Malware Domain List

Malware Related => Tools of the trade / Internet News => Topic started by: SysAdMini on December 15, 2009, 11:19:13 pm

Title: Mebroot distribution by Virut
Post by: SysAdMini on December 15, 2009, 11:19:13 pm
Today our member crunchtime has reported a Virut sample

http://www.malwaredomainlist.com/forums/index.php?topic=3610.0

that downloads a file from :

hxxp://maxdomzhit.com/file.exe.

I checked the file and was surprized. It is sample of the infamous Mebroot.
This distribution method is unusual, because Mebroot uses dedicated infection domains running Neosploit for its deployment.

I have found other Threatexpert reports that show similar cases.

http://www.threatexpert.com/report.aspx?md5=65ea82813ea518fa085d18dad4782363
http://www.google.com/search?hl=en&source=hp&q=site%3Athreatexpert.com+%2Bmaxdomzhit.com

Title: Re: Mebroot distribution by Virut
Post by: SysAdMini on March 25, 2010, 08:39:46 pm
Found another TE report of a Virut samples which spreads Mebroot and Zeus.

http://www.threatexpert.com/report.aspx?md5=78dfac426b260a7f0fc1b42235112b72

Mebroot url is:

Code: [Select]
frensomo.com/ld/jagr/jagr.bzz