« previous next »
Pages: [1]   Go Down

Author Topic: mama.jopenkk.com  (Read 5842 times)

0 Members and 1 Guest are viewing this topic.

November 16, 2007, 06:41:26 am
Read 5842 times

sowhat-x

  • Guest
mama.jopenkk.com
Quote
hxxp://mama.jopenkk.com/down/dogdel.exe

Quote
hxxp://mama.jopenkk.com/down/arpkk.exe
-> Rar sfx archive,containing Winpcap's dlls and driver,
and also some other NsPacked packet sniffer or so...

Quote
hxxp://mama.jopenkk.com/down/hosts.exe
And here's what I've found in the strings of this last one hosts.exe,
my guess JohnC will love this one...  :)

Quote
hxxp://rrr.jopenkk.com/down/a.txt

For the sake of easiness,I copy/paste a.txt's contents,
some nice guys here,we've met a few of them before...
I've replaced the string "www" with "ccc",
in order for the links to not be directly clickable...
Quote
127.0.0.1 ccc.851733.cn
127.0.0.1 ccc.9669093.com
127.0.0.1 ccc.2gvn.cn
127.0.0.1 vvv.3x7x.cn
127.0.0.1 366ip.com
127.0.0.1 aa.18dd.net
127.0.0.1 wvw.8x9x8.cn
127.0.0.1 rrr.rfhwfhw.com
127.0.0.1 pu.xiahou2008.com
127.0.0.1 sdo.969111.com
127.0.0.1 ccc.15197.com
127.0.0.1 down.18dd.net
127.0.0.1 xxx.cslr1.com
127.0.0.1 zzz.cslr1.com
127.0.0.1 wvw.xiahou2008.com
127.0.0.1 xiahou2008.com
127.0.0.1 zzz.cslr1.com
127.0.0.1 cao.ganbibi.com
127.0.0.1 w.1030829.com
127.0.0.1 q.1030829.com
127.0.0.1 ccc.cwliu.cn
127.0.0.1 d5.xihai.com
127.0.0.1 ccc.dream5920.cn
127.0.0.1 web.2008yi.com
127.0.0.1 mmm.mm5208.com
127.0.0.1 xx.9365.org
127.0.0.1 ccc.puma166.com
127.0.0.1 mlcro-soft.cn
127.0.0.1 ccc.mlcro-soft.cn
127.0.0.1 mms.nmmmn.com
127.0.0.1 ccc.171l73.cn
127.0.0.1 171l73.cn
127.0.0.1 pu.puma163.com
127.0.0.1 ccc.5415.info
127.0.0.1 ccc.so14.cn
127.0.0.1 so14.cn
127.0.0.1 5415.info
127.0.0.1 ddd.nmmmn.com
127.0.0.1 ccc.puma166.com
127.0.0.1 ccc.nmmmn.com
127.0.0.1 ccc.my1231.com
127.0.0.1 ccc.ndnd.info
127.0.0.1 xz.88889999.info
127.0.0.1 ccc.ndnd.info
127.0.0.1 iii.832823.cn
127.0.0.1 aaa.369678.cn
127.0.0.1 imobile.8866.org
127.0.0.1 xxx.745970.com
127.0.0.1 ooo.745970.com
127.0.0.1 xxx.18dmm.com
127.0.0.1 ooo.18dmm.com
127.0.0.1 down.dj7788.cn
127.0.0.1 i.ip777.net
127.0.0.1 ccc.686ip.cn
127.0.0.1 z.glo123.com
127.0.0.1 ccc.puma166.com
127.0.0.1 ccc.17y1.cn
127.0.0.1 ccc.csfqw.com
127.0.0.1 go.bannerbox.cn
127.0.0.1 59.34.197.239
127.0.0.1 ccc.17y1.cn
127.0.0.1 go.ipcenter.cn
127.0.0.1 ccc.520018.com
127.0.0.1 ccc.851733.cn
127.0.0.1 xz.88889999.info
127.0.0.1 miss123.xicp.net
127.0.0.1 ccc.060s.com
127.0.0.1 ccc.wjlys.com
127.0.0.1 ccc.globbs.com
127.0.0.1 ccc.glocn.com
127.0.0.1 ccc.glo123.com
127.0.0.1 mil.globbs.com
127.0.0.1 ccc.tql2l.com
127.0.0.1 59.34.197.239
127.0.0.1 go.bannerbox.cn
127.0.0.1 ip.adanywhere.cn
127.0.0.1 ccc.chattime.cn
127.0.0.1 ccc.b1ueidea.com
127.0.0.1 www1.winopen.cn
127.0.0.1 ccc.fundbase.cn
127.0.0.1 xxx.745970.com
127.0.0.1 ccc.heiwuya.cn
127.0.0.1 ccc.heiwuya.cn
127.0.0.1 ccc.f1ash512.com
127.0.0.1 ccc.heijingang.cn
127.0.0.1 mlcro-soft.cn
127.0.0.1 union.mmtw.cn
127.0.0.1 ccc.tql2l.com
127.0.0.1 mms.nmmmn.com
127.0.0.1 ccc.17jiaoyou.cn
127.0.0.1 ccc.goodchat.cn
127.0.0.1 jjj.jfhwfhw.com
127.0.0.1 ip1.adanywhere.cn
127.0.0.1 ooo.832823.cn
127.0.0.1 ads.ganbibi.com
127.0.0.1 ccc.ioco.info
127.0.0.1 ccc.nmmmn.com
127.0.0.1 ccc.88889999.info
127.0.0.1 ddd.369678.cn
127.0.0.1 5x.3x7x.cn
Logged
November 16, 2007, 02:22:10 pm
Reply #1

JohnC

  • Special Members
  • Hero Member
  • Offline
  • *
  • 1964
Re: mama.jopenkk.com
Those domains are more than likely all malicious in that hosts file. Looks like the author of the malware which uses it is trying to protect the computer from other widely known malicious sites, in an effort to cut out the competition. Similar things have been done by IRC bots in the past, with options to patch systems after exploiting them.

Thanks for the domains. I'll try and get through some of the ones in that hosts file soon to :)
Logged
Pages: [1]   Go Up
« previous next »