Exploit:
Reference:
http://Securitylab.ir/Advisories
Disclaimer:
The script showed above might cause something offensive, use at own risk.
Sunday, July 25, 2010
Mozilla Firefox 3.5.x Address Bar Spoofing Vulnerability
Vulnerable: Mozilla Firefox 3.5.x
Exploit:
Reference:
http://Securitylab.ir/Advisories
Disclaimer:
The script showed above might cause something offensive, use at own risk.
Exploit:
Reference:
http://Securitylab.ir/Advisories
Disclaimer:
The script showed above might cause something offensive, use at own risk.
Thursday, July 22, 2010
Microsoft released workaround to fix CVE-2010-2568
Reference: http://support.microsoft.com/kb/2286198
To implement the workaround that disables .LNK and .PIF file functionality automatically on a computer that is running Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, or Windows Server R2.
Enable workaround Fix It
If want to undo the workaround, click on disable workaround Fix It
Or you can apply yourself by doing some changes on registry.
Enable Changes:
1. Click Start, click Run, type regedit in the Open box, and then click OK.
2. Locate and then select the following registry key:
HKEY_CLASSES_ROOT\lnkfile\shellex\IconHandler
3. Click the File menu and then click Export.
4. In the Export Registry File dialog box, type LNK_Icon_Backup.reg and then click Save.
Note This will create a backup of this registry key in the My Documents folder by default .
5. Select the value (Default) on the right pane in the Registy Editor. Press ENTER to edit the value of the key. Delete the value, so that the value is blank, and press ENTER.
6. Locate and then select the following registry key:
HKEY_CLASSES_ROOT\piffile\shellex\IconHandler
7. Click the File menu and then click Export.
8. In the Export Registry File dialog box, type PIF_Icon_Backup.reg and then click Save.
Note This will create a backup of this registry key in the My Documents folder by default
9. Select the value (Default) on the right pane in the Registy Editor. Press ENTER to edit the value of the key. Delete the value, so that the value is blank, and press ENTER.
Disable Changes:
How to undo the interactive method
1. Click Start, click Run, type regedit in the Open box, and then click OK.
2. On the File menu, click Import.
3. In the Import Registry File dialog box, select LNK_Icon_Backup.reg, and then click Open.
4. On the File menu, click Import.
5. In the Import Registry File dialog box, select PIF_Icon_Backup.reg, and then click Open.
6. Exit Registry Editor, and then restart the computer.
How to manually reset the Registry key values to the default values
1. Click Start, click Run, type regedit in the Open box, and then click OK.
2. Locate and then click the following registry key:
HKEY_CLASSES_ROOT\lnkfile\shellex\IconHandler
3. Reset the registry key value to:
{00021401-0000-0000-C000-000000000046}
4. Locate and then click the following registry key:
HKEY_CLASSES_ROOT\piffile\shellex\IconHandler
5. Reset the registry key value to:
{00021401-0000-0000-C000-000000000046}
6. Restart the computer
To implement the workaround that disables .LNK and .PIF file functionality automatically on a computer that is running Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, or Windows Server R2.
Enable workaround Fix It
If want to undo the workaround, click on disable workaround Fix It
Or you can apply yourself by doing some changes on registry.
Enable Changes:
1. Click Start, click Run, type regedit in the Open box, and then click OK.
2. Locate and then select the following registry key:
HKEY_CLASSES_ROOT\lnkfile\shellex\IconHandler
3. Click the File menu and then click Export.
4. In the Export Registry File dialog box, type LNK_Icon_Backup.reg and then click Save.
Note This will create a backup of this registry key in the My Documents folder by default .
5. Select the value (Default) on the right pane in the Registy Editor. Press ENTER to edit the value of the key. Delete the value, so that the value is blank, and press ENTER.
6. Locate and then select the following registry key:
HKEY_CLASSES_ROOT\piffile\shellex\IconHandler
7. Click the File menu and then click Export.
8. In the Export Registry File dialog box, type PIF_Icon_Backup.reg and then click Save.
Note This will create a backup of this registry key in the My Documents folder by default
9. Select the value (Default) on the right pane in the Registy Editor. Press ENTER to edit the value of the key. Delete the value, so that the value is blank, and press ENTER.
Disable Changes:
How to undo the interactive method
1. Click Start, click Run, type regedit in the Open box, and then click OK.
2. On the File menu, click Import.
3. In the Import Registry File dialog box, select LNK_Icon_Backup.reg, and then click Open.
4. On the File menu, click Import.
5. In the Import Registry File dialog box, select PIF_Icon_Backup.reg, and then click Open.
6. Exit Registry Editor, and then restart the computer.
How to manually reset the Registry key values to the default values
1. Click Start, click Run, type regedit in the Open box, and then click OK.
2. Locate and then click the following registry key:
HKEY_CLASSES_ROOT\lnkfile\shellex\IconHandler
3. Reset the registry key value to:
{00021401-0000-0000-C000-000000000046}
4. Locate and then click the following registry key:
HKEY_CLASSES_ROOT\piffile\shellex\IconHandler
5. Reset the registry key value to:
{00021401-0000-0000-C000-000000000046}
6. Restart the computer
Wednesday, July 21, 2010
blogspot.com and multiply.com serve zbot's eCard
Zbot is diversify its strategic and targeting blogspot and multiply social networking tool to spread the malware.
The message of the website sounds like:
You have received an Greeting eCard
Good day.
You have received an eCard
To pick up your eCard, choose from any of the following options:
Click on the following link (or copy & paste it into your web browser):
http://theorionfund.org/ecard.exe
Your card will be aviailable for pick-up beginning for the next 30 days.
Please be sure to view your eCard before the days are up!
We hope you enjoy you eCard.
Thank You!
Few websites were identified to host similar scam.
hxxxp://bocaalenda.multiply.com/journal/item/169/You_have_received_an_Greeting_eCard
hxxxp://bocaalenda.multiply.com/journal/item/168/You_have_received_an_Greeting_eCard
hxxxp://bocaalenda.multiply.com/journal/item/170/You_have_received_an_Greeting_eCard
hxxxp://googeelblog.blogspot.com/2010/07/you-have-received-greeting-ecard_9433.html
hxxxp://my-dnb.blogspot.com/2010/07/you-have-received-greeting-ecard_5182.html
hxxxp://my-dnb.blogspot.com/2010/07/you-have-received-greeting-ecard_5260.html
hxxxp://my-dnb.blogspot.com/2010/07/you-have-received-greeting-ecard_505.html
hxxxp://angelusfecit.blogspot.com/2010/07/you-have-received-greeting-ecard_1193.html
hxxxp://angelusfecit.blogspot.com/2010/07/you-have-received-greeting-ecard_7126.html
hxxxp://angelusfecit.blogspot.com/2010/07/you-have-received-greeting-ecard_3877.html
Malware samples:
hxxxp://passmc.com/ecard.exe
hxxxp://theorionfund.org/ecard.exe VT (11/42)
hxxxp://westinghouse-ueo.net/card.exe VT (12/42)
hxxxp://laxus.com.br/ecard.exe VT (27/42)
hxxxp://onlinehom.com/ecard.exe
IP Address: 167.142.226.220
accuscript-mt.com
agri-ed.com
agricareersinc.com
alsvacuum.com
americandeco.com
arcadiaiowa.net
argeetrans.com
barnesfoodland.com
beef4you.com
bethurem.com
bistatetelesource.com
bloomfieldfoundry.com
casshealth.com
casshealth.org
cfirst.com
chalkartist.com
cityofmechanicsville.net
clonerights.com
cmtel.com
commodityservices.com
creative-treasures.net
customprecast.com
dbrooker.com
delimit.com
deltainc-usa.com
fachristian.com
farm-and-home.com
fmtcnet.com
froehlichcomm.com
fughios.net
gbmckee.com
geometricdesigninc.net
gilman-iowa.com
gogelbvieh.com
greeneiowa.com
hawkeyebb.com
helianthus-productions.com
helianthusproductions.com
hi-res-graphics.com
hickorypark-bbq.com
hometowntvappliance.com
jamesport-mo.com
kellogg-iowa.com
kwqc.net
lawtoniowa.com
leonardrealty.net
libertycommunications.com
llbk.com
lwvia.org
madridiowa.com
marneelkhorn.com
mathisoninc.com
mckennatrx.com
mewnlite.com
midwestbenefits.com
mindymyers.com
music-iowa.com
ncrlc.com
ndm-girls-softball.com
nebola.com
netins.net
netinsts.net
newleafmedia.net
newlifefamilyworship.com
northscottchamber.com
northscottsoccer.net
odebolt.net
ooo-er.net
polybytes.com
polyview.com
portals-past.com
prairielifestudio.com
prairieridge.net
prins-ins.com
proscription.net
qcqc.com
raytech-measuring.com
restorationproduct.com
rettey.com
riwma.net
rkshows.com
rock-n-row-adventures.com
rohlfsen.com
rosenboom.com
security-title.net
sellers-sellars-sollars-zellars.net
smyser-racing.com
somethingtoshare.net
southslope.com
spal-usa.com
spreadingelm.com
st-pauls-cathedral.com
statelinerally.net
stjosephjefferson.net
stratfordiowa.com
strawberrycomputing.net
suemears.com
swanengr.com
tastetogo.net
thoughtscreate.com
thundersnow.com
tigerbowl.com
timswebsite.net
tonyvaldez.com
tournamentheadquarters.net
vcbconsulting.com
vikingupdate.com
vossrealty.com
wdmpsych.com
webhosting.netins.net
whiteroofing.com
windturbinewarehouse.com
word-crafter.net
www.barnesfoodland.com
www.fachristian.com
www.libertycommunications.com
www.ndm-girls-softball.com
www.northscottchamber.com
www.prairielifestudio.com
www.restorationproduct.com
y2ks.com
IP Address: 207.58.144.202
4caliber.com
74thstreet.com
abilityunleashed.com
acellabove.com
aethertide.net
aids-india.org
aimfbs.com
al-hasan.net
aldiemansion.com
animalstalk.net
aqua-metrics.com
areyouadjusted.com
arianahall.com
artfigures.com
backdoorfence.com
bass-x.net
bawcom.net
baycitybombers.com
beangourmet.com
beepestservices.com
blbeach.com
blockstudio-online.com
bolander.net
boschphoto.com
bostonbeacon.net
californiareadinglist.com
cancerlifeline.org
capcurr.com
carbonnel.com
cavaniws.com
chelseachamberplayers.com
chubbypaw.com
cinemajidi.com
coffeefilter.com
cpslawfirm.com
ctomag.com
danceswithhooves.net
dansteinberg.com
davidpavelka.com
deloriahurst.com
desertprogramming.com
docstotalpackage.com
dorny.com
dreamstarkaraoke.net
driedplum.com
driedplum.net
driedplums.com
driedplums.net
eb2bconference.com
ekingdirect.com
elirecords.com
espringdesigns.com
figgle.com
fishonice.com
funniestfemale.com
funopolies.com
gosafenet.com
gruneisen.net
highvaluemarketing.com
hollowtrucking.com
hoylen.com
hyattfarms.net
illuminalovesyou.com
imageloftphoto.com
jakadas.com
jancis.net
johnkeiser.com
jonhowland.com
justavisual.net
k-mac-plastics.net
kathleencameron.com
kekadesign.com
killerkomedy.com
lafinlarry.net
laurakennels.com
liberalinstitute.com
linkyears.com
lionessconsulting.com
mahinder.com
mail.hollowtrucking.com
mdmmc.com
mecca2.myhostdns.com
midwestloads.net
miesen.com
mocktherock.com
moosetwit.com
naflute.com
ninesages.com
ns15.cphosting.com
ns16.cphosting.com
ns6.cphosting.com
obxco.com
parkviewkennels.com
pbforj.com
plastools.com
rbccucc.org
recurrencies.net
rhinehart.net
rubberdonut.com
secihk.com
seedtheworld.com
silvan.us
skikeka.com
slammin.com
sonomasport.com
spitflames.com
structureperfect.com
systematixinc.com
taxprofessionals4hire.com
the-roulette-lounge.com
thebeangourmet.com
thesupplytent.com
tomhilt.com
uscomputertech.net
valkyriesinc.com
vantagepointproductions.com
vitaliy.com
wedig.com
wheatonhockey.com
willowpages.com
writersatthepodium.com
IP Address: 69.73.145.159
