Monday, July 27, 2009

LuckySploit ** nttyhg.com/g/360.htm

LuckySploit http://www.nttyhg.com, LuckySploit is a set of .HTML files that are full of malicious JavaScript obfuscated code. Normally, the website contain hidden iframe, or obfuscated codes. Users will be redirected to exploit websites that contain different type of exploit such as Adobe, RealPlayer, ActiveX, DirectShow MPEG2 and etc.




Figure: 3.htm

Level 1:http://www.nttyhg.com/g/360.htm
Level 2:http://bbc.ch.ma/xie.htm
Level 3:http://bbc.ch.ma/hell1.swf
Level 3http://bbc.ch.ma/hell.swf
Level 3http://bbc.ch.ma/hell2.swf
Level 2:http://bbc.ch.ma/iie.swf
Level 2:http://bbc.ch.ma/fff.swf
Level 2:http://bbc.ch.ma/x.htm
Level 3:http://bbc.ch.ma/all.css
Level 4:http://bbc.ch.ma/3.htm
Level 5:http://bbc.ch.ma/3.css
Level 4:http://bbc.ch.ma/4.htm (RealPlayer IERPCtl.IERPCtl.1, http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5601)
Level 5:http://bbc.ch.ma/2.css
Level 3:http://bbc.ch.ma/1.htm
Level 4:http://bbc.ch.ma/1.css
Level 5:http://www.mysnda.com/ppk/a.css
http://www.virustotal.com/analisis/c8c3de2649d925e7c870ac45178da59b9a86ad76302bfe2b2c86eb2d1dac3de9-1248698873
Level 4:http://bbc.ch.ma/15.js
Level 4:http://bbc.ch.ma/16.js
Level 3:http://bbc.ch.ma/of.htm
Level 4:http://bbc.ch.ma/of.css
Level 3:http://bbc.ch.ma/office.htm
Level 3:http://bbc.ch.ma/newlz.htm
Level 3:http://bbc.ch.ma/bf.htm
Level 4:http://bbc.ch.ma/2.css (Ultra Star Reader LoadPage overflow, http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5807)
Level 5:http://www.mysnda.com/ppk/a.css
Level 4:http://bbc.ch.ma/bf.js
Level 3http://bbc.ch.ma/cx.htm

Potential Malicious Domain(222.185.254.135-Blacklisted)

a.wuc9.com
b.wuc9.com
c.wuc9.com
cao360.vu.cx
carloon.cn
cav.qc.cx
cnn.vu.cx
czanibase.com
czbljc.com
czflying.com
czgfy.com
czxcdz.com
juditrade.com
mysnda.com
news.85580000.com
rec.cztv.tv
tec.vu.cx
wdjsc.com
www.85580000.com
www.carloon.cn
www.laishe.com
www.mysnda.com
www.tec.vu.cx
zlflawyer.com
zshxz.com
ztb.cztv.tv
ad.cztv.tv
edu.cztv.tv
gdb.cztv.tv
jk.cztv.tv
tv.cztv.tv
www.carloon.cn
www.cnwlzx.com
www.czmtv.net
www.laishe.com
www.mysnda.com
www.zlflawyer.com
www.zshxz.com
ztb.cztv.tv

This exploit site lead user to download malware (a.css) that detected mostly by antivirus according Virustotal .



--x0end
at 10:11 AM
Labels: , , ,

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)