Malware Related > Zlkon.lv

hs.3-150.zlkon.lv -(94.247.3.150)

(1/3) > >>

SysAdMini:
redirect to exploits

--- Code: ---namebuyline.cn/in.cgi?income
filmtypemedia.cn/in.cgi?income
yourfilmmovie.cn/in.cgi?income
homenameregistration.cn/in.cgi?income
nameashop.cn/in.cgi?income
mainnameshop.cn/in.cgi?income
namesupermart.cn/in.cgi?income
namebrandmart.cn/in.cgi?income
namebuypicture.cn/in.cgi?income31

--- End code ---

CkreM:
All Redirect to exploit stated below:

--- Code: ---lotante.cn/in.cgi?income
japanhostnet.com/in.cgi?income
lotbetworld.cn/in.cgi?income
namestorefilmlife.cn/in.cgi?income
internetnamestore.cn/in.cgi?income
coolnameshop.cn/in.cgi?income
dotcomnameshop.cn/in.cgi?income
playbetwager.cn/in.cgi?income
thelotbet.cn/in.cgi?income

--- End code ---


wepawet couldnt analyze this exploit and stated that the index.php response is empty(http://wepawet.iseclab.org/view.php?hash=0427b7627c9938608b886b095702247a&t=1239032970&type=js)
was able to d/l the pdf and sent it only.
anyway it download a trojan in the end in the same domain:

--- Code: ---litehitscar.cn/index.php
--- End code ---
http://wepawet.iseclab.org/view.php?hash=4ad4419f482403c543365cad5e60269a&type=js

btw the domain with the trojan resolves 94.247.3.151 for me...

CkreM:
did all the domains with the redirections resolved  as 94.247.3.151 for you?(as stated on MDL )

because for me they are all  94.247.3.150 ,also checked on centralops,etc...

SysAdMini:

--- Quote from: CkreM on April 06, 2009, 07:09:06 pm ---did all the domains with the redirections resolved  as 94.247.3.151 for you?(as stated on MDL )

because for me they are all  94.247.3.150 ,also checked on centralops,etc...

--- End quote ---

My mistake. Is is another disadvantage of adding urls manually. One mistake and then copy and paste.
Fixed.

SysAdMini:
another redirector to litehitscar.cn

--- Code: ---superbetfair.cn/in.cgi?income43
--- End code ---

Navigation

[0] Message Index

[#] Next page