*.lambregts.org
*.latinafuckers.com
*.mailforme.org
*.wankyourself.com
albasrahuniv.com
aledween.net
bedounwaseet.com
bnia.com.eg
egpen.com
lambregts.org
mail.bnia.com.eg
mail.concordservice.com
mail.lambregts.org
mail.mailforme.org
mail.necb-misr.com
mailforme.org
necb-misr.com
ns.albasrahuniv.com
ns.aledween.net
ns.concordservice.com
ns.egpen.com
ns.hostahm.com
ns.necb-misr.com
westinghouse-ueo.net
www.wankyourself.com
187.45.195.15
97fm.odo.br
aabbskcis.biz
abcp.org.br
advogando.net
agenciafides.com
alexandresan.com
alvoradahotel.net
amanhantes.biz
americanday.biz
amonoite.biz
andreiazemuner.com
anjoquerubin.biz
antoniojose132.com
antoniojosesenador.com
antoniojosesenador132.com
antoniojotta.com
ataidealexade.biz
atostec.com
atualizacaouol.com
axlengenharia.com
baillargen.net
belaoptica.com
benicecream.com
bernardofaria.com
beta-cto.com
bikeparadebrazil.com
brazilymen.biz
brinformatica.info
brozpeidona.com
caixafeder4l.net
caixafederal2.net
caraveladown.biz
chavesdeacesso.net
clairebijuterias.biz
clairejoiass.biz
clubedocaors.com
comercial360.com
complleto.com
contatocomunica.com
contatocomunica.net
crackeringhouse.com
dealbuquerque.biz
denisebrandao.biz
dermoclinica.med.br
downloadswebs.biz
dtonetti.com.br
dubynovak.com
ecobioambiental.com
eddyebruno.biz
elitesegurancaeletronica.com
emporiodoacucar.com
festgospel1000.com
festlabel2010.com
financasmagalaes.net
ftconstrutora.com
ggasxasx.com
gotti.com.br
grelhadytotu.biz
hhehehxas.com
hm3060.locaweb.com.br
hopesquisa.com
hopesquisademercado.com
imagemengenharia.com
importadoraamericas.com
inboxdenv.net
inicializacaojuridico.net
inicializacaopessoal.net
jeh182.com
juniorrosa.com
kaiomy.biz
kalaacaba.biz
kalbnhsk.biz
karolyngarcya.com
kitandaky.biz
klb.net
lababetterie.com
laxus.com.br
lionbrandao.biz
lkjjaose.biz
lkjjaosekl.biz
macerdan.biz
maissexo24hr.com
marradevas.biz
marvindey.biz
midiaclic.com
mixxtotal.com
morfiga.com
natucid.com.br
oliveira1254.net
optcon.net
padariamirasol.com
pedrocash.com
planetadosexo.net
portaldapropaganda.com.br
portaldoricardogama.com
proeaddireito.com
promocaomais.com
queroveloxemsantarem.net
ragreva.com
renanluna.com
rioparty.net
satolepweb.net
segredosemitos.com
segsecuritysystem.net
sgeduc.com
solariumviana.com
surpreendamaster.net
terraencantadafestas.com
teruelkerlly.net
teruelkerllys.biz
tesouratermica.com
thiagocesar.com
thjardins.com.br
titoryff.com
totalepis.com
twitvota.com
uashuashux1.com
vittorie.net
www.dermoclinica.med.br
www.pfgcaixa.com.br
www.portaldapropaganda.com.br
IP Address: 76.74.238.171
8rich888.biz
dreamlifeasia.com
kocalp.com
money4ever.biz
onlinehom.com
server1.rsyserv.com
swepan.com
wfhswe.com
The message of the website sounds like:
You have received an Greeting eCard
Good day.
You have received an eCard
To pick up your eCard, choose from any of the following options:
Click on the following link (or copy & paste it into your web browser):
http://theorionfund.org/ecard.exe
Your card will be aviailable for pick-up beginning for the next 30 days.
Please be sure to view your eCard before the days are up!
We hope you enjoy you eCard.
Thank You!
Few websites were identified to host similar scam.
hxxxp://bocaalenda.multiply.com/journal/item/169/You_have_received_an_Greeting_eCard
hxxxp://bocaalenda.multiply.com/journal/item/168/You_have_received_an_Greeting_eCard
hxxxp://bocaalenda.multiply.com/journal/item/170/You_have_received_an_Greeting_eCard
hxxxp://googeelblog.blogspot.com/2010/07/you-have-received-greeting-ecard_9433.html
hxxxp://my-dnb.blogspot.com/2010/07/you-have-received-greeting-ecard_5182.html
hxxxp://my-dnb.blogspot.com/2010/07/you-have-received-greeting-ecard_5260.html
hxxxp://my-dnb.blogspot.com/2010/07/you-have-received-greeting-ecard_505.html
hxxxp://angelusfecit.blogspot.com/2010/07/you-have-received-greeting-ecard_1193.html
hxxxp://angelusfecit.blogspot.com/2010/07/you-have-received-greeting-ecard_7126.html
hxxxp://angelusfecit.blogspot.com/2010/07/you-have-received-greeting-ecard_3877.html
Malware samples:
hxxxp://passmc.com/ecard.exe
hxxxp://theorionfund.org/ecard.exe VT (11/42)
hxxxp://westinghouse-ueo.net/card.exe VT (12/42)
hxxxp://laxus.com.br/ecard.exe VT (27/42)
hxxxp://onlinehom.com/ecard.exe
IP Address: 167.142.226.220
accuscript-mt.com
agri-ed.com
agricareersinc.com
alsvacuum.com
americandeco.com
arcadiaiowa.net
argeetrans.com
barnesfoodland.com
beef4you.com
bethurem.com
bistatetelesource.com
bloomfieldfoundry.com
casshealth.com
casshealth.org
cfirst.com
chalkartist.com
cityofmechanicsville.net
clonerights.com
cmtel.com
commodityservices.com
creative-treasures.net
customprecast.com
dbrooker.com
delimit.com
deltainc-usa.com
fachristian.com
farm-and-home.com
fmtcnet.com
froehlichcomm.com
fughios.net
gbmckee.com
geometricdesigninc.net
gilman-iowa.com
gogelbvieh.com
greeneiowa.com
hawkeyebb.com
helianthus-productions.com
helianthusproductions.com
hi-res-graphics.com
hickorypark-bbq.com
hometowntvappliance.com
jamesport-mo.com
kellogg-iowa.com
kwqc.net
lawtoniowa.com
leonardrealty.net
libertycommunications.com
llbk.com
lwvia.org
madridiowa.com
marneelkhorn.com
mathisoninc.com
mckennatrx.com
mewnlite.com
midwestbenefits.com
mindymyers.com
music-iowa.com
ncrlc.com
ndm-girls-softball.com
nebola.com
netins.net
netinsts.net
newleafmedia.net
newlifefamilyworship.com
northscottchamber.com
northscottsoccer.net
odebolt.net
ooo-er.net
polybytes.com
polyview.com
portals-past.com
prairielifestudio.com
prairieridge.net
prins-ins.com
proscription.net
qcqc.com
raytech-measuring.com
restorationproduct.com
rettey.com
riwma.net
rkshows.com
rock-n-row-adventures.com
rohlfsen.com
rosenboom.com
security-title.net
sellers-sellars-sollars-zellars.net
smyser-racing.com
somethingtoshare.net
southslope.com
spal-usa.com
spreadingelm.com
st-pauls-cathedral.com
statelinerally.net
stjosephjefferson.net
stratfordiowa.com
strawberrycomputing.net
suemears.com
swanengr.com
tastetogo.net
thoughtscreate.com
thundersnow.com
tigerbowl.com
timswebsite.net
tonyvaldez.com
tournamentheadquarters.net
vcbconsulting.com
vikingupdate.com
vossrealty.com
wdmpsych.com
webhosting.netins.net
whiteroofing.com
windturbinewarehouse.com
word-crafter.net
www.barnesfoodland.com
www.fachristian.com
www.libertycommunications.com
www.ndm-girls-softball.com
www.northscottchamber.com
www.prairielifestudio.com
www.restorationproduct.com
y2ks.com
IP Address: 207.58.144.202
4caliber.com
74thstreet.com
abilityunleashed.com
acellabove.com
aethertide.net
aids-india.org
aimfbs.com
al-hasan.net
aldiemansion.com
animalstalk.net
aqua-metrics.com
areyouadjusted.com
arianahall.com
artfigures.com
backdoorfence.com
bass-x.net
bawcom.net
baycitybombers.com
beangourmet.com
beepestservices.com
blbeach.com
blockstudio-online.com
bolander.net
boschphoto.com
bostonbeacon.net
californiareadinglist.com
cancerlifeline.org
capcurr.com
carbonnel.com
cavaniws.com
chelseachamberplayers.com
chubbypaw.com
cinemajidi.com
coffeefilter.com
cpslawfirm.com
ctomag.com
danceswithhooves.net
dansteinberg.com
davidpavelka.com
deloriahurst.com
desertprogramming.com
docstotalpackage.com
dorny.com
dreamstarkaraoke.net
driedplum.com
driedplum.net
driedplums.com
driedplums.net
eb2bconference.com
ekingdirect.com
elirecords.com
espringdesigns.com
figgle.com
fishonice.com
funniestfemale.com
funopolies.com
gosafenet.com
gruneisen.net
highvaluemarketing.com
hollowtrucking.com
hoylen.com
hyattfarms.net
illuminalovesyou.com
imageloftphoto.com
jakadas.com
jancis.net
johnkeiser.com
jonhowland.com
justavisual.net
k-mac-plastics.net
kathleencameron.com
kekadesign.com
killerkomedy.com
lafinlarry.net
laurakennels.com
liberalinstitute.com
linkyears.com
lionessconsulting.com
mahinder.com
mail.hollowtrucking.com
mdmmc.com
mecca2.myhostdns.com
midwestloads.net
miesen.com
mocktherock.com
moosetwit.com
naflute.com
ninesages.com
ns15.cphosting.com
ns16.cphosting.com
ns6.cphosting.com
obxco.com
parkviewkennels.com
pbforj.com
plastools.com
rbccucc.org
recurrencies.net
rhinehart.net
rubberdonut.com
secihk.com
seedtheworld.com
silvan.us
skikeka.com
slammin.com
sonomasport.com
spitflames.com
structureperfect.com
systematixinc.com
taxprofessionals4hire.com
the-roulette-lounge.com
thebeangourmet.com
thesupplytent.com
tomhilt.com
uscomputertech.net
valkyriesinc.com
vantagepointproductions.com
vitaliy.com
wedig.com
wheatonhockey.com
willowpages.com
writersatthepodium.com
IP Address: 69.73.145.159
*.lambregts.org
*.latinafuckers.com
*.mailforme.org
*.wankyourself.com
albasrahuniv.com
aledween.net
bedounwaseet.com
bnia.com.eg
egpen.com
lambregts.org
mail.bnia.com.eg
mail.concordservice.com
mail.lambregts.org
mail.mailforme.org
mail.necb-misr.com
mailforme.org
necb-misr.com
ns.albasrahuniv.com
ns.aledween.net
ns.concordservice.com
ns.egpen.com
ns.hostahm.com
ns.necb-misr.com
westinghouse-ueo.net
www.wankyourself.com
187.45.195.15
97fm.odo.br
aabbskcis.biz
abcp.org.br
advogando.net
agenciafides.com
alexandresan.com
alvoradahotel.net
amanhantes.biz
americanday.biz
amonoite.biz
andreiazemuner.com
anjoquerubin.biz
antoniojose132.com
antoniojosesenador.com
antoniojosesenador132.com
antoniojotta.com
ataidealexade.biz
atostec.com
atualizacaouol.com
axlengenharia.com
baillargen.net
belaoptica.com
benicecream.com
bernardofaria.com
beta-cto.com
bikeparadebrazil.com
brazilymen.biz
brinformatica.info
brozpeidona.com
caixafeder4l.net
caixafederal2.net
caraveladown.biz
chavesdeacesso.net
clairebijuterias.biz
clairejoiass.biz
clubedocaors.com
comercial360.com
complleto.com
contatocomunica.com
contatocomunica.net
crackeringhouse.com
dealbuquerque.biz
denisebrandao.biz
dermoclinica.med.br
downloadswebs.biz
dtonetti.com.br
dubynovak.com
ecobioambiental.com
eddyebruno.biz
elitesegurancaeletronica.com
emporiodoacucar.com
festgospel1000.com
festlabel2010.com
financasmagalaes.net
ftconstrutora.com
ggasxasx.com
gotti.com.br
grelhadytotu.biz
hhehehxas.com
hm3060.locaweb.com.br
hopesquisa.com
hopesquisademercado.com
imagemengenharia.com
importadoraamericas.com
inboxdenv.net
inicializacaojuridico.net
inicializacaopessoal.net
jeh182.com
juniorrosa.com
kaiomy.biz
kalaacaba.biz
kalbnhsk.biz
karolyngarcya.com
kitandaky.biz
klb.net
lababetterie.com
laxus.com.br
lionbrandao.biz
lkjjaose.biz
lkjjaosekl.biz
macerdan.biz
maissexo24hr.com
marradevas.biz
marvindey.biz
midiaclic.com
mixxtotal.com
morfiga.com
natucid.com.br
oliveira1254.net
optcon.net
padariamirasol.com
pedrocash.com
planetadosexo.net
portaldapropaganda.com.br
portaldoricardogama.com
proeaddireito.com
promocaomais.com
queroveloxemsantarem.net
ragreva.com
renanluna.com
rioparty.net
satolepweb.net
segredosemitos.com
segsecuritysystem.net
sgeduc.com
solariumviana.com
surpreendamaster.net
terraencantadafestas.com
teruelkerlly.net
teruelkerllys.biz
tesouratermica.com
thiagocesar.com
thjardins.com.br
titoryff.com
totalepis.com
twitvota.com
uashuashux1.com
vittorie.net
www.dermoclinica.med.br
www.pfgcaixa.com.br
www.portaldapropaganda.com.br
IP Address: 76.74.238.171
8rich888.biz
dreamlifeasia.com
kocalp.com
money4ever.biz
onlinehom.com
server1.rsyserv.com
swepan.com
wfhswe.com
Sunday, July 18, 2010
Microsoft Security Advisory (2286198)
Microsoft is investigating reports of limited, targeted attacks exploiting a vulnerability in Windows Shell, a component of Microsoft Windows. This advisory contains information about which versions of Windows are vulnerable as well as workarounds and mitigations for this issue.
