline
  • *

  • 29
Log is generated by FreShow.
Quote
[wide]hxxp://www1.po0op.cn
    [script]hxxp://2033cn.com/AD/200710/24.js
        [frame]hxxp://mov.tt1234567.net/vod/foot.htm
            [frame]hxxp://ppp.buyaoni.com/ww/new05.htm?199
                [frame]hxxp://ppp.buyaoni.com/dm/diao.htm
                    [object]hxxp://dd.749571.com/bb/bd.cab
                    [script]hxxp://ppp.buyaoni.com/dm/11.js
                        [object]hxxp://dd.749571.com/bb/014.exe
                    [script]hxxp://ppp.buyaoni.com/dm/bb.js
                        [object]hxxp://dd.749571.com/bb/bb.exe
                    [script]hxxp://ppp.buyaoni.com/dm/pp.js
                        [object]hxxp://dd.749571.com/bb/pp.exe
                [frame]hxxp://ppp.buyaoni.com/dm/rl.htm
                    [object]hxxp://dd.749571.com/bb/newrl.exe
                [frame]hxxp://ppp.buyaoni.com/dm/rr.htm
                    [object]hxxp://is.749571.com/bb/a.exe
        [frame]hxxp://yun.yun878.com/web/6677640.htm?6695
            [frame]hxxp://yun.yun878.com/web/htm.html
                [object]hxxp://yun.yun878.com/ad.cab
                [script]hxxp://yun.yun878.com/web/1.js
                    [object]hxxp://yun.yun878.com/14.exe
                [script]hxxp://yun.yun878.com/web/bf.js
                    [object]hxxp://yun.yun878.com/bf.exe
                [script]hxxp://yun.yun878.com/web/pps.js
                    [object]hxxp://yun.yun878.com/pps.exe
                [frame]hxxp://yun.yun878.com/web/3.htm
                    [object]hxxp://yun.yun878.com/g.exe
                [frame]hxxp://yun.yun878.com/web/2.htm
                    [object]hxxp://yun.yun878.com/as.exe
                [frame]hxxp://yun.yun878.com/web/0.htm
                    [object]hxxp://yun.yun878.com/me.exe
        [frame]hxxp://w.hcden.com/s4.htm?7
            [frame]hxxp://w.hcden.com/nb.htm
                [object]hxxp://nguijal1.bkyes.com/ad/ad.cab
                [script]hxxp://www1.bkyes.com/web/014.js
                    [object]hxxp://nguijal1.bkyes.com/ad/014.exe
                [script]hxxp://www1.bkyes.com/web/bf.js
                    [object]hxxp://nguijal1.bkyes.com/ad/bf.exe
                [script]hxxp://www1.bkyes.com/web/pps.js
                    [object]hxxp://nguijal1.bkyes.com/ad/pps.exe
                [frame]hxxp://www1.bkyes.com/web/web1.htm
                    [object]hxxp://nguijal1.bkyes.com/ad/lz.exe
            [frame]hxxp://w.hcden.com/nc.htm
                [object]hxxp://nguijal1.bkyes.com/ad/rl.exe
            [frame]hxxp://w.hcden.com/nd.htm
                [object]hxxp://nguijal1.bkyes.com/ad/q.exe
        [frame]hxxp://www.dajia789.com/50/index.htm?1
            [script]hxxp://www.dajia789.com/50/Ajax.gif
                [object]hxxp://www.dajia789.com/50/xxx.exe
            [frame]hxxp://www.dajia789.com/50/Ms06014.htm
                [object]hxxp://www.dajia789.com/50/xxx.exe
            [script]hxxp://www.dajia789.com/50/Real.js
                [object]hxxp://www.dajia789.com/50/xxx.exe
            [script]hxxp://www.dajia789.com/50/Bfyy.gif
                [object]hxxp://www.dajia789.com/50/xxx.exe
            [script]hxxp://www.dajia789.com/50/Pps.gif
                [object]hxxp://www.dajia789.com/50/xxx.exe
            [script]hxxp://www.dajia789.com/50/XunLei.gif
                [object]hxxp://www.dajia789.com/50/xxx.exe
            [script]hxxp://www.dajia789.com/50/Lz.gif
                [object]hxxp://www.dajia789.com/50/xxx.exe
            [frame]hxxp://www.dajia789.com/50/QVod.html
                [object]hxxp://www.dajia789.com/50/xxx.exe
        [frame]hxxp://ttzx.94zj.com/index/top.asp
            [frame]hxxp://xxx.aishengho.com/1.htm?id=8xjimi
                [script]hxxp://town.521town.com/wm/rl.js
                    [object]hxxp://qqq.521town.com/down.exe
                [frame]hxxp://town.521town.com/wm/jh.htm
                    [script]hxxp://town.521town.com/wm/11.js
                        [object]hxxp://qqq.521town.com/down.exe
                    [script]hxxp://town.521town.com/wm/bb.js
                        [object]hxxp://qqq.521town.com/down.exe
                    [script]hxxp://town.521town.com/wm/ppp.js
                        [object]hxxp://qqq.521town.com/down.exe
                    [script]hxxp://town.521town.com/wm/lz.js
                        [object]hxxp://qqq.521town.com/down.exe

January 28, 2008, 08:09:22 pm
Reply #1

JohnC

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1964
Thanks, these will be added soon.

January 30, 2008, 08:05:27 am
Reply #2

laszlo

  • Newbie

  • Offline
  • *

  • 1
What is the tool name which generate that log?

January 30, 2008, 09:18:14 am
Reply #3

jimmyleo

  • Special Members
  • Jr. Member

  • Offline
  • *

  • 29
What is the tool name which generate that log?

hello laszlo:


Ive mentioned it. Its name is FreShow.
It's a little tool which I wrote.
The log is generate by this.
but analysis is still rely on me.
If you are interested in this,
you can download previous version but stable one from my signature.



best regards,
jimmyleo

February 01, 2008, 05:11:06 pm
Reply #4

sowhat-x

  • Guest
jimmyleo,just noticed that you point to the Kafan forums in your blog  :)

For people that might not be aware of it,well...
that is a really EXCELLENT work that's been taking place there:
way more than a few times that I've started 'hunting' for more malware,
simply by following stuff mentioned by people/researchers there...
If chinese language puzzles you at first,
and have a bit of difficulty finding your way in there...
well,most probably that's the sub-forum you've been looking for  ;)

http://bbs.kafan.cn/forumdisplay.php?fid=31