« previous next »
Pages: [1]   Go Down

Author Topic: drive by download site  (Read 7360 times)

0 Members and 1 Guest are viewing this topic.

May 27, 2008, 08:25:58 pm
Read 7360 times

southshore

  • Newbie
  • Offline
  • *
  • 4
drive by download site
I tested out the URL on a test machine of mine and I was infected a file running under C:/. The file itself is only detected by 7 of the scanners on VT. Didn't take much time to look further but I did see some major obfuscation on the pages that the malware directed me to.

advance-actions.com/secure(DOT)cgi?bicjwhud

-SouthShore
Logged
May 27, 2008, 08:35:37 pm
Reply #1

dimitribest

  • Special Access
  • Newbie
  • Offline
  • *
  • 1
Re: drive by download site
Hi there,

Pls, could you download Avz4 from http://z-oleg.com/avz4.zip
Run avz.exe and then make this steps: "File" - "Standard Scripts" - "Advanced System Analysis"
The tool will begin to analyze your system. It takes about 3 minutes, then in the same folder you'll find the folder \Logs
Please, compress it and send it to me. I'd like ti get this malicious sample and help you, if you need to desinfect your machine.

The link you sent is broken now  :P
Logged
May 27, 2008, 08:38:47 pm
Reply #2

southshore

  • Newbie
  • Offline
  • *
  • 4
Re: drive by download site
Quote from: dimitribest on May 27, 2008, 08:35:37 pm
Hi there,

Pls, could you download Avz4 from http://z-oleg.com/avz4.zip
Run avz.exe and then make this steps: "File" - "Standard Scripts" - "Advanced System Analysis"
The tool will begin to analyze your system. It takes about 3 minutes, then in the same folder you'll find the folder \Logs
Please, compress it and send it to me. I'd like ti get this malicious sample and help you, if you need to desinfect your machine.

The link you sent is broken now  :P

Sorry I should have been more clear. I am not infected. I am a geek who happened to notice a malicious page on the web and I was submitting it to be part of the list of known malicious domains.
Logged
May 28, 2008, 12:19:11 am
Reply #3

sowhat-x

  • Guest
Re: drive by download site
I also couldn't manage to get it...
so I assume that it passes different variables to the 'infected' cgi everytime it is accessed,
depending on user agent/ip address or so...
Googling brought the following results though:
http://cygnus.livejournal.com/2008/05/25/
http://profilesblog.com/?p=45

Irrelevant (or maybe not?)...while searching for the above "Zinaps" thingy,
I also stumbled upon this post in Digg...Zlob social engineering:
Quote
hxxp://watchz.info/avi/?v=Watch-out-for-Zinaps-Antispyware-p3
hxxp://vidscollections.com/m6/movie1.php?id=1923&n=cumshot
hxxp://www.flwupdate.com/download.php?id=1923
-> The malware itself...MD5: 742d7742799ddb590d0b254cf250001e
Logged
May 28, 2008, 05:35:00 pm
Reply #4

JohnC

  • Special Members
  • Hero Member
  • Offline
  • *
  • 1964
Re: drive by download site
Thanks for the domains.
Logged
Pages: [1]   Go Up
« previous next »