The vulnerability exists because Windows incorrectly parses shortcuts in such a way that malicious code may be executed when the user clicks the displayed icon of a specially crafted shortcut. This vulnerability is most likely to be exploited through removable drives. For systems that have AutoPlay disabled, customers would need to manually browse to the root folder of the removable disk in order for the vulnerability to be exploited. For Windows 7 systems, AutoPlay functionality for removable disks is automatically disabled.
Reference: http://www.microsoft.com/technet/security/advisory/2286198.mspx
Lots of the article posted regarding W32/Stuxnet-B rootkit exploits a vulnerability in the way Windows handles .LNK shortcut files, that allows them to execute automatically if the USB stick is accessed by Windows Explorer. Even if Windows's Autorun and Autoplay disabled.
Reference: http://www.sophos.com/pressoffice/news/articles/2010/07/stuxnet.html
Details of video demonstration of Windows Vulnerability .LNK shortcut.
Saturday, July 17, 2010
N0ise Bot 1.7 WebPortal
IP Address: 216.108.239.71
*.changeip.com.htmlwww.millparkdirectory.host22.com
*.com.htmlwww.millparkdirectory.host22.com
*.ekfrysk.host22.com
*.form.host22.com
*.host22.com
*.htmlwww.millparkdirectory.host22.com
*.ip-adress.com.htmlwww.millparkdirectory.host22.com
*.millparkdirectory.host22.com
*.net.htmlwww.millparkdirectory.host22.com
*.oil-jobs-offshore.com.htmlwww.millparkdirectory.host22.com
*.org.htmlwww.millparkdirectory.host22.com
*.pegasiraynne.host22.com
*.phototemplatedemo1.host22.com
*.senatatmi.host22.com
204-16-171-158.changeip.com.htmlwww.millparkdirectory.host22.com
2cm.us
365lehaha.com
40yearrefinance.host22.com
45395.com
9521.info
ajaxcn.net
albomivida.host22.com
algkhadir.host22.com
anarhija.host22.com
as23703.htmlwww.millparkdirectory.host22.com
bemol.host22.com
bet333.info
bokes.net.ru
busana-hegis.host22.com
c2cun.com
changeip.com.htmlwww.millparkdirectory.host22.com
chrystalfisher.com
clubanimemas.host22.com
com.htmlwww.millparkdirectory.host22.com
commentback.org
cras-pe.host22.com
econoprint.host22.com
eigene-homepage.host22.com
ekfrysk.host22.com
enkryptedrealms.host22.com
fenger.org.ru
form.host22.com
generation-making.host22.com
glo-offshore-industry.com.htmlwww.millparkdirectory.host22.com
golden1234forums.host22.com
graphicspros.host22.com
halamanpertamagoogle-10besargoogle.host22.com
hardcor.host22.com
hawkrise.host22.com
hide-my-ip.com.htmlwww.millparkdirectory.host22.com
hidemyip.net.htmlwww.millparkdirectory.host22.com
htmlwww.millparkdirectory.host22.com
income.host22.com
informaticost.host22.com
intercaracas.host22.com
ip-adress.com.htmlwww.millparkdirectory.host22.com
jeffspace.cn
mail.ip-adress.com.htmlwww.millparkdirectory.host22.com
maman.host22.com
mikro.changeip.com.htmlwww.millparkdirectory.host22.com
millparkdirectory.host22.com
moneyideas.host22.com
mypersonalsite.host22.com
net.htmlwww.millparkdirectory.host22.com
njglassarts.com
offshore-engineering.net.htmlwww.millparkdirectory.host22.com
offshore-technology.com.htmlwww.millparkdirectory.host22.com
oil-jobs-offshore.com.htmlwww.millparkdirectory.host22.com
opel-club.host22.com
org.htmlwww.millparkdirectory.host22.com
pdesigners.host22.com
pegasiraynne.host22.com
penguinsource.host22.com
perang.host22.com
phototemplatedemo1.host22.com
plusforum.host22.com
profitmiracle.host22.com
romek.host22.com
senatatmi.host22.com
skyping.host22.com
spikes-rp.host22.com
sprite-den.host22.com
thankyouphilip.host22.com
thecompany.host22.com
treaty-tourneys.host22.com
tuspeliculas.host22.com
vanitysmtp.changeip.com.htmlwww.millparkdirectory.host22.com
wardgen.host22.com
what-is-my-ip-address.org.htmlwww.millparkdirectory.host22.com
willycs.host22.com
woaifa.com
www.ekfrysk.host22.com
www.form.host22.com
www.gurman.mk
www.jeffspace.cn
www.oil-jobs-offshore.com.htmlwww.millparkdirectory.host22.com
www.pegasiraynne.host22.com
www.phototemplatedemo1.host22.com
www.senatatmi.host22.com
x-forum.host22.com
xinxian.info
xn--vcs95hn31ait5a.net
yiwanghaiyang.com
Friday, July 16, 2010
N0ise Bot 1.7 - Directory tree
Directory:
N0ise Server
Webpanel
./N0ise Server:
Base
bin
Flood
mail.ico
N0ise.csproj
obj
Server.sln
Server.suo
Spread
System
./N0ise Server/Base:
AssemblyInfo.cs
cConfig.cs
cFunctions.cs
cMain.cs
./N0ise Server/bin:
Debug
Release
./N0ise Server/bin/Debug:
N0ise.exe VT (17/41)
N0ise.pdb
N0ise.vshost.exe
N0ise.vshost.exe.manifest
./N0ise Server/bin/Release:
N0ise.exe VT (9/42)
N0ise.vshost.exe
N0ise.vshost.exe.manifest
./N0ise Server/Flood:
nHTTPFlood.cs
nICMPFlood.cs
nSYNFlood.cs
nUDPFlood.cs
./N0ise Server/obj:
Debug
Release
./N0ise Server/obj/Debug:
DesignTimeResolveAssemblyReferencesInput.cache
N0ise.csproj.FileListAbsolute.txt
N0ise.exe VT (17/41)
N0ise.pdb
TempPE
./N0ise Server/obj/Debug/TempPE:
./N0ise Server/obj/Release:
DesignTimeResolveAssemblyReferencesInput.cache
N0ise.csproj.FileListAbsolute.txt
N0ise.exe VT (9/42)
TempPE
./N0ise Server/obj/Release/TempPE:
./N0ise Server/Spread:
cRARSpread.cs
./N0ise Server/System:
cAntis.cs
cControl.cs
cSystem.cs
cSystemInfo.cs
./Webpanel:
_bot
gate.php
images
index.php
noise.sql
style.css
system
./Webpanel/_bot:
design.tpl
func
inc
run.php
./Webpanel/_bot/func:
list.php
login.php
logout.php
statisics.php
tasks.php
./Webpanel/_bot/inc:
config.inc.php
content.funcs.php
n0ise.class.php
./Webpanel/images:
bg.gif
flags
./Webpanel/images/flags:
00.gif
a1.gif
a2.gif
ad.gif
ae.gif
af.gif
ag.gif
ai.gif
al.gif
am.gif
an.gif
ao.gif
ap.gif
aq.gif
ar.gif
as.gif
at.gif
au.gif
aw.gif
ax.gif
az.gif
ba.gif
bb.gif
bd.gif
be.gif
bf.gif
bg.gif
bh.gif
bi.gif
bj.gif
bm.gif
bn.gif
bo.gif
br.gif
bs.gif
bt.gif
bv.gif
bw.gif
by.gif
bz.gif
ca.gif
catalonia.gif
cc.gif
cd.gif
cf.gif
cg.gif
ch.gif
ci.gif
ck.gif
cl.gif
cm.gif
cn.gif
co.gif
cr.gif
cs.gif
cu.gif
cv.gif
cx.gif
cy.gif
cz.gif
de.gif
dj.gif
dk.gif
dm.gif
do.gif
dz.gif
ec.gif
ee.gif
eg.gif
eh.gif
en.gif
er.gif
es.gif
et.gif
eu.gif
fi.gif
fj.gif
fk.gif
fm.gif
fo.gif
fr.gif
fx.gif
ga.gif
gb.gif
gd.gif
ge.gif
gf.gif
gh.gif
gi.gif
gl.gif
gm.gif
gn.gif
gp.gif
gq.gif
gr.gif
gs.gif
gt.gif
gu.gif
gw.gif
gy.gif
hk.gif
hm.gif
hn.gif
hr.gif
ht.gif
hu.gif
id.gif
ie.gif
il.gif
in.gif
io.gif
iq.gif
ir.gif
is.gif
it.gif
jm.gif
jo.gif
jp.gif
ke.gif
kg.gif
kh.gif
ki.gif
km.gif
kn.gif
kp.gif
kr.gif
kw.gif
ky.gif
kz.gif
la.gif
lb.gif
lc.gif
li.gif
lk.gif
lr.gif
ls.gif
lt.gif
lu.gif
lv.gif
ly.gif
ma.gif
mc.gif
md.gif
me.gif
mg.gif
mh.gif
mk.gif
ml.gif
mm.gif
mn.gif
mo.gif
mp.gif
mq.gif
mr.gif
ms.gif
mt.gif
mu.gif
mv.gif
mw.gif
mx.gif
my.gif
mz.gif
na.gif
nc.gif
ne.gif
nf.gif
ng.gif
ni.gif
nl.gif
no.gif
np.gif
nr.gif
nu.gif
nz.gif
o1.gif
om.gif
pa.gif
pe.gif
pf.gif
pg.gif
ph.gif
pk.gif
pl.gif
pm.gif
pn.gif
pr.gif
ps.gif
pt.gif
pw.gif
py.gif
qa.gif
re.gif
ro.gif
rs.gif
ru.gif
rw.gif
sa.gif
sb.gif
sc.gif
sd.gif
se.gif
sg.gif
sh.gif
si.gif
sj.gif
sk.gif
sl.gif
sm.gif
sn.gif
so.gif
sr.gif
st.gif
sv.gif
sy.gif
sz.gif
tc.gif
td.gif
tf.gif
tg.gif
th.gif
Thumbs.db
tj.gif
tk.gif
tl.gif
tm.gif
tn.gif
to.gif
tr.gif
tt.gif
tv.gif
tw.gif
tz.gif
ua.gif
ug.gif
uk.gif
um.gif
us.gif
uy.gif
uz.gif
va.gif
vc.gif
ve.gif
vg.gif
vi.gif
vn.gif
vu.gif
wales.gif
wf.gif
ws.gif
ye.gif
yt.gif
yu.gif
za.gif
zm.gif
zr.gif
zw.gif
./Webpanel/system:
geoip
./Webpanel/system/geoip:
geoip.dat
geoip.inc
OneNote Inhaltsverzeichnis.onetoc2
N0ise Server
Webpanel
./N0ise Server:
Base
bin
Flood
mail.ico
N0ise.csproj
obj
Server.sln
