Author Topic: Few unsorted - Part 2  (Read 31664 times)

0 Members and 1 Guest are viewing this topic.

March 01, 2008, 12:34:08 pm
Read 31664 times

sowhat-x

  • Guest
Ok,since 'part 1' turned out to be quite long,rotfl...
thought it's about time we spawn a new thread...  ;)

Quote
hxxp://086074.service-google.cn/vip/Zn6430.htm
hxxp://086196.service-google.cn/vip/Cn51903.htm
hxxp://20080203.service-google.cn/614.exe
hxxp://20080203.service-google.cn/bf.exe
hxxp://20080203.service-google.cn/qvod.exe
hxxp://20080203.service-google.cn/real2.exe
hxxp://aaa.tesekl.info/winint.exe
hxxp://aaa.tesekl.info/winsys.inf
hxxp://ccc.969222.com/bak.css
hxxp://cool.e0shop.cn/down.exe
hxxp://exe.xinniankl.com/014.exe
hxxp://exe.xinniankl.com/bf.exe
hxxp://exe.xinniankl.com/lz.exe
hxxp://exe.xinniankl.com/pps.exe
hxxp://exe.xinniankl.com/rl.exe
hxxp://ga.mm5208.com/g.htm
hxxp://niu.xinniankl.com/web/1.js
hxxp://niu.xinniankl.com/web/6601220.htm
hxxp://ppp.imsee.info/news.html
hxxp://s101-cnzz.com/w6.htm
hxxp://www.10wip.com/yahoo/07033.htm
hxxp://www.10wip.com/yahoo/Ajax.gif
hxxp://www.10wip.com/yahoo/baidu.htm
hxxp://www.10wip.com/yahoo/Bfyy.gif
hxxp://www.10wip.com/yahoo/cx.htm
hxxp://www.10wip.com/yahoo/Lz.gif
hxxp://www.10wip.com/yahoo/Ms06014.htm
hxxp://www.10wip.com/yahoo/Ms07004.html
hxxp://www.10wip.com/yahoo/Pps.gif
hxxp://www.10wip.com/yahoo/QVod.html
hxxp://www.10wip.com/yahoo/Real.js
hxxp://www.10wip.com/yahoo/XunLei.gif
hxxp://www.10wip.com/yahoo/yes.exe
hxxp://www.xiuxian888.cn/index.htm
hxxp://xx.ckabc.net/Ajax.gif
hxxp://xx.ckabc.net/Bfyy.gif
hxxp://xx.ckabc.net/Lz.gif
hxxp://xx.ckabc.net/Ms06014.htm
hxxp://xx.ckabc.net/QVod.html
hxxp://xx.ckabc.net/Real.js
hxxp://xx.ckabc.net/XunLei.gif
hxxp://xxx.ayehao.com/0.exe
hxxp://xxx.haoqq1680.com/Bfyy.gif
hxxp://xxx.haoqq1680.com/dod.exe
hxxp://xxx.haoqq1680.com/Lz.gif
hxxp://xxx.haoqq1680.com/Pps.gif
hxxp://xxx.haoqq1680.com/QVod.html
hxxp://xxx.haoqq1680.com/Real.js
hxxp://xxx.haoqq1680.com/XunLei.gif
hxxp://xxx.htm1.ws/ww/aa.exe
hxxp://xxx.wofala.info/ww/la.exe

Play with numbers/names and the like,
it needs way too much time moving around in circles...
Edit:Removed a couple that were already spotted...

March 01, 2008, 05:10:14 pm
Reply #1

JohnC

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1964
Thank you, these will be added during next update.

March 02, 2008, 03:01:15 pm
Reply #2

sowhat-x

  • Guest
...was googling for service-google.cn above,and came across this nice thread here...
some of them we've also seen before - these lamers certainly don't intent to give up at anytime:
http://forums.mozine.cn/lofiversion/index.php/t20845.html
I copy/paste them here for the sake of easiness,credits of course go up to kaji...

