Author Topic: ZeroAccess / Max++ rootkit CnC domains  (Read 4520 times)

0 Members and 1 Guest are viewing this topic.

July 08, 2011, 08:06:52 pm
Read 4520 times

Amishrabbit

  • Jr. Member

  • Offline
  • **

  • 10
Referenced in the blog post at http://blog.webroot.com/2011/07/08/zeroaccess-rootkit-guards-itself-with-a-tripwire/

The rootkit uses a domain name generation algorithm that rotates its command-and-control domains once a day. The researchers at Webroot reversed this mechanism and have generated the domains the rootkit will use for the rest of July and August, by which time, no doubt, there will be a new variant which no longer uses the same mechanism.

Code: [Select]
8/7 : http://jajhlvkw.cn
9/7 : http://iyncifls.cn
10/7 : http://pnwjogba.cn
11/7 : http://ljiditu.cn
12/7 : http://iivxhdcd.cn
13/7 : http://moayuetc.cn
14/7 : http://ojntarqg.cn
15/7 : http://kpdkycsf.cn
16/7 : http://zovysnen.cn
17/7 : http://wiaxzchu.cn
18/7 : http://spnkaamy.cn
19/7 : http://xjdtnqie.cn
20/7 : http://cyjcfwci.cn
21/7 : http://nanhtzzk.cn
22/7 : http://qjwddxep.cn
23/7 : http://anijrsfi.cn
24/7 : http://frvhydef.cn
25/7 : http://vdacaehg.cn
26/7 : http://tgnjurmc.cn
27/7 : http://gvddhcid.cn
28/7 : http://eajxiv.cn
29/7 : http://dnnyofza.cn
30/7 : http://cxwtiges.cn
31/7 : http://rwikltfw.cn
1/8 : http://qaenlilh.cn
2/8 : http://njhiikba.cn
3/8 : http://cneeooub.cn
4/8 : http://xoisuico.cn
5/8 : http://sicbhjtm.cn
6/8 : http://wpzgylqj.cn
7/8 : http://zjmoapsl.cn
8/8 : http://rafbdekt.cn
9/8 : http://cnesralv.cn
10/8 : http://dxhofbbe.cn
11/8 : http://ewegtyur.cn
12/8 : http://grinahcq.cn
13/8 : http://tdcnnntn.cn
14/8 : http://vgzesuqz.cn
15/8 : http://fvmizjsx.cn
16/8 : http://bdinaiel.cn
17/8 : http://yrcnyjhj.cn
18/8 : http://evzihlmm.cn
19/8 : http://agmeupio.cn
20/8 : http://unfsomcb.cn
21/8 : http://jaebiiza.cn
22/8 : http://hwhglkeh.cn
23/8 : http://nxeoiofj.cn
24/8 : http://kiibzhex.cn
25/8 : http://oocssnhz.cn
26/8 : http://mjzonumn.cn
27/8 : http://ipmgajiq.cn
28/8 : http://lafntecr.cn
29/8 : http://pyenfaze.cn
30/8 : http://inherbev.cn
31/8 : http://jjeidyft.cn
-=A