Server.suo
Spread
System
./N0ise Server/Base:
AssemblyInfo.cs
cConfig.cs
cFunctions.cs
cMain.cs
./N0ise Server/bin:
Debug
Release
./N0ise Server/bin/Debug:
N0ise.exe VT (17/41)
N0ise.pdb
N0ise.vshost.exe
N0ise.vshost.exe.manifest
./N0ise Server/bin/Release:
N0ise.exe VT (9/42)
N0ise.vshost.exe
N0ise.vshost.exe.manifest
./N0ise Server/Flood:
nHTTPFlood.cs
nICMPFlood.cs
nSYNFlood.cs
nUDPFlood.cs
./N0ise Server/obj:
Debug
Release
./N0ise Server/obj/Debug:
DesignTimeResolveAssemblyReferencesInput.cache
N0ise.csproj.FileListAbsolute.txt
N0ise.exe VT (17/41)
N0ise.pdb
TempPE
./N0ise Server/obj/Debug/TempPE:
./N0ise Server/obj/Release:
DesignTimeResolveAssemblyReferencesInput.cache
N0ise.csproj.FileListAbsolute.txt
N0ise.exe VT (9/42)
TempPE
./N0ise Server/obj/Release/TempPE:
./N0ise Server/Spread:
cRARSpread.cs
./N0ise Server/System:
cAntis.cs
cControl.cs
cSystem.cs
cSystemInfo.cs
./Webpanel:
_bot
gate.php
images
index.php
noise.sql
style.css
system
./Webpanel/_bot:
design.tpl
func
inc
run.php
./Webpanel/_bot/func:
list.php
login.php
logout.php
statisics.php
tasks.php
./Webpanel/_bot/inc:
config.inc.php
content.funcs.php
n0ise.class.php
./Webpanel/images:
bg.gif
flags
./Webpanel/images/flags:
00.gif
a1.gif
a2.gif
ad.gif
ae.gif
af.gif
ag.gif
ai.gif
al.gif
am.gif
an.gif
ao.gif
ap.gif
aq.gif
ar.gif
as.gif
at.gif
au.gif
aw.gif
ax.gif
az.gif
ba.gif
bb.gif
bd.gif
be.gif
bf.gif
bg.gif
bh.gif
bi.gif
bj.gif
bm.gif
bn.gif
bo.gif
br.gif
bs.gif
bt.gif
bv.gif
bw.gif
by.gif
bz.gif
ca.gif
catalonia.gif
cc.gif
cd.gif
cf.gif
cg.gif
ch.gif
ci.gif
ck.gif
cl.gif
cm.gif
cn.gif
co.gif
cr.gif
cs.gif
cu.gif
cv.gif
cx.gif
cy.gif
cz.gif
de.gif
dj.gif
dk.gif
dm.gif
do.gif
dz.gif
ec.gif
ee.gif
eg.gif
eh.gif
en.gif
er.gif
es.gif
et.gif
eu.gif
fi.gif
fj.gif
fk.gif
fm.gif
fo.gif
fr.gif
fx.gif
ga.gif
gb.gif
gd.gif
ge.gif
gf.gif
gh.gif
gi.gif
gl.gif
gm.gif
gn.gif
gp.gif
gq.gif
gr.gif
gs.gif
gt.gif
gu.gif
gw.gif
gy.gif
hk.gif
hm.gif
hn.gif
hr.gif
ht.gif
hu.gif
id.gif
ie.gif
il.gif
in.gif
io.gif
iq.gif
ir.gif
is.gif
it.gif
jm.gif
jo.gif
jp.gif
ke.gif
kg.gif
kh.gif
ki.gif
km.gif
kn.gif
kp.gif
kr.gif
kw.gif
ky.gif
kz.gif
la.gif
lb.gif
lc.gif
li.gif
lk.gif
lr.gif
ls.gif
lt.gif
lu.gif
lv.gif
ly.gif
ma.gif
mc.gif
md.gif
me.gif
mg.gif
mh.gif
mk.gif
ml.gif
mm.gif
mn.gif
mo.gif
mp.gif
mq.gif
mr.gif
ms.gif
mt.gif
mu.gif
mv.gif
mw.gif
mx.gif
my.gif
mz.gif
na.gif
nc.gif
ne.gif
nf.gif
ng.gif
ni.gif
nl.gif
no.gif
np.gif
nr.gif
nu.gif
nz.gif
o1.gif
om.gif
pa.gif
pe.gif
pf.gif
pg.gif
ph.gif
pk.gif
pl.gif
pm.gif
pn.gif
pr.gif
ps.gif
pt.gif
pw.gif
py.gif
qa.gif
re.gif
ro.gif
rs.gif
ru.gif
rw.gif
sa.gif
sb.gif
sc.gif
sd.gif
se.gif
sg.gif
sh.gif
si.gif
sj.gif
sk.gif
sl.gif
sm.gif
sn.gif
so.gif
sr.gif
st.gif
sv.gif
sy.gif
sz.gif
tc.gif
td.gif
tf.gif
tg.gif
th.gif
Thumbs.db
tj.gif
tk.gif
tl.gif
tm.gif
tn.gif
to.gif
tr.gif
tt.gif
tv.gif
tw.gif
tz.gif
ua.gif
ug.gif
uk.gif
um.gif
us.gif
uy.gif
uz.gif
va.gif
vc.gif
ve.gif
vg.gif
vi.gif
vn.gif
vu.gif
wales.gif
wf.gif
ws.gif
ye.gif
yt.gif
yu.gif
za.gif
zm.gif
zr.gif
zw.gif
./Webpanel/system:
geoip
./Webpanel/system/geoip:
geoip.dat
geoip.inc
OneNote Inhaltsverzeichnis.onetoc2
PayPal Phishing and suspicious links 16-07-10
hxxxp://upload-mp3.hi2.ro/asisx/paypal_fr_cbing_activation.php.sisx
other suspicious phishing link:
hxxxp://paypai-com-fr-cgi-bin-web.0k.fr
hxxxp://www.paypal-online.societe.st/
hxxxp://www.azzohoor.com/userimages/Image/paypal/fr/plfs8fs8d67vnfhfghcisada9asd0g9g7d89f7h98fh697687686d5gdf6gc6g5c6747f4g/login.htm
hxxxp://sazire.cc/www.paypal.fr/onlineonline-securisese/fr/websecurecmd=_lOgin-run/webscr.php?cmd=_login-run&dispatch=5885d80a13c0db1f1ff80d546411d7f84f1036d8f209d3d19ebb6f4eeec8bd0eb011ecc1be415260b8049ece0a7d413ab011ecc1be415260b8049ece0a7d413a
hxxxp://diuytgd11.ns10-wistee.fr/www%255B1%255D%255B1%255D.paypal.fr/www.paypal.fr/webscrcmde%3D_logine-done%26login_access%3D1190737782.htm
hxxxp://www.sirjangostar.ir/images/paypal.fr/cgi-bin/webscrcmd=_login-run/
hxxxp://www.punjlloyd.com/admin/spaw2/uploads/files/feature%20articles/verify/verify/webscr.html
hxxxp://www.kids-store-company.com/images/www.paypal.com.au/www.paypal.com.au/webscr/cmd=_login-run/confirm/webscr.php?cmd=_login-run&dispatch=5885d80a13c0db1f1ff80d546411d7f84f1036d8f209d3d19ebb6f4eeec8bd0edcad26d76bd309778e865e01b60f5679dcad26d76bd309778e865e01
hxxxp://d2u2.xoogs.com/img/www.paypal.com/fr/webscr.php
hxxxp://viros-new.0k.fr/
88.191.93.163
*.1x.fr
*.3x.fr
*.a.nf
*.acid-root.new.fr
*.adjprod.new.fr
*.alsace-para.new.fr
*.be.cx
*.bio.li
*.ca.cx
*.chat-blousesblanches.new.fr
*.com.new.fr
*.dedibox.com.new.fr
*.dinotseetah-charme.new.fr
*.everestpoker.new.fr
*.eznatural.new.fr
*.h3l4t.3x.fr
*.livetv.new.fr
*.mannequin.new.fr
*.neo.li
*.new.fr
*.new.li
*.nul.lu
*.p1.fr
*.pro.lu
*.pro.tm
*.proamtennis.new.fr
*.st.tc
*.tck.sk
*.teenfuns-fr.new.fr
*.tn.vc
*.urss.tv
*.videos-pornos.new.fr
0k.fr
1x.fr
2roues69.new.fr
3x.fr
a.nf
acid-root.new.fr
adjprod.new.fr
allarchi.be.cx
alsace-para.new.fr
appel-anonyme.0k.fr
bdv.ca.cx
be.cx
biblereading.new.fr
cax.ca.cx
chat-blousesblanches.new.fr
cinema-gratuit.pro.lu
com.new.fr
crespiniere.new.fr
dedibox.com.new.fr
dinotseetah-charme.new.fr
ed2k-series.new.fr
everestpoker.new.fr
eznatural.new.fr
googtv.new.fr
gup.new.fr
h3l4t.3x.fr
internet-orange.p1.fr
livetv.new.fr
mail.0k.fr
mail.1x.fr
mail.a.nf
mail.be.cx
mail.ca.cx
mail.neo.li
mail.new.fr
mail.new.li
mail.p1.fr
mail.pro.tm
mail.st.tc
mail.tck.sk
mail.tn.vc
mail.urss.tv
mannequin.new.fr
mrq.ca.cx
mxsec1.dedibox.com.new.fr
mxsec2.dedibox.com.new.fr
new.fr
new.li
nordin-henry.urss.tv
nounou.ca.cx
nul.lu
orange-contact.new.fr
p1.fr
proamtennis.new.fr
richard-avenu.new.fr
sd-15876.dedibox.fr
seriesforyou.new.fr
service-wanadoo.a.nf
support-asstitance.new.fr
teenfuns-fr.new.fr
urss.tv
veirificationsoranges.new.fr
videos-pornos.new.fr
viros-new.0k.fr
www.0k.fr
www.1x.fr
www.a.nf
www.acid-root.new.fr
www.adjprod.new.fr
www.allarchi.be.cx
www.alsace-para.new.fr
www.be.cx
www.bio.li
www.ca.cx
www.dinotseetah-charme.new.fr
www.everestpoker.new.fr
www.eznatural.new.fr
www.h3l4t.3x.fr
www.livetv.new.fr
www.mannequin.new.fr
www.new.fr
www.new.li
www.nul.lu
www.p1.fr
www.pro.lu
www.proamtennis.new.fr
www.teenfuns-fr.new.fr
www.videos-pornos.new.fr
xpastuces.new.fr
193.218.105.98
*.banat.fr.af
*.dialocam.euro.tm
*.emilie.url.st
*.etmerde.euro.tm
*.euro.tm
*.fr.af
*.paypal-online.societe.st
*.sextv.euro.tm
*.societe.st
*.tswtv.euro.tm
*.url.st
acrl.euro.tm
banat.fr.af
dialocam.euro.tm
emilie.url.st
etmerde.euro.tm
freetv.euro.tm
hmse.euro.tm
mytube.euro.tm
paypal-online.societe.st
sextv.euro.tm
tswtv.euro.tm
www.banat.fr.af
www.dialocam.euro.tm
www.emilie.url.st
www.etmerde.euro.tm
www.euro.tm
www.paypal-online.societe.st
www.sextv.euro.tm
www.tswtv.euro.tm
wwwemilie.url.st
89.42.38.160
alexandrugeorgescu.ro
best-wap.hi2.ro
blogdan.info
castiga-premii.tk
cauta-site.hi2.ro
cc-zone.ro
contact.hi2.ro
corozanucatalin.com
crazyshits.info
deephub.ro
dimitriepirghie.hi2.ro
dldshare.info
dolce.hi2.ro
download512.net
dusterforum.com
e-top.tk
efisiere.com
elforum.hi2.ro
elites.ro
energyl2.co.cc
enjoymp3.info
extrem-zone.info
extremeportal.hi2.ro
fastwork.ro
fcbarcelona.hi2.ro
fiestaklub.com
filelist-vip.tk
filmecool.info
fliwap.hi2.ro
flyup.hi2.ro
forum.fastwork.ro
freestyle.hi2.ro
fundsbux.com
funny24.info
game-playerz.info
gamesbest.hi2.ro
gollazzotube.com
greiaraduluizone.com
hi2.ro
ht-clan.info
hyperwap.net
ionut-wap.hi2.ro
jocurifilme2.hi2.ro
kingspice.net