Quote
hxxp://08647.service-google.cn/vip/Cn1707.htm
hxxp://20080203.service-google.cn/baidu.cab
hxxp://20080203.service-google.cn/lz3.exe
hxxp://20080203.service-google.cn/pps.exe
hxxp://202.104.57.161
hxxp://37586.com/r.htm
hxxp://37586.com/real.exe
hxxp://37586.com/uuu/r.htm
hxxp://37586.com/uuu/uuu.exe
hxxp://37586.com/uuu/web.htm
hxxp://88.881215.com/88.htm
hxxp://88.881215.com/in.htm
hxxp://a1.sbb22.com/a.htm
hxxp://acc.jqxx.org/live/index.htm
hxxp://boc.sbb22.com/home/index.htm
hxxp://boc.sbb22.com/sb.htm
hxxp://dd.749571.com/bb/014.exe
hxxp://dd.749571.com/bb/bb.exe
hxxp://dd.749571.com/bb/bd.cab
hxxp://dd.749571.com/bb/newgl.exe
hxxp://dd.749571.com/bb/newrl.exe
hxxp://dd.749571.com/bb/pp.exe
hxxp://down.malasc.cn/614.exe
hxxp://down.malasc.cn/baidu.cab
hxxp://down.malasc.cn/bf.exe
hxxp://down.malasc.cn/lz3.exe
hxxp://down.malasc.cn/pps.exe
hxxp://down.malasc.cn/qvod.exe
hxxp://down.malasc.cn/real2.exe
hxxp://dv.55189.net/
hxxp://ga.mm5208.com/w.htm
hxxp://is.749571.com/bb/a.exe
hxxp://ppp.buyaoni.com/dm/11.js
hxxp://ppp.buyaoni.com/dm/bb.js
hxxp://ppp.buyaoni.com/dm/diao.htm
hxxp://ppp.buyaoni.com/dm/pp.js
hxxp://ppp.buyaoni.com/dm/rl.htm
hxxp://ppp.buyaoni.com/dm/rr.htm
hxxp://ppp.buyaoni.com/ww/new82.htm
hxxp://ppp.chsip.net/wm/11.js
hxxp://ppp.chsip.net/wm/bb.js
hxxp://ppp.chsip.net/wm/lz.js
hxxp://ppp.chsip.net/wm/ppp.js
hxxp://qi.ccbtv.net/btv.htm
hxxp://qi.ccbtv.net/h.htm
hxxp://qqq.521town.com/down.exe
hxxp://qqq.aishengho.com/down.exe
hxxp://qqq.hao1658.com/down.exe
hxxp://sf.070808.net/sf.htm
hxxp://sp.070808.net/23.htm
hxxp://sp.070808.net/8.htm
hxxp://user.6liang8.cn/vip/Zn3703.htm
hxxp://user1.3332210.net/Baidu.cab
hxxp://user1.3332210.net/bak.css
hxxp://user1.3332210.net/GLWORLD.html
hxxp://user1.3332210.net/ms06014.js
hxxp://user1.3332210.net/real.js
hxxp://user1.3332210.net/StormII.html
hxxp://vccd.cn
hxxp://w.aeaer.com/ae.htm
hxxp://w.aeaer.com/i.htm
hxxp://web.47255.com/uuu/uuu.exe
hxxp://www.123dongfang.cn/gg.htm
hxxp://www.99391.net/s6.html
hxxp://www.999da.cn/hhh.htm
hxxp://www.zjsme.com/home/aboutus/contactus.htm
hxxp://xxx.9yimeiyuan.com/xx.htm?id=017
hxxp://xxx.hao1680.com/wm/jh.htm
hxxp://xxx.hao1680.com/wm/rl.js
hxxp://xxx.hao1680.com/xx.htm?id=017
hxxp://xxx.jsppp.us/dgll1.htm?id=tt
hxxp://xxx.jsppp.us/ww/dod.exe
hxxp://xxx.sbwip.cn/Ajax.gif
hxxp://xxx.sbwip.cn/Bfyy.gif
hxxp://xxx.sbwip.cn/index336511.htm?gr?2
hxxp://xxx.sbwip.cn/Lz.gif
hxxp://xxx.sbwip.cn/Ms06014.htm
hxxp://xxx.sbwip.cn/Pps.gif
hxxp://xxx.sbwip.cn/QVod.html
hxxp://xxx.sbwip.cn/Real.js
hxxp://xxx.sbwip.cn/XunLei.gif
hxxp://xxx.sbwip.cn/xxx.exe
hxxp://yun.yun878.com/14.exe
hxxp://yun.yun878.com/ad.cab
hxxp://yun.yun878.com/bf.exe
hxxp://yun.yun878.com/g.exe
hxxp://yun.yun878.com/me.exe
hxxp://yun.yun878.com/pps.exe
hxxp://yun.yun878.com/web/0.htm
hxxp://yun.yun878.com/web/1.js
hxxp://yun.yun878.com/web/3.htm
hxxp://yun.yun878.com/web/6619038.htm
hxxp://yun.yun878.com/web/6681666.htm
hxxp://yun.yun878.com/web/bf.js
hxxp://yun.yun878.com/web/pps.js

First page of google results also returned this...
Quote
hxxp://www.jkpk1000.com/url.txt