l2-svg.com
lepakwap.hi2.ro
luigykent.us
matrixl.ro
miczone.com
mobilalacomanda.net
modoran.co.cc
monst3rs.info
muresforum.ro
musicvibe.us
muzic-hell.info
muzica-cool.net
mx.hi2.ro
naikdaun.cz.cc
ns1.hi2.ro
ns3.hi2.ro
ns4.hi2.ro
octavianv.info
orange1.hi2.ro
parfumurioriginale.hi2.ro
piratump3.net
poze-imagini.net
praflegal.info
qclan.ro
radio-xplode.info
radiocartojani.net
radioeternity.com
radiofanpartyfm.com
radiofeel.net
recuperare-date.net
redzking.net
retetecuspecific.hi2.ro
romaniansoft.info
rozavlea.info
sand3rz.hi2.ro
scene-torrent.hi2.ro
scenetv.info
servere.hi2.ro
sev7en.us
shocksoft.hi2.ro
sicula.hi2.ro
smardoi.info
smg-zone.hi2.ro
smg-zone.info
syncmania.com
top21filme.hi2.ro
top30.biz
trustcs.hi2.ro
tutorials-zone.net
unlimitedmp3.org
uphost.tk
uplay.ro
upload-mp3.hi2.ro
vbulletin.hi2.ro
vreausamadespart.ro
wankthe.net
wap-chat.net
wapftp.hi2.ro
wapunderground.net
www.cauta-site.hi2.ro
www.energyl2.co.cc
www.hi2.ro
www.kingspice.net
www.parfumurioriginale.hi2.ro
www.praflegal.info
www.retetecuspecific.hi2.ro
www.scenetv.info
www.top21filme.hi2.ro
www.xfilezone.hi2.ro
xfilezone.hi2.ro
xtreme-games.ro
xzibitx.com
Thursday, July 15, 2010
Email's Spam 15-July-10
hxxxp://drugstremayne16n.ru
hxxxp://spacehand.ru/
hxxxp://hityet.ru/
hxxxp://pagecircle.ru
hxxxp://www.hockeyfanmart.com
hxxxp://cowsilver.ru/
hxxxp://www.banco.wipe.com.br/
hxxxp://recordheld.ru/
hxxxp://lud.inchobject.ru/
hxxxp://yce.inchobject.ru/
hxxxp://sisterworthy.ru/
hxxxp://weekidea.ru/
hxxxp://meetgold.ru/
hxxxp://d797.timesea.ru/
hxxxp://karryq75p.pochta.ru/
hxxxp://www.reneesden.com/
hxxxp://thingyour.ru/
hxxxp://2035.looktry.ru/
hxxxp://sincevanish.ru/
hxxxp://spacehand.ru/
hxxxp://hityet.ru/
hxxxp://pagecircle.ru
hxxxp://www.hockeyfanmart.com
hxxxp://cowsilver.ru/
hxxxp://www.banco.wipe.com.br/
hxxxp://recordheld.ru/
hxxxp://lud.inchobject.ru/
hxxxp://yce.inchobject.ru/
hxxxp://sisterworthy.ru/
hxxxp://weekidea.ru/
hxxxp://meetgold.ru/
hxxxp://d797.timesea.ru/
hxxxp://karryq75p.pochta.ru/
hxxxp://www.reneesden.com/
hxxxp://thingyour.ru/
hxxxp://2035.looktry.ru/
hxxxp://sincevanish.ru/
PornTube 2.0 leads Trojan traps
Beware of the fake porn tube that lead malware, don't ever try to install any patch from unidentified source. Below is one of the example that able to catch.
IP Address: 88.80.4.19
buy-is2010.com
for-sunny-se.com
for-sunny-smile.com
host-88-80-4-19.cust.prq.se
mail.buy-is2010.com
mail.buy-security-essentials.com
mail.for-sunny-se.com
mail.mamapapalol.com
mail.mega-scan-pc-new14.com
mail.mega-scan-pc-new14.net
mail.megahosting10.com
mail.red-xxx-tube.net
mail.sunny-money1.com
mail.vivainstalls.net
mamapapalol.com
mega-scan-pc-new14.net
megahosting10.com
red-xxx-tube.net
vivainstalls.net
winter-smile.com
Other inactive malware links:
hard-xxx-tube.com
xxx-white-tube.org
Malware named "SetupFlashPlayerPatch.exe" already detected by major AV according to VT (40/42).
IP Address: 88.80.4.19
buy-is2010.com
for-sunny-se.com
for-sunny-smile.com
host-88-80-4-19.cust.prq.se
mail.buy-is2010.com
mail.buy-security-essentials.com
mail.for-sunny-se.com
mail.mamapapalol.com
mail.mega-scan-pc-new14.com
mail.mega-scan-pc-new14.net
mail.megahosting10.com
mail.red-xxx-tube.net
mail.sunny-money1.com
mail.vivainstalls.net
mamapapalol.com
mega-scan-pc-new14.net
megahosting10.com
red-xxx-tube.net
vivainstalls.net
winter-smile.com
Other inactive malware links:
hard-xxx-tube.com
xxx-white-tube.org
Malware named "SetupFlashPlayerPatch.exe" already detected by major AV according to VT (40/42).
Wednesday, July 14, 2010
trafic-source.org malwares
IP Address: 91.188.59.62
mail.trafic-source.org
mail.traficserver.org
ns1.trafic-source.org
safespace58.org
traffic-source.org
trafic-source.org
traficserver.org
hxxxp://safespace58.org/voli9x1.php
hxxxp://safespace58.org/load0x.php?spl=mdac&fh=
hxxxp://safespace58.org/pdf0x.php?fh=
hxxxp://safespace58.org/j0x.jar
hxxxp://traffic-source.org/
hxxxp://traffic-source.org/voli9x1.php
hxxxp://traffic-source.org/load0x.php?spl=mdac&fh=
hxxxp://traffic-source.org/j0x.jar
hxxxp://traffic-source.org/pdf0x.php?fh=
hxxxp://traficsource.org/voli9x1.php
hxxxp://traficsource.org/load0x.php?spl=mdac&fh=
hxxxp://traficsource.org/j0x.jar
hxxxp://traficsource.org/pdf0x.php?fh=
hxxxp://traficserver.org/voli9x1.php
hxxxp://traficserver.org/load0x.php?spl=mdac&fh=
hxxxp://traficserver.org/pdf0x.php?fh=
Sample 1 VT (8/41)
Sample 2 VT (5/42)
Sample 3 VT (8/41)
Sample 4 VT (6/42)
mail.trafic-source.org
mail.traficserver.org
ns1.trafic-source.org
safespace58.org
traffic-source.org
trafic-source.org
traficserver.org
hxxxp://safespace58.org/voli9x1.php
hxxxp://safespace58.org/load0x.php?spl=mdac&fh=
hxxxp://safespace58.org/pdf0x.php?fh=
hxxxp://safespace58.org/j0x.jar
hxxxp://traffic-source.org/
hxxxp://traffic-source.org/voli9x1.php
hxxxp://traffic-source.org/load0x.php?spl=mdac&fh=
hxxxp://traffic-source.org/j0x.jar
hxxxp://traffic-source.org/pdf0x.php?fh=
hxxxp://traficsource.org/voli9x1.php
hxxxp://traficsource.org/load0x.php?spl=mdac&fh=
hxxxp://traficsource.org/j0x.jar
hxxxp://traficsource.org/pdf0x.php?fh=
hxxxp://traficserver.org/voli9x1.php
hxxxp://traficserver.org/load0x.php?spl=mdac&fh=
hxxxp://traficserver.org/pdf0x.php?fh=
Sample 1 VT (8/41)
Sample 2 VT (5/42)
Sample 3 VT (8/41)
Sample 4 VT (6/42)
Pharmaceutic, and Quality Softwares -14-July-10
IP Address: 123.30.181.15
*.arealamp.ru
*.beachhill.ru
*.betacourt.ru
*.betaflash.ru
*.boxlane.ru
*.chairboy.ru
*.chairpage.ru
*.diskbabe.ru
*.diskfashion.com
*.diskhot.com
*.diskopen.com
*.downbottle.com
*.fastsizeonline.ru
*.finksnot.ru
*.greedpants.ru
*.hitpal.ru
*.jarpeer.ru
*.listlong.cn
*.opengras.com
*.raindrow.com
*.raintowel.com
*.raintruck.com
*.rareyou.ru
*.shelfjack.ru
*.silverdarks.com
*.stinkypony.ru
*.tablecut.com
*.tablefasts.com
*.tablegras.com
*.tableoceans.com
*.tablesack.com
*.thunderdark.com
*.thunderhigh.com
*.zipclub.ru
0vo.listlong.cn
admin.arealamp.ru
admin.babysteel.ru
admin.bagkeys.ru
admin.beachhill.ru
admin.beachske.com
admin.betacourt.ru
admin.betaflash.ru
admin.boxlane.ru
admin.chairboy.ru
admin.chairpage.ru
admin.diskbabe.ru
admin.diskfashion.com
admin.diskhot.com
admin.diskopen.com
admin.downbottle.com
admin.fileblogger.ru
admin.finksnot.ru
admin.greedpants.ru
admin.hitpal.ru
admin.horsebed.ru
admin.jackhorse.ru
admin.jarpeer.ru
admin.jokerfilm.ru
admin.opengras.com
admin.raindrow.com
admin.raintowel.com
admin.raintruck.com
admin.rareyou.ru
admin.rocktower.ru
admin.shelfjack.ru
admin.silverdarks.com
admin.stinkypony.ru
admin.tablecut.com
admin.tablefasts.com
admin.tablegras.com
admin.tableoceans.com
admin.tablesack.com
admin.thunderdark.com
admin.thunderhigh.com
admin.trackweed.ru
admin.zipclub.ru
arealamp.ru
babysteel.ru
bagkeys.ru
beachhill.ru
betacourt.ru
betaflash.ru
boxlane.ru
chairboy.ru
chairpage.ru
diskbabe.ru
diskfashion.com
diskhot.com
diskopen.com
downbottle.com
dropsblow.com
fastsizeonline.ru
fileblogger.ru
finksnot.ru
giftwhite.com
greedpants.ru
greenultras.com
hitpal.ru
horsebed.ru
jackhorse.ru
jarpeer.ru
jokerfilm.ru
lightgrape.ru
listlong.cn
opengras.com
oceanplane.com
oceanwarms.com
raindrow.com
raintruck.com
rareyou.ru
rocktower.ru
qwofzabar.com
shelfjack.ru
sonrainbow.ru
stinkypony.ru
summerpapers.com
superbuildersite.ru
tablecut.com
tablefasts.com
tablegras.com
tableoceans.com
tablesack.com
thunderdark.com
thunderhigh.com
trackweed.ru
www.whitemonths.com
waterdarks.com
zipclub.ru
Want to get laid?
IP Address: 62.248.107.53
*.adultplayground21.com
*.amazingsexsearch.com
*.dontellonme.com
*.shannonsfacebookpage.com
*.singlesnet-28.com
*.singlesnet-29.com
*.weekendsextoy.com
adultpicposter.com
adultplayground21.com
amazingsexsearch.com
betterthenfacebook.net
candysfacebookpage.com
cuddlenfuck.com
cuddlestonight.com
datingonfacebook.net
dontellonme.com
excitinghookup.com
facebookoffun.net
facebooktwist.net
findingahotdate.com
findlocal-hookups.com
findnewfriendsonline.com
freeadultmovieticket.com
freeadulttrialpass.com
freemail4me.net
fuckbook-direct.net
funtimedate.net
funwithsingles.net
goodpricestore.net
hookup4sexnow.com
hookupadults.com
hostmaster.singlesnet-28.com
hotfacebookfun.net
jennifersfacebookpage.com
jennysfacebookpage.com
joinfreedating.com
juliesfacebookpage.com
kellysfacebookpage.com
local-singlesearch.com
ttn90807.local-singlesearch.com
localdatingaction.net
longweekendhookup.com
manal101.adultplayground21.com
meetlocalsfast.com
mybestdatingsite.net
mynaughtydateingsite.net
mysexyfacebookfun.com
mysexypicsonline.com
mysexypicsonline.net
mysexywebpics.com
nailhotgirls.com
naughtydateingsite.net
naughtyfacebook.net
naughtyfacebookfun.net
nighttimefun.net
ns1.singlesnet-29.com
pilllz4less.com
pilllz4less.net
pricesharp.net
privatefriendfinder.net
sallysfacebookpage.com
sarahsfacebookpage.com
sexyfacebookfun.com
shannonsfacebookpage.com
singlesnet-23.com
singlesnet-28.com
singlesnet-29.com
singlesnet21.com
singlesnet22.com
singlesnet23.com
spicydateingsite.net
ucanfindher.net
vodtrialpass.com
weekendsextoy.com
www.amazingsexsearch.com
www.shannonsfacebookpage.com
www.weekendsextoy.com
yahoohookups.com
IP Address: 201.7.103.58
*.ahpezkut.com
*.atquackephix.com
*.beststoremedswellbeing.com
*.bihdeawy.com
*.foxwyqwac.com
*.fyenpimbec.net
*.glagsyclax.com
*.healthenlargementpill.com
*.hlaedoahma.com
*.hlevombyx.com
*.hovhanjal.com
*.pharmacystonetablets.com
*.qubcicvowy.net
*.qukmifnuo.com
*.qwyzkiegwy.com
*.sohfevevyl.com
*.yupdytytix.com
alhilfaika.com
behmaibkan.com
bestdrugtorepills.com
beststoremedswellbeing.com
bestviagrarx.com
bihdeawy.com
cviadoaz.com
djiatisfu.com
dwocefhial.com
ebsajgij.com
ezloxjib.com
fisysdubb.com
fufyhzeyjhi.com
fyenpimbec.com
fyenpimbec.net
fyxaohziju.com
glagsyclax.com
goxtixunas.net
gyghoisre.com
healthenlargementpill.com
healthfoodmedsguide.com
hlevombyx.com
hovhanjal.com
kidqurax.com
lsnlue.redsouk.com
lusfidbeu.com
lyplumudwub.com
mail.aexhagijho.com
mail.ahpezkut.com
mail.bestdrugtorepills.com
mail.beststoremedswellbeing.com
mail.bihdeawy.com
mail.djiatisfu.com
mail.ezloxjib.com
mail.foxwyqwac.com
mail.foxwyqwac.net
mail.fyenpimbec.com
mail.fyenpimbec.net
mail.glagsyclax.com
mail.greatpillreview.com
mail.healthenlargementpill.com
mail.hlevombyx.com
mail.hovhanjal.com
mail.pharmacystonetablets.com
mail.qubcicvowy.net
mail.qwyzkiegwy.com
mail.sohfevevyl.com
merfeget.com
ns1.aexhagijho.com
ns1.atquackephix.com
ns1.beststoremedswellbeing.com
ns1.bihdeawy.com
ns1.ekhahpaxen.net
ns1.ezloxjib.com
ns1.fisysdubb.com
ns1.foxwyqwac.net
ns1.fufyhzeyjhi.com
ns1.fyenpimbec.com
ns1.glagsyclax.com
ns1.goxtixunas.net
ns1.healthfoodmedsguide.com
ns1.hlevombyx.com
ns1.pharmacystonetablets.com
ns1.qubcicvowy.net
ns1.qwyzkiegwy.com
ns1.zmigtyby.com
ns2.aexhagijho.com
ns2.ahpezkut.com
ns2.atquackephix.com
ns2.behmaibkan.com
ns2.bestdrugtorepills.com
ns2.beststoremedswellbeing.com
ns2.bihdeawy.com
ns2.ekhahpaxen.net
ns2.ezloxjib.com
ns2.foxwyqwac.com
ns2.fyenpimbec.com
ns2.fyenpimbec.net
ns2.glagsyclax.com
ns2.goxtixunas.net
ns2.greatpillreview.com
ns2.healthenlargementpill.com
ns2.healthfoodmedsguide.com
ns2.hlaedoahma.com
ns2.hlevombyx.com
ns2.pharmacystonetablets.com
ns2.qubcicvowy.net
ns2.qwyzkiegwy.com
ns2.yupdytytix.com
ns2.zmigtyby.com
pharmacystonetablets.com
qubcicvowy.net
qwiquhvyrumy.com
qwofyuhl.net
qwyzkiegwy.com
redsouk.com
skajhewsypy.com
tioxquwquze.com
tuamecwojl.com
tuftiqwime.com
uccyzanno.com
viahwanmu.com
vnoedcyl.net
www.xuhnaefhag.com
xyhjapquf.net
yezuynbez.com
zvymmogwu.net
IP Address: 200.115.112.206
termlifequoter.info
rxfromhome.net
generic-rx-now.com
IP Address: 218.201.145.75
ivoqwikrun.com
medspharmacyhealthdirect.net
pharmacyprescriptiontablets.com
IP Address: 208.113.234.203
aftermarketwire.com
ameliorersonfrancais.com
anshul.info
apache2-emu.orbital.dreamhost.com
asian-cookware.com
astheclockstrikestwelve.com
bleuetrouge.org
botbuyer.com
botforsale.com
cardinalgroupnyc.com
chainedhearts.com
dacrew-au.com
etiviti.net
futurefashiontech.com
getcuriosities.com
gtsr.net
k5series.com
kijafasrunway.com
kinsonproducts.com.au
lydiaw.net
nolalearning.com
r2witco.net
realcargonets.com
redspinal.com.au
reecefamily.net
runjumpfly.net
rxfromhome.com
sodamousse.net
waabalone.com.au
www.ameliorersonfrancais.com
IP Address:220.132.245.191
*.besteuromusic.com
*.paimarkou.com
*.skycutterair.com
220-132-245-191.hinet-ip.hinet.net
admin.besteuromusic.com
admin.skycutterair.com
besteuromusic.com
ns1.besteuromusic.com
ns2.besteuromusic.com
paimarkou.com
www.paimarkou.com
IP Address: 80.191.84.220
*.bevyquvjupo.com
*.crotrecpe.com
*.healthwellnessmagazine.com
*.hupfawqupke.com
*.lojoasurzo.com
*.mitmyjqum.com
*.mitmyjqum.net
*.myeplebsi.com
*.myjsyegsan.com
*.omvouxylqe.com
*.ribmecpeso.com
*.robsaxegiln.com
*.wijvuihlumo.com
*.wuvespuxoks.com
*.yaflicacl.com
*.zuvqupcuhy.com
admin.bevyquvjupo.com
admin.bibnabraclo.com
admin.buydiscountpills.com.cn
admin.crotrecpe.com
admin.healthwellnessmagazine.com
admin.hupfawqupke.com
admin.lojoasurzo.com
admin.mitmyjqum.com
admin.mitmyjqum.net
admin.myeplebsi.com
admin.omvouxylqe.com
admin.relcuhebi.com
admin.rhenjubad.com
admin.rucuvvaqwu.com
admin.wijvuihlumo.com
admin.wroanipnef.com
admin.wuvespuxoks.com
admin.yaflicacl.com
admin.zuvqupcuhy.com
aocfopgoh.com
atcezqus.com
bevyquvjupo.com
bibnabraclo.com
bididottoy.net
crotrecpe.com
fuadnacoct.com
futningi.com
gughixqukk.com
healthwellnessmagazine.com
hupfawqupke.com
kwywalgeky.com
lojoasurzo.com
mail.bevyquvjupo.com
mail.buydiscountpills.com.cn
mail.crotrecpe.com
mail.druggeneralstore.com
mail.healthwellnessmagazine.com
mail.hupfawqupke.com
mail.lojoasurzo.com
mail.mitmyjqum.com
mail.mitmyjqum.net
mail.mssmartstart.eu
mail.myeplebsi.com
mail.neintijl.com
mail.omvouxylqe.com
mail.rucuvvaqwu.com
mail.wijvuihlumo.com
mail.yaflicacl.com
mail.yambourzov.com
mail.zuvqupcuhy.com
mitmyjqum.com
myeplebsi.com
ns1.bevyquvjupo.com
ns1.buydiscountpills.com.cn
ns1.crotrecpe.com
ns1.healthwellnessmagazine.com
ns1.hupfawqupke.com
ns1.lojoasurzo.com
ns1.mitmyjqum.com
ns1.mitmyjqum.net
ns1.mssmartstart.eu
ns1.myeplebsi.com
ns1.neintijl.com
ns1.omvouxylqe.com
ns1.onqupidcuku.com
ns1.prufbulquo.com
ns1.rhenjubad.com
ns1.ribmecpeso.com
ns1.rucuvvaqwu.com
ns1.wijvuihlumo.com
ns1.yambourzov.com
ns1.zuvqupcuhy.com
ns2.aqwuhquxyb.net
ns2.bevyquvjupo.com
ns2.buydiscountpills.com.cn
ns2.crotrecpe.com
ns2.druggeneralstore.com
ns2.emailmedsonline.com
ns2.hupfawqupke.com
ns2.lojoasurzo.com
ns2.mitmyjqum.com
ns2.mitmyjqum.net
ns2.myeplebsi.com
ns2.neintijl.com
ns2.omvouxylqe.com
ns2.robsaxegiln.com
ns2.rucuvvaqwu.com
ns2.wijvuihlumo.com
ns2.yaflicacl.com
ns2.zuvqupcuhy.com
okvekjaiqwu.com
omvouxylqe.com
otjerlat.com
pharmacywellbeingdrugstore.com
pillsandmeds.com
prufbulquo.com
qugoqudal.com
quadubaorly.com
rhenjubad.com
robsaxegiln.com
rucuvvaqwu.com
sikesorem.com
vitamarketstore.net
wi.jonahoynox.com
wuvespuxoks.com
www.rudroniavi.com
www.lojoasurzo.com
yambourzov.com
IP Address: 195.88.226.40
*.anotherhotsite.com
*.hookupadults.com
anotherhotsite.com
biggermanplus.com
biggermanplus.net
discountstorerx.com
facebookchatter.com
findyourfling.net
fuckbook-4u.com
gul99999.hookupadults.com
hotdateingsite.net
hotlocalladies.net
hotrxdeals.com
hottergirls.net
hottestnewsite.com
hotwildtimes.net
karasfacebookpage.com
localsplace.net
lonelyladies.org
meet2nite4sex.com
mykinkysite.net
nikkisfacebookpage.com
postyourpicshere.com
satafternoonsex.com
sexyerfacebookfun.net
thedirtyfacebook.net
www.anotherhotsite.com
yourrxdiscounthouse.com
Jewelry, Watches, Handbags, and More! HotNew 2010Model Rolexes
IP Address: 119.67.72.138
*.anttower.ru
*.awardpipe.ru
*.batheconomy.ru
*.beliefcat.ru
*.birthbirth.com
*.birthdayhotel.ru
*.blowlist.com
*.blownew.com
*.blushcools.com
*.brothersbottle.com
*.cheaperwatchs.com
*.dr-maxx-man.info
*.dropsblow.com
*.dropsrain.com
*.enlarge-penishelp.com
*.flushbounty.com
*.flushfull.com
*.forcetrain.ru
*.imperialtree.ru
*.lastcutting.com