March 03, 2008, 09:08:30 pm
Reply #3

tjs

  • Special Members
  • Sr. Member

  • Offline
  • *

  • 248
Quote
hxxp://www.868wg.com/1/1/2.exe
hxxp://www.868wg.com/1/1/3.exe
hxxp://www.868wg.com/1/1/4.exe
hxxp://www.868wg.com/1/1/5.exe
hxxp://www.868wg.com/1/1/6.exe
hxxp://www.868wg.com/1/1/7.exe
hxxp://www.868wg.com/1/1/8.exe
hxxp://www.868wg.com/1/1/9.exe
hxxp://www.868wg.com/1/1/10.exe
hxxp://www.868wg.com/1/1/11.exe
hxxp://www.868wg.com/1/1/12.exe
hxxp://www.868wg.com/1/1/13.exe
hxxp://www.868wg.com/1/1/14.exe
hxxp://www.868wg.com/1/1/15.exe
hxxp://www.868wg.com/1/1/16.exe
hxxp://www.868wg.com/1/1/17.exe
hxxp://www.868wg.com/1/1/18.exe
hxxp://www.868wg.com/1/1/19.exe
hxxp://www.868wg.com/1/1/20.exe
hxxp://www.868wg.com/1/1/21.exe
hxxp://www.868wg.com/1/1/22.exe
hxxp://www.868wg.com/1/1/23.exe
hxxp://www.868wg.com/1/1/24.exe
hxxp://www.868wg.com/1/1/25.exe
hxxp://www.868wg.com/1/1/26.exe
hxxp://www.868wg.com/1/1/27.exe
hxxp://www.868wg.com/1/1/28.exe
hxxp://www.868wg.com/1/1/29.exe
hxxp://www.868wg.com/1/1/30.exe
hxxp://www.868wg.com/1/1/31.exe
hxxp://www.868wg.com/1/1/32.exe
hxxp://www.868wg.com/1/1/33.exe
hxxp://www.868wg.com/1/1/34.exe
hxxp://www.868wg.com/1/1/35.exe

March 03, 2008, 09:56:48 pm
Reply #4

tjs

  • Special Members
  • Sr. Member

  • Offline
  • *

  • 248
Quote
hxxp://jx.llzjz.cn/images/right_h3_game_mh[1].gif
hxxp://jx.llzjz.cn/images/right_h3_game_dh[1].gif
hxxp://jx.llzjz.cn/images/right_h3_game_qqhx[1].gif
hxxp://jx.llzjz.cn/images/right_h3_game_cs[1].gif
hxxp://jx.llzjz.cn/images/right_h3_game_dh3[1].gif
hxxp://jx.llzjz.cn/images/right_h3_game_qj[1].gif
hxxp://jx.llzjz.cn/images/right_h3_game_wmsj[1].gif
hxxp://jx.llzjz.cn/images/right_h3_game_wmgj[1].gif
hxxp://jx.llzjz.cn/images/right_h3_game_zt[1].gif
hxxp://jx.llzjz.cn/images/right_h3_game_jz[1].gif
hxxp://jx.llzjz.cn/images/right_h3_game_wl[1].gif
hxxp://jx.llzjz.cn/images/right_h3_game_jh[1].gif
hxxp://jx.llzjz.cn/images/right_h3_game_zyhx[1].gif
hxxp://jx.llzjz.cn/images/right_h3_game_wd[1].gif
hxxp://jx.llzjz.cn/images/right_h3_game_ms[1].gif
hxxp://jx.llzjz.cn/images/right_h3_game_my[1].gif

All win32 binaries...

March 10, 2008, 01:52:13 am
Reply #5

sowhat-x

  • Guest
_pusher_ was kind enough to supply me with these forum spammers' addresses,  :)
http addresses pointing to malware there as well...

Quote
195.2.114.31
87.118.70.8
87.118.116.245
87.99.92.34
87.99.92.35
87.99.92.36
87.99.92.37

Quote
hxxp://abmradar.com
hxxp://mynastysite.info/
hxxp://shorttext.com/qfkp2
hxxp://shorttext.com/7i1iq
hxxp://shorttext.com/6g37kp
hxxp://shorttext.com/537vrw
hxxp://shorttext.com/g6tu0s
hxxp://shorttext.com/wgtfv
hxxp://zcsterlingcorp.net

March 10, 2008, 04:34:11 am
Reply #6

sowhat-x

  • Guest
Quote
hxxp://520sb.cn/dir/index_pic/1.js
hxxp://520sb.cn/dir/index_pic/csrss.pif
Search around in there,there are various exploits...
We already had a domain '1.520sb.cn' in the list,
didn't played around by changing the number though...

March 21, 2008, 02:18:04 am
Reply #7

sowhat-x

  • Guest
Quote
hxxp://1.fockfock.com/1.txt
hxxp://66.186.34.138/1.exe
hxxp://66.186.34.138/2.exe
hxxp://66.186.34.138/3.exe
hxxp://66.186.34.138/4.exe
hxxp://66.186.34.138/5.exe
hxxp://66.186.34.138/6.exe
hxxp://66.186.37.130/7.exe
hxxp://66.186.37.130/8.exe
hxxp://66.186.37.130/9.exe
hxxp://66.186.37.130/10.exe
hxxp://66.186.37.130/11.exe
hxxp://66.186.37.130/12.exe
hxxp://67.43.158.42/13.exe
hxxp://67.43.158.42/14.exe
hxxp://67.43.158.42/15.exe
hxxp://67.43.158.42/16.exe
hxxp://67.43.158.42/17.exe
hxxp://67.43.158.42/18.exe
hxxp://67.43.158.42/19.exe
hxxp://67.43.158.42/20.exe
hxxp://67.43.158.42/21.exe
hxxp://67.43.158.42/22.exe
hxxp://67.43.158.42/24.exe
hxxp://67.43.158.42/25.exe
hxxp://67.43.158.42/27.exe
hxxp://67.43.158.42/28.exe
hxxp://aaa.xia000.com/35.exe
hxxp://aaa.xia000.com/36.exe
hxxp://b.wyfdc.com/20080312/3.gif
hxxp://c.wacsy.com/ok.exe
hxxp://cc.fockfock.com/mm2/aa1.exe
hxxp://cc.fockfock.com/mm2/aa10.exe
hxxp://cc.fockfock.com/mm2/aa11.exe
hxxp://cc.fockfock.com/mm2/aa12.exe
hxxp://cc.fockfock.com/mm2/aa13.exe
hxxp://cc.fockfock.com/mm2/aa14.exe
hxxp://cc.fockfock.com/mm2/aa15.exe
hxxp://cc.fockfock.com/mm2/aa16.exe
hxxp://cc.fockfock.com/mm2/aa17.exe
hxxp://cc.fockfock.com/mm2/aa18.exe
hxxp://cc.fockfock.com/mm2/aa19.exe
hxxp://cc.fockfock.com/mm2/aa2.exe
hxxp://cc.fockfock.com/mm2/aa20.exe
hxxp://cc.fockfock.com/mm2/aa21.exe
hxxp://cc.fockfock.com/mm2/aa22.exe
hxxp://cc.fockfock.com/mm2/aa23.exe
hxxp://cc.fockfock.com/mm2/aa24.exe
hxxp://cc.fockfock.com/mm2/aa25.exe
hxxp://cc.fockfock.com/mm2/aa26.exe
hxxp://cc.fockfock.com/mm2/aa27.exe
hxxp://cc.fockfock.com/mm2/aa3.exe
hxxp://cc.fockfock.com/mm2/aa4.exe
hxxp://cc.fockfock.com/mm2/aa5.exe
hxxp://cc.fockfock.com/mm2/aa6.exe
hxxp://cc.fockfock.com/mm2/aa7.exe
hxxp://cc.fockfock.com/mm2/aa8.exe
hxxp://cc.fockfock.com/mm2/aa9.exe
hxxp://cc.fockfock.com/mm2/up.exe
hxxp://d.wacsy.com/a1.exe
hxxp://d.wacsy.com/a10.exe
hxxp://d.wacsy.com/a11.exe
hxxp://d.wacsy.com/a12.exe
hxxp://d.wacsy.com/a13.exe
hxxp://d.wacsy.com/a14.exe
hxxp://d.wacsy.com/a15.exe
hxxp://d.wacsy.com/a16.exe
hxxp://d.wacsy.com/a17.exe
hxxp://d.wacsy.com/a18.exe
hxxp://d.wacsy.com/a19.exe
hxxp://d.wacsy.com/a2.exe
hxxp://d.wacsy.com/a20.exe
hxxp://d.wacsy.com/a21.exe
hxxp://d.wacsy.com/a22.exe
hxxp://d.wacsy.com/a3.exe
hxxp://d.wacsy.com/a4.exe
hxxp://d.wacsy.com/a5.exe
hxxp://d.wacsy.com/a6.exe
hxxp://d.wacsy.com/a7.exe
hxxp://d.wacsy.com/a8.exe
hxxp://d.wacsy.com/a9.exe
hxxp://iii.chsip.net/down.exe
hxxp://iii.chsip.net/list.txt
hxxp://iii.chsip.net/sta.exe
hxxp://jx.llzjz.cn/bottom.gif
hxxp://jx.llzjz.cn/down/cqsj.exe
hxxp://jx.llzjz.cn/down/dh2.exe
hxxp://jx.llzjz.cn/down/dj.exe
hxxp://jx.llzjz.cn/down/hx.exe
hxxp://jx.llzjz.cn/down/jh.exe
hxxp://jx.llzjz.cn/down/mh.exe
hxxp://jx.llzjz.cn/down/ms.exe
hxxp://jx.llzjz.cn/down/my.exe
hxxp://jx.llzjz.cn/down/qj.exe
hxxp://jx.llzjz.cn/down/qqhx.exe
hxxp://jx.llzjz.cn/down/sg.exe
hxxp://jx.llzjz.cn/down/tl.exe
hxxp://jx.llzjz.cn/down/wd.exe
hxxp://jx.llzjz.cn/down/wl.exe
hxxp://jx.llzjz.cn/down/wmgj.exe
hxxp://jx.llzjz.cn/down/zt.exe
hxxp://jx.llzjz.cn/down/zx.exe
hxxp://jx.llzjz.cn/down/zyhx.exe
hxxp://jx.llzjz.cn/logo.jpg
hxxp://mm.haoliuliang.com/bb/lz.exe
hxxp://mm.haoliuliang.com/bb/rl.exe
hxxp://test.591jx.com/test.exe
hxxp://u1.163500.net/down/1.exe
hxxp://u1.163500.net/down/10.exe
hxxp://u1.163500.net/down/2.exe
hxxp://u1.163500.net/down/3.exe
hxxp://u1.163500.net/down/4.exe
hxxp://u1.163500.net/down/5.exe
hxxp://u1.163500.net/down/6.exe
hxxp://u1.163500.net/down/7.exe
hxxp://u1.163500.net/down/8.exe
hxxp://u1.163500.net/down/9.exe
hxxp://u2.163500.net/down/11.exe
hxxp://u2.163500.net/down/12.exe
hxxp://u2.163500.net/down/13.exe
hxxp://u2.163500.net/down/14.exe
hxxp://u2.163500.net/down/15.exe
hxxp://u2.163500.net/down/16.exe
hxxp://u2.163500.net/down/17.exe
hxxp://u2.163500.net/down/18.exe
hxxp://u2.163500.net/down/19.exe
hxxp://u2.163500.net/down/20.exe
hxxp://u2.163500.net/down/21.exe
hxxp://u2.163500.net/down/22.exe
hxxp://u3.163500.net/down/23.exe
hxxp://u3.163500.net/down/24.exe
hxxp://u3.163500.net/down/25.exe
hxxp://u3.163500.net/down/26.exe
hxxp://u3.163500.net/down/27.exe
hxxp://u3.163500.net/down/28.exe
hxxp://u3.163500.net/down/29.exe
hxxp://u3.163500.net/down/30.exe
hxxp://u3.163500.net/down/31.exe
hxxp://u3.163500.net/down/32.exe
hxxp://u3.163500.net/down/33.exe
hxxp://u3.163500.net/down/34.exe