*.lightgrape.ru
*.maxedman.info
*.oceanshort.com
*.platelap.com
*.printgound.com
*.prolong-penis.com
*.raintask.com
*.roomlane.ru
*.sonrainbow.ru
*.sourcesocket.com
*.trackcart.com
*.uecawsnr.cn
*.villainmist.ru
*.warmlamp.com
*.worddarks.com
7zh.uecawsnr.cn
admin.anttower.ru
admin.awardpipe.ru
admin.batheconomy.ru
admin.beliefcat.ru
admin.birthbirth.com
admin.birthdayhotel.ru
admin.blownew.com
admin.blushcools.com
admin.brothersbottle.com
admin.cheaper-watchs.com
admin.cheaperwatchs.com
admin.dr-maxx-man.info
admin.dropsblow.com
admin.dropsrain.com
admin.enlarge-penishelp.com
admin.flushbounty.com
admin.flushfull.com
admin.forcetrain.ru
admin.imperialtree.ru
admin.lastcutting.com
admin.lightgrape.ru
admin.lipshell.ru
admin.maxedman.info
admin.oceanshort.com
admin.platelap.com
admin.printgound.com
admin.prolong-penis.com
admin.raintask.com
admin.roomlane.ru
admin.sonrainbow.ru
admin.sourcesocket.com
admin.trackcart.com
admin.villainmist.ru
admin.warmlamp.com
admin.worddarks.com
anttower.ru
awardpipe.ru
batheconomy.ru
beliefcat.ru
birthdayhotel.ru
blowlist.com
blownew.com
brothersbottle.com
cheaperwatchs.com
clickrich.ru
cqqek7g.acesaicb.cn
dr-maxx-man.info
drinkskye.com
dropsrain.com
enginewarm.com
flushbounty.com
flushfull.com
forcetrain.ru
getripped.warmlamp.com
grow-bigpenis.com
hamdrunk.ru
harshpup.ru
imperialtree.ru
juicybaby.ru
kindcake.ru
lastcutting.com
lipshell.ru
maxedman.info
oceanshort.com
onefree.birthbirth.com
platelap.com
printgound.com
prolong-penis.com
raintask.com
rateroad.com
replicas4you.com
roomlane.ru
sailhope.ru
sourcesocket.com
uecawsnr.cn
villainmist.ru
worddarks.com
www.dropsrain.com
www.enginewarm.com
IP Address: 123.30.184.35
searh-software.ru
Other possible Rouge Softwares
cardsprocessing.net
cheap-downloads.ru
discount-oem.com
download-oem.ru
downloadoem.ru
goodsoftwaremarket.com
great-downloads.ru
great-oem.ru
lodns.ru
oem-downloads.net
oem-project.ru
platnumoemzone.ru
unique-oem-downloads.com
uniquesoftwaremarket.com
*.arealamp.ru
*.beachhill.ru
*.betacourt.ru
*.betaflash.ru
*.boxlane.ru
*.chairboy.ru
*.chairpage.ru
*.diskbabe.ru
*.diskfashion.com
*.diskhot.com
*.diskopen.com
*.downbottle.com
*.fastsizeonline.ru
*.finksnot.ru
*.greedpants.ru
*.hitpal.ru
*.jarpeer.ru
*.listlong.cn
*.opengras.com
*.raindrow.com
*.raintowel.com
*.raintruck.com
*.rareyou.ru
*.shelfjack.ru
*.silverdarks.com
*.stinkypony.ru
*.tablecut.com
*.tablefasts.com
*.tablegras.com
*.tableoceans.com
*.tablesack.com
*.thunderdark.com
*.thunderhigh.com
*.zipclub.ru
0vo.listlong.cn
admin.arealamp.ru
admin.babysteel.ru
admin.bagkeys.ru
admin.beachhill.ru
admin.beachske.com
admin.betacourt.ru
admin.betaflash.ru
admin.boxlane.ru
admin.chairboy.ru
admin.chairpage.ru
admin.diskbabe.ru
admin.diskfashion.com
admin.diskhot.com
admin.diskopen.com
admin.downbottle.com
admin.fileblogger.ru
admin.finksnot.ru
admin.greedpants.ru
admin.hitpal.ru
admin.horsebed.ru
admin.jackhorse.ru
admin.jarpeer.ru
admin.jokerfilm.ru
admin.opengras.com
admin.raindrow.com
admin.raintowel.com
admin.raintruck.com
admin.rareyou.ru
admin.rocktower.ru
admin.shelfjack.ru
admin.silverdarks.com
admin.stinkypony.ru
admin.tablecut.com
admin.tablefasts.com
admin.tablegras.com
admin.tableoceans.com
admin.tablesack.com
admin.thunderdark.com
admin.thunderhigh.com
admin.trackweed.ru
admin.zipclub.ru
arealamp.ru
babysteel.ru
bagkeys.ru
beachhill.ru
betacourt.ru
betaflash.ru
boxlane.ru
chairboy.ru
chairpage.ru
diskbabe.ru
diskfashion.com
diskhot.com
diskopen.com
downbottle.com
dropsblow.com
fastsizeonline.ru
fileblogger.ru
finksnot.ru
giftwhite.com
greedpants.ru
greenultras.com
hitpal.ru
horsebed.ru
jackhorse.ru
jarpeer.ru
jokerfilm.ru
lightgrape.ru
listlong.cn
opengras.com
oceanplane.com
oceanwarms.com
raindrow.com
raintruck.com
rareyou.ru
rocktower.ru
qwofzabar.com
shelfjack.ru
sonrainbow.ru
stinkypony.ru
summerpapers.com
superbuildersite.ru
tablecut.com
tablefasts.com
tablegras.com
tableoceans.com
tablesack.com
thunderdark.com
thunderhigh.com
trackweed.ru
www.whitemonths.com
waterdarks.com
zipclub.ru
Want to get laid?
IP Address: 62.248.107.53
*.adultplayground21.com
*.amazingsexsearch.com
*.dontellonme.com
*.shannonsfacebookpage.com
*.singlesnet-28.com
*.singlesnet-29.com
*.weekendsextoy.com
adultpicposter.com
adultplayground21.com
amazingsexsearch.com
betterthenfacebook.net
candysfacebookpage.com
cuddlenfuck.com
cuddlestonight.com
datingonfacebook.net
dontellonme.com
excitinghookup.com
facebookoffun.net
facebooktwist.net
findingahotdate.com
findlocal-hookups.com
findnewfriendsonline.com
freeadultmovieticket.com
freeadulttrialpass.com
freemail4me.net
fuckbook-direct.net
funtimedate.net
funwithsingles.net
goodpricestore.net
hookup4sexnow.com
hookupadults.com
hostmaster.singlesnet-28.com
hotfacebookfun.net
jennifersfacebookpage.com
jennysfacebookpage.com
joinfreedating.com
juliesfacebookpage.com
kellysfacebookpage.com
local-singlesearch.com
ttn90807.local-singlesearch.com
localdatingaction.net
longweekendhookup.com
manal101.adultplayground21.com
meetlocalsfast.com
mybestdatingsite.net
mynaughtydateingsite.net
mysexyfacebookfun.com
mysexypicsonline.com
mysexypicsonline.net
mysexywebpics.com
nailhotgirls.com
naughtydateingsite.net
naughtyfacebook.net
naughtyfacebookfun.net
nighttimefun.net
ns1.singlesnet-29.com
pilllz4less.com
pilllz4less.net
pricesharp.net
privatefriendfinder.net
sallysfacebookpage.com
sarahsfacebookpage.com
sexyfacebookfun.com
shannonsfacebookpage.com
singlesnet-23.com
singlesnet-28.com
singlesnet-29.com
singlesnet21.com
singlesnet22.com
singlesnet23.com
spicydateingsite.net
ucanfindher.net
vodtrialpass.com
weekendsextoy.com
www.amazingsexsearch.com
www.shannonsfacebookpage.com
www.weekendsextoy.com
yahoohookups.com
IP Address: 201.7.103.58
*.ahpezkut.com
*.atquackephix.com
*.beststoremedswellbeing.com
*.bihdeawy.com
*.foxwyqwac.com
*.fyenpimbec.net
*.glagsyclax.com
*.healthenlargementpill.com
*.hlaedoahma.com
*.hlevombyx.com
*.hovhanjal.com
*.pharmacystonetablets.com
*.qubcicvowy.net
*.qukmifnuo.com
*.qwyzkiegwy.com
*.sohfevevyl.com
*.yupdytytix.com
alhilfaika.com
behmaibkan.com
bestdrugtorepills.com
beststoremedswellbeing.com
bestviagrarx.com
bihdeawy.com
cviadoaz.com
djiatisfu.com
dwocefhial.com
ebsajgij.com
ezloxjib.com
fisysdubb.com
fufyhzeyjhi.com
fyenpimbec.com
fyenpimbec.net
fyxaohziju.com
glagsyclax.com
goxtixunas.net
gyghoisre.com
healthenlargementpill.com
healthfoodmedsguide.com
hlevombyx.com
hovhanjal.com
kidqurax.com
lsnlue.redsouk.com
lusfidbeu.com
lyplumudwub.com
mail.aexhagijho.com
mail.ahpezkut.com
mail.bestdrugtorepills.com
mail.beststoremedswellbeing.com
mail.bihdeawy.com
mail.djiatisfu.com
mail.ezloxjib.com
mail.foxwyqwac.com
mail.foxwyqwac.net
mail.fyenpimbec.com
mail.fyenpimbec.net
mail.glagsyclax.com
mail.greatpillreview.com
mail.healthenlargementpill.com
mail.hlevombyx.com
mail.hovhanjal.com
mail.pharmacystonetablets.com
mail.qubcicvowy.net
mail.qwyzkiegwy.com
mail.sohfevevyl.com
merfeget.com
ns1.aexhagijho.com
ns1.atquackephix.com
ns1.beststoremedswellbeing.com
ns1.bihdeawy.com
ns1.ekhahpaxen.net
ns1.ezloxjib.com
ns1.fisysdubb.com
ns1.foxwyqwac.net
ns1.fufyhzeyjhi.com
ns1.fyenpimbec.com
ns1.glagsyclax.com
ns1.goxtixunas.net
ns1.healthfoodmedsguide.com
ns1.hlevombyx.com
ns1.pharmacystonetablets.com
ns1.qubcicvowy.net
ns1.qwyzkiegwy.com
ns1.zmigtyby.com
ns2.aexhagijho.com
ns2.ahpezkut.com
ns2.atquackephix.com
ns2.behmaibkan.com
ns2.bestdrugtorepills.com
ns2.beststoremedswellbeing.com
ns2.bihdeawy.com
ns2.ekhahpaxen.net
ns2.ezloxjib.com
ns2.foxwyqwac.com
ns2.fyenpimbec.com
ns2.fyenpimbec.net
ns2.glagsyclax.com
ns2.goxtixunas.net
ns2.greatpillreview.com
ns2.healthenlargementpill.com
ns2.healthfoodmedsguide.com
ns2.hlaedoahma.com
ns2.hlevombyx.com
ns2.pharmacystonetablets.com
ns2.qubcicvowy.net
ns2.qwyzkiegwy.com
ns2.yupdytytix.com
ns2.zmigtyby.com
pharmacystonetablets.com
qubcicvowy.net
qwiquhvyrumy.com
qwofyuhl.net
qwyzkiegwy.com
redsouk.com
skajhewsypy.com
tioxquwquze.com
tuamecwojl.com
tuftiqwime.com
uccyzanno.com
viahwanmu.com
vnoedcyl.net
www.xuhnaefhag.com
xyhjapquf.net
yezuynbez.com
zvymmogwu.net
IP Address: 200.115.112.206
termlifequoter.info
rxfromhome.net
generic-rx-now.com
IP Address: 218.201.145.75
ivoqwikrun.com
medspharmacyhealthdirect.net
pharmacyprescriptiontablets.com
IP Address: 208.113.234.203
aftermarketwire.com
ameliorersonfrancais.com
anshul.info
apache2-emu.orbital.dreamhost.com
asian-cookware.com
astheclockstrikestwelve.com
bleuetrouge.org