Among the above,there exist quite a few pseudo-extensions,
and a couple of them were not .exes,but 'rotating' downloader lists...

April 06, 2008, 03:24:23 pm
Reply #8

JohnC

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1964

April 15, 2008, 05:32:59 pm
Reply #9

tjs

  • Special Members
  • Sr. Member

  • Offline
  • *

  • 248
Trojan-Spy.Win32.Goldun: hxxp://voena.net/get.php

TJS

May 02, 2008, 03:32:17 pm
Reply #10

sowhat-x

  • Guest
Quote
hxxp://mn.wudizhongguo.com/mmuu/a014.exe
hxxp://mn.wudizhongguo.com/mmuu/arl.exe
hxxp://mn.wudizhongguo.com/mmuu/abf.exe
hxxp://mn.wudizhongguo.com/mmuu/alz.exe
hxxp://mn.wudizhongguo.com/mmuu/anrl.exe
hxxp://74.cncz.us/w/7.gif
hxxp://u.cncz.us/d/614.exe
hxxp://u.cncz.us/d/rl.exe
hxxp://u.cncz.us/d/bf.exe
hxxp://u.cncz.us/d/pps.exe
hxxp://u.cncz.us/d/lz.exe
hxxp://u.cncz.us/d/xl.exe
hxxp://xia.qisihuisheng.net/mm/ogame.exe
hxxp://xia.qisihuisheng.net/mm/014s.exe
hxxp://xia.qisihuisheng.net/mm/rll.exe
==============================

Also a downloader list...
Quote
hxxp://www.qisihuisheng.net/new.txt
It currently serves:
Quote
hxxp://1.tianxiayouzei.com/ma/1.exe
Up to...
Quote
hxxp://1.tianxiayouzei.com/ma/23.exe
==============================

Quote
hxxp://goto.stred.biz/
It redirects to...
Quote
hxxp://sex-tube20008.com/freemovie/958/5/
And eventually leads to...
Quote
hxxp://adultyoutube-18.com/soft/zoredgotdft/502d240e3d5/MediaTubeCodec_ver1.958.5.exe
Win32/Tibs according to Microsoft...VirusTotal results per moment: 5/31 (16.13%)

May 02, 2008, 05:24:48 pm
Reply #11

JohnC

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1964

May 05, 2008, 10:26:42 am
Reply #12

sowhat-x

  • Guest
...time for a new round ;-)

.ani-based exploits...
Quote
hxxp://boadongo.org/vbshokmm/ani.c
hxxp://dd.buhaoyishi.com/mmuu/abd.cab
hxxp://dd.tianxiayouzei.com/mmuu/abd.cab
hxxp://mn.haoyuming.net/mmuu/abd.cab
hxxp://www.8568985.com/garegky/egk.cur
hxxp://www.bbtv-chat.com/cuvt66895/ani.c
hxxp://www.imbbs2t4u.com/imbbs/imbbs.cur
hxxp://www.infosueek.com/xin/ani.c
hxxp://www.infosueek.com/xin/anitt.c
hxxp://www.jbbslivedoor.com/mmghaoyk/ani.c
hxxp://www.k5dionne.com/ma/ani.c
hxxp://www.lineagecojp.com/ie/ani.c
hxxp://www.lineagecojp.com/rbt1/ani.c
hxxp://www.lineagecojp.com/tmsn/ani.c
hxxp://www.maplestorfy.com/holy_immortals/tals/ani.c
hxxp://www.maplestorfy.com/holy_immortals/tals1/ani.c
hxxp://www.maplestorfy.com/holy_immortals/tals2/ani.c
hxxp://www.mbspro6uic.com/naizi/ani.c
hxxp://www.nihaorr1.com/Real.gif
hxxp://www.play0nlink.com/ma/ani.c
hxxp://www.playonlanei.com/game/ani.c
hxxp://www.ranninp.com/001359/ani.c
hxxp://www.rmtfane.com/link179700/ttani.c
hxxp://www.woshijianren.com/jpjp/ro.cur

At the moment,they leed to the following .exes...

hxxp://boadongo.org/vbshokmm/xia.exe
hxxp://www.8568985.com/garegky/jpmm.exe
hxxp://www.bbtv-chat.com/cuvt66895/guan.exe
hxxp://www.infosueek.com/xin/ro.exe
hxxp://www.imbbs2t4u.com/imbbs/naizi.exe
hxxp://www.jbbslivedoor.com/mmghaoyk/xia.exe
hxxp://www.infosueek.com/xin/xia.exe
hxxp://www.k5dionne.com/ma/xia.exe
hxxp://www.lineagecojp.com/tmsn/tmsn.exe
hxxp://www.lineagecojp.com/ie/ie.exe
hxxp://www.lineagecojp.com/rbt1/tt1.exe
hxxp://www.mbspro6uic.com/naizi/xia.exe
hxxp://www.play0nlink.com/ma/xia.exe
hxxp://www.playonlanei.com/game/f1.exe
hxxp://www.ranninp.com/001359/ro.exe
hxxp://www.woshijianren.com/jpjp/jpro.exe

Quote
hxxp://onlinevideosoftex.com/exe2/4912954.exe
hxxp://onlinevideosoftex.com/exe2/msetup.exe

Quote
hxxp://fanduizd.cn/hb/1.exe
Up to...
Quote
hxxp://fanduizd.cn/hb/29.exe

Quote
hxxp://d.93se.com/listo.txt
hxxp://d.789fa.com/d/1.exe
hxxp://d.789fa.com/d/2.exe

Quote
hxxp://9797aini.com/x.txt
hxxp://9797aini.com/x.exe
hxxp://147.232313.cn/down/down.exe

Various iframes and exploits here,dig more if you want...
Quote
hxxp://js.k0102.com/a11.htm
hxxp://w.cao360.com/w6.htm
hxxp://www.158dm.cn/a1.htm
hxxp://cc.buhaoyishi.com/wmwm/a014.js
hxxp://cc.buhaoyishi.com/wmwm/abf.js
hxxp://cc.buhaoyishi.com/wmwm/arl.js
hxxp://cc.haowangma.com/wmwm/a014.js
hxxp://cc.haowangma.com/wmwm/abf.js
hxxp://cc.haowangma.com/wmwm/arl.js
hxxp://gg.haoliuliang.net/wmwm/a014.js
hxxp://gg.haoliuliang.net/wmwm/abf.js
hxxp://gg.haoliuliang.net/wmwm/arl.js
hxxp://sb.5252.ws:88/103/stat6.htm
hxxp://sb.5252.ws:88/103/14.htm
hxxp://wowinterfcae.com/l.html
hxxp://wowinterfcae.com/min.html
hxxp://www.2ch22.com/2ch00358/00358.zip
hxxp://www.8568985.com/mmgjkin/
hxxp://www.8568985.com/garegky/egk.cur
hxxp://www.bbtv-chat.com/cuvt66895/Ms06014.htm
hxxp://www.blogplayonlin.com/ff11/index/movi.zip
hxxp://www.bluewoon.com/web/index1.htm
hxxp://www.caremoon.net/blog/index1.htm
hxxp://www.caremoon.net/wiki/main.htm
hxxp://www.exbloog.com/7112886/000027.zip
hxxp://www.gamerost.com/3.htm
hxxp://www.gameskiy.com/cherry.rar
hxxp://www.imbbs2t4u.com/imbbs/imbbs.htm
hxxp://www.imbbs2t4u.com/imbbs/mbb.htm
hxxp://www.infosueek.com/xin/Ms06014.htm
hxxp://www.infosueek.com/xin/Ms06014tt.htm
hxxp://www.infosueek.com/xin/Ms06046.htm
hxxp://www.infosueek.com/xin/Ms06046tt.htm
hxxp://www.infosueek.com/xin/Yahoo.htm
hxxp://www.infosueek.com/xin/Yahoott.htm
hxxp://www.miorsocft.com/cuteqq.htm
hxxp://www.miarakure.com/wiki/index1.htm
hxxp://www.mbspro6uic.com/naizi/Ms06014.htm
hxxp://www.newlookyahoo.tw/bokai/gg520.rar
hxxp://www.piayonlive.com/gaml/real.zip
hxxp://www.jbbslivedoor.com/mmghaoyk/Ms06014.htm
hxxp://www.jbbslivedoor.com/mmghaoyk/Yahoo.htm
hxxp://www.k5dionne.com/ma/Ms06014.htm
hxxp://www.k5dionne.com/ma/Yahoo.htm
hxxp://www.k5dionne.com/ousele/anitt.htm

And even more crap here,sorted alphabetically for easiness...
Quote
hxxp://33.xingaide8.cn/soft/soft/f2b4657b5568d072.exe
hxxp://453787.com/jp/photo1.exe
hxxp://453787.com/ma/cao.exe
hxxp://453787.com/ma/up.exe
hxxp://777.za123.cn/cc/999.exe
hxxp://777.za123.cn/cc2/vip.exe
hxxp://b.s102-cnzz.com/0014.exe
hxxp://b.s102-cnzz.com/0bf.exe
hxxp://b.s102-cnzz.com/0pps.exe
hxxp://b.s102-cnzz.com/0lz.exe
hxxp://b.s102-cnzz.com/0rl.exe
hxxp://b.s102-cnzz.com/0rl.exe
hxxp://boadongo.org/vbshokmm/xia.exe
hxxp://client133.faster-hosting.com/ex/zu.exe
hxxp://dd.buhaoyishi.com/mmuu/a014.exe
hxxp://dd.tianxiayouzei.com/mmuu/a014.exe
hxxp://langouster.com/iekavass/test/vir.exe
hxxp://lingage.com/yahoo.exe
hxxp://maplestorfy.w16.okwit.com/xin/xia.exe
hxxp://mn.haoyuming.net/mmuu/a014.exe
hxxp://skype.tom.com/download/archive/01400974/SkypeClient.exe
hxxp://u.uu500.com/a8da234k8asdf.exe
hxxp://wowinterfcae.com/ie.exe
hxxp://www.0755007.com/admin/vip.exe
hxxp://www.0755007.com/game/cs.exe
hxxp://www.8568985.com/garegky/jpmm.exe
hxxp://www.acyberhome.com/game/svch.exe
hxxp://www.acyberhome.com/link/server.exe
hxxp://www.acyberhome.com/set.exe
hxxp://www.ahwlqy.com/123.exe
hxxp://www.bbtv-chat.com/cuvt66895/guan.exe
hxxp://www.berseek.com/real/fenrir.exe
hxxp://www.berseek.com/real/ragna.exe
hxxp://www.blogplaync.com/chengzhi.exe
hxxp://www.bluewoon.com/Blog/k1.exe
hxxp://www.bluewoon.com/web/w1.exe
hxxp://www.boadongo.org/vbshokmm/xia.exe
hxxp://www.cityhokkai.com/games/look.exe
hxxp://www.cityhokkai.com/games/server.exe
hxxp://www.cityhokkai.com/links/look.exe
hxxp://www.cityhokkai.com/links/server.exe
hxxp://www.dentellexg.com/wenuser/ro.exe
hxxp://www.dyparagon.co.kr/gon/gmsex.exe
hxxp://www.fccja.com/com.exe
hxxp://www.gamemmobbs.com/batteROyale/ro1.exe
hxxp://www.gamerost.com/npceok.exe
hxxp://www.getamped-garm.com/guiink/t2.exe
hxxp://www.getamped-garm.com/guiink/xiaro.exe
hxxp://www.grandchasse.com/caink/laot1.exe
hxxp://www.grandchasse.com/caink/t1.exe
hxxp://www.infosueek.com/xin/ro.exe
hxxp://www.infosueek.com/xin/xia.exe
hxxp://www.jbbslivedoor.com/mmghaoyk/xia.exe
hxxp://www.joynu.com/blog/system.exe
hxxp://www.jplineage.com/1.exe
hxxp://www.jplineage.com/ss.exe
hxxp://www.k5dionne.com/ma/xia.exe
hxxp://www.kfj08.com/11e.exe
hxxp://www.lineage-bbs.com/kowloon/xoops/jb.exe
hxxp://www.lineage1bbs.com/jp/jb.exe
hxxp://www.lineagecojp.com/ie/ie.exe
hxxp://www.lineagecojp.com/rbt1/tt1.exe
hxxp://www.lineagecojp.com/ro/ro.exe
hxxp://www.lineagecojp.com/tmsn/tmsn.exe
hxxp://www.lineagecojp.com/xzyw2/xzyw2.exe
hxxp://www.lingage.com/asp100.exe
hxxp://www.lingage.com/lick.exe
hxxp://www.lingage.com/ragnarok.exe
hxxp://www.lingelink.net/Blog/test.exe
hxxp://www.lvei20.com/ourtesf/ff11.exe
hxxp://www.maplestorfy.com/caink/t1.exe
hxxp://www.maplestorfy.com/holy_immortals/tals/ff11.exe
hxxp://www.maplestorfy.com/holy_immortals/tals1/t1.exe
hxxp://www.maplestorfy.com/holy_immortals/tals2/weie.exe
hxxp://www.mbspro6uic.com/naizi/ff22.exe
hxxp://www.miarakure.com/wiki/miarakure.exe
hxxp://www.netbenrir.com/ourtesf/ff11.exe
hxxp://www.netbenrit.com/8598647/f5.exe
hxxp://www.netgamerjp.com/jp/jpmm.exe
hxxp://www.pagetions.com/Blog/ro.exe
hxxp://www.pagetions.com/Blog/test.exe
hxxp://www.play0nlink.com/ma/ff11.exe
hxxp://www.play0nlink.com/ma/ro.exe
hxxp://www.play0nlink.com/ma/t1.exe
hxxp://www.play0nlink.com/ma/xia.exe
hxxp://www.playonlanei.com/8598647/f5.exe
hxxp://www.playonlanei.com/game/f1.exe
hxxp://www.playonlanei.com/linef1/f4.exe
hxxp://www.playonlanei.com/weeb/f3.exe
hxxp://www.qsuj.com/win.exe
hxxp://www.ragnwiki.com/read/server.exe
hxxp://www.ranninp.com/001359/ro.exe
hxxp://www.renalmedical.com/Dll/1.exe
hxxp://www.rmtfane.com/link179700/ff.exe
hxxp://www.sakerver.com/web/for.exe
hxxp://www.sakerver.com/web/red.exe
hxxp://www.sakerver.com/wiki/server.exe
hxxp://www.shagigi.net/navi/admin.exe
hxxp://www.soracger.com/wiki/admin.exe
hxxp://www.symphones.com/bbs/fenrir.exe
hxxp://www.symphones.com/bbs/ragner.exe
hxxp://www.symphones.com/bbs/send.exe
hxxp://www.symphones.com/wikipedia/rmtjp.exe
hxxp://www.teamerblog.com/wiki/cer.exe
hxxp://www.testinghua.com/ie/kun.exe
hxxp://www.testinghua.com/ie/ragnarokonline/ro.exe
hxxp://www.testinghua.com/Wiki/suff11.exe
hxxp://www.toyshop.com.tw/images/sigui/ro.exe
hxxp://www.wacacop.net/wiki/sever.exe
hxxp://www.webmastei.com/weeb/f3.exe
hxxp://www.woshijianren.com/jpjp/jpro.exe
hxxp://www.xinluoqu.com/ied/ser.exe
hxxp://www.yaplogjp.com/Blog/jp3.exe
hxxp://www.yinra.com/inf/setup.exe
hxxp://www.yyjjoopp.com/abc.exe

May 06, 2008, 04:38:54 am
Reply #13

jimmyleo

  • Special Members
  • Jr. Member

  • Offline
  • *

  • 29
hoho the unsorted seem like great sort work.. ;D
many of them are password stuff..

May 06, 2008, 09:09:52 am
Reply #14

sowhat-x

  • Guest
Quote
hoho the unsorted seem like great sort work..
He-he,actually,i got a bit 'lucky' yesterday,when I stumbled upon this:  ;D
http://lineage.paix.jp/guide/security/virus-listall.html
But it took me more than a couple of hours of sorting/grepping/downloading,
in order to verify what crap is actually still alive there...

Here's also the "last modified",in order to simply gather newer samples...
http://lineage.paix.jp/guide/security/virus-lastmodified.html
There are also blocklists/hosts files of the above,
these guys there have done a really nice work...
http://lineage.paix.jp/guide/security/virus-url.html