botbuyer.com
botforsale.com
cardinalgroupnyc.com
chainedhearts.com
dacrew-au.com
etiviti.net
futurefashiontech.com
getcuriosities.com
gtsr.net
k5series.com
kijafasrunway.com
kinsonproducts.com.au
lydiaw.net
nolalearning.com
r2witco.net
realcargonets.com
redspinal.com.au
reecefamily.net
runjumpfly.net
rxfromhome.com
sodamousse.net
waabalone.com.au
www.ameliorersonfrancais.com
IP Address:220.132.245.191
*.besteuromusic.com
*.paimarkou.com
*.skycutterair.com
220-132-245-191.hinet-ip.hinet.net
admin.besteuromusic.com
admin.skycutterair.com
besteuromusic.com
ns1.besteuromusic.com
ns2.besteuromusic.com
paimarkou.com
www.paimarkou.com
IP Address: 80.191.84.220
*.bevyquvjupo.com
*.crotrecpe.com
*.healthwellnessmagazine.com
*.hupfawqupke.com
*.lojoasurzo.com
*.mitmyjqum.com
*.mitmyjqum.net
*.myeplebsi.com
*.myjsyegsan.com
*.omvouxylqe.com
*.ribmecpeso.com
*.robsaxegiln.com
*.wijvuihlumo.com
*.wuvespuxoks.com
*.yaflicacl.com
*.zuvqupcuhy.com
admin.bevyquvjupo.com
admin.bibnabraclo.com
admin.buydiscountpills.com.cn
admin.crotrecpe.com
admin.healthwellnessmagazine.com
admin.hupfawqupke.com
admin.lojoasurzo.com
admin.mitmyjqum.com
admin.mitmyjqum.net
admin.myeplebsi.com
admin.omvouxylqe.com
admin.relcuhebi.com
admin.rhenjubad.com
admin.rucuvvaqwu.com
admin.wijvuihlumo.com
admin.wroanipnef.com
admin.wuvespuxoks.com
admin.yaflicacl.com
admin.zuvqupcuhy.com
aocfopgoh.com
atcezqus.com
bevyquvjupo.com
bibnabraclo.com
bididottoy.net
crotrecpe.com
fuadnacoct.com
futningi.com
gughixqukk.com
healthwellnessmagazine.com
hupfawqupke.com
kwywalgeky.com
lojoasurzo.com
mail.bevyquvjupo.com
mail.buydiscountpills.com.cn
mail.crotrecpe.com
mail.druggeneralstore.com
mail.healthwellnessmagazine.com
mail.hupfawqupke.com
mail.lojoasurzo.com
mail.mitmyjqum.com
mail.mitmyjqum.net
mail.mssmartstart.eu
mail.myeplebsi.com
mail.neintijl.com
mail.omvouxylqe.com
mail.rucuvvaqwu.com
mail.wijvuihlumo.com
mail.yaflicacl.com
mail.yambourzov.com
mail.zuvqupcuhy.com
mitmyjqum.com
myeplebsi.com
ns1.bevyquvjupo.com
ns1.buydiscountpills.com.cn
ns1.crotrecpe.com
ns1.healthwellnessmagazine.com
ns1.hupfawqupke.com
ns1.lojoasurzo.com
ns1.mitmyjqum.com
ns1.mitmyjqum.net
ns1.mssmartstart.eu
ns1.myeplebsi.com
ns1.neintijl.com
ns1.omvouxylqe.com
ns1.onqupidcuku.com
ns1.prufbulquo.com
ns1.rhenjubad.com
ns1.ribmecpeso.com
ns1.rucuvvaqwu.com
ns1.wijvuihlumo.com
ns1.yambourzov.com
ns1.zuvqupcuhy.com
ns2.aqwuhquxyb.net
ns2.bevyquvjupo.com
ns2.buydiscountpills.com.cn
ns2.crotrecpe.com
ns2.druggeneralstore.com
ns2.emailmedsonline.com
ns2.hupfawqupke.com
ns2.lojoasurzo.com
ns2.mitmyjqum.com
ns2.mitmyjqum.net
ns2.myeplebsi.com
ns2.neintijl.com
ns2.omvouxylqe.com
ns2.robsaxegiln.com
ns2.rucuvvaqwu.com
ns2.wijvuihlumo.com
ns2.yaflicacl.com
ns2.zuvqupcuhy.com
okvekjaiqwu.com
omvouxylqe.com
otjerlat.com
pharmacywellbeingdrugstore.com
pillsandmeds.com
prufbulquo.com
qugoqudal.com
quadubaorly.com
rhenjubad.com
robsaxegiln.com
rucuvvaqwu.com
sikesorem.com
vitamarketstore.net
wi.jonahoynox.com
wuvespuxoks.com
www.rudroniavi.com
www.lojoasurzo.com
yambourzov.com
IP Address: 195.88.226.40
*.anotherhotsite.com
*.hookupadults.com
anotherhotsite.com
biggermanplus.com
biggermanplus.net
discountstorerx.com
facebookchatter.com
findyourfling.net
fuckbook-4u.com
gul99999.hookupadults.com
hotdateingsite.net
hotlocalladies.net
hotrxdeals.com
hottergirls.net
hottestnewsite.com
hotwildtimes.net
karasfacebookpage.com
localsplace.net
lonelyladies.org
meet2nite4sex.com
mykinkysite.net
nikkisfacebookpage.com
postyourpicshere.com
satafternoonsex.com
sexyerfacebookfun.net
thedirtyfacebook.net
www.anotherhotsite.com
yourrxdiscounthouse.com
Jewelry, Watches, Handbags, and More! HotNew 2010Model Rolexes
IP Address: 119.67.72.138
*.anttower.ru
*.awardpipe.ru
*.batheconomy.ru
*.beliefcat.ru
*.birthbirth.com
*.birthdayhotel.ru
*.blowlist.com
*.blownew.com
*.blushcools.com
*.brothersbottle.com
*.cheaperwatchs.com
*.dr-maxx-man.info
*.dropsblow.com
*.dropsrain.com
*.enlarge-penishelp.com
*.flushbounty.com
*.flushfull.com
*.forcetrain.ru
*.imperialtree.ru
*.lastcutting.com
*.lightgrape.ru
*.maxedman.info
*.oceanshort.com
*.platelap.com
*.printgound.com
*.prolong-penis.com
*.raintask.com
*.roomlane.ru
*.sonrainbow.ru
*.sourcesocket.com
*.trackcart.com
*.uecawsnr.cn
*.villainmist.ru
*.warmlamp.com
*.worddarks.com
7zh.uecawsnr.cn
admin.anttower.ru
admin.awardpipe.ru
admin.batheconomy.ru
admin.beliefcat.ru
admin.birthbirth.com
admin.birthdayhotel.ru
admin.blownew.com
admin.blushcools.com
admin.brothersbottle.com
admin.cheaper-watchs.com
admin.cheaperwatchs.com
admin.dr-maxx-man.info
admin.dropsblow.com
admin.dropsrain.com
admin.enlarge-penishelp.com
admin.flushbounty.com
admin.flushfull.com
admin.forcetrain.ru
admin.imperialtree.ru
admin.lastcutting.com
admin.lightgrape.ru
admin.lipshell.ru
admin.maxedman.info
admin.oceanshort.com
admin.platelap.com
admin.printgound.com
admin.prolong-penis.com
admin.raintask.com
admin.roomlane.ru
admin.sonrainbow.ru
admin.sourcesocket.com
admin.trackcart.com
admin.villainmist.ru
admin.warmlamp.com
admin.worddarks.com
anttower.ru
awardpipe.ru
batheconomy.ru
beliefcat.ru
birthdayhotel.ru
blowlist.com
blownew.com
brothersbottle.com
cheaperwatchs.com
clickrich.ru
cqqek7g.acesaicb.cn
dr-maxx-man.info
drinkskye.com
dropsrain.com
enginewarm.com
flushbounty.com
flushfull.com
forcetrain.ru
getripped.warmlamp.com
grow-bigpenis.com
hamdrunk.ru
harshpup.ru
imperialtree.ru
juicybaby.ru
kindcake.ru
lastcutting.com
lipshell.ru
maxedman.info
oceanshort.com
onefree.birthbirth.com
platelap.com
printgound.com
prolong-penis.com
raintask.com
rateroad.com
replicas4you.com
roomlane.ru
sailhope.ru
sourcesocket.com
uecawsnr.cn
villainmist.ru
worddarks.com
www.dropsrain.com
www.enginewarm.com
IP Address: 123.30.184.35
searh-software.ru
Other possible Rouge Softwares
cardsprocessing.net
cheap-downloads.ru
discount-oem.com
download-oem.ru
downloadoem.ru
goodsoftwaremarket.com
great-downloads.ru
great-oem.ru
lodns.ru
oem-downloads.net
oem-project.ru
platnumoemzone.ru
unique-oem-downloads.com
uniquesoftwaremarket.com
Monday, July 12, 2010
Malwares 12-July-10 with SHA-256
hxxxp://ccu.118bbs.com:8933/x/up04.exe
61c4c3cc42c00ba557a9af7ea53882504c7926c307cc6e916671b1f9a78295f1
hxxxp://www.rmbwa.com:8933/baidu.txt
hxxxp://ccc.henbbs.com:8933/du.exe c32816fd4ef057ca48210f1e3b0b2a92436c8b64764c1102fabdc3da1350aaf6
hxxxp://ccc.henbbs.com:8933/wowg.exe ba822be8630bac971a74bb4ad36407c35c7cef5c2672e869732a7c147f881cb5
hxxxp://ccc.henbbs.com:8933/dahua2.exe d47b1c4f3549f596a2701e5fd624ecf29fbcaaec38b0c95d67e72f76bcfa7595
hxxxp://ccc.henbbs.com:8933/tlong.exe fdf12359f9b5682ee8292ee91edc04fb69bcb50436354460fa507a91344ec72e
hxxxp://ccc.henbbs.com:8933/wend.exe a51ef579ee2dd278352d8dd30d7a8497565176f8b6d9cdd306f2437cd4d28f83
hxxxp://ccc.henbbs.com:8933/dnfx.exe 4e58b85a43cc8a4c75e1ec9d9d6e63783fec178f8f85c8838bf0c3b2c0e1db77
hxxxp://ccc.henbbs.com:8933/mhzx.exe 5689c90d6f4f9ec7801d074480dc2cb4aef849f50bb98ba16324729602555a6f
hxxxp://ccc.henbbs.com:8933/dmlp5.exe 41681c9410209780359e82b610d5113a3001d036f887876837b0ab97038a17b9
hxxxp://ccc.henbbs.com:8933/mhxy.exe 99642c4c39d7cd64fa251f33fb7f5fcfcfadc532a8008c285d44def9e8d31aad
hxxxp://ccc.henbbs.com:8933/QQ3g.exe f00305dc91e821da12d06321f1cb2839d77eef6357f31a746d9c14266dcdcdc5
hxxxp://ccc.henbbs.com:8933/qqhx.exe ebc56ee156c2762812017766ca045562b5419aedb035db6ac7e48fa9a043ffe1
hxxxp://ccc.henbbs.com:8933/lszt.exe 0a59428f9dfc06589bc3e1936b1ef7fc66b767e7554795777a704de39e6721db
hxxxp://ccc.henbbs.com:8933/wmgj.exe e577376c0c4399489933080d9e9f9aba9622f35ae744f5cf17c59eac6ac7ba36
hxxxp://ccc.henbbs.com:8933/ie9.exe 99315b5a85f578e5587eff7614eb1732b5583ccadcbf135fda98c567ba3e0e91
hxxxp://ccc.henbbs.com:8933/dtql.exe 14f4724689de9c0f876faa27a64f7d0343f08664617bcccc025612b52d065a27
hxxxp://ccc.henbbs.com:8933/ie3.exe 7d441433a7313b4f9a5b8dcb04f53f2786fa6137c963fa10594acef737c94a62
hxxxp://ccc.henbbs.com:8933/q9.exe 57f0e4e6fdbc1151dff11c69850df7084c655770b19f24b07de82390ff3f279f
hxxxp://ccc.henbbs.com:8933/jw3.exe f5a3962d766f3b56a3007351cf3980077ae324194a375c846b9673fe59122838
hxxxp://ccc.henbbs.com:8933/cqsj.exe
hxxxp://ccc.henbbs.com:8933/rxcq.exe 703b48de769f3e05a78201576303daca948f30731fd13a3872da83a7c76da70a
hxxxp://ccc.henbbs.com:8933/moyu.exe 09b096a9188ff6eda8d8e7c33a9a5a7abd705e163f2d88939684e2dcc2280002
hxxxp://ccc.henbbs.com:8933/tian2.exe c086feca7368048992db9363bff07dca52552fceec64b2d7ff0b289756a624d1
hxxxp://ccc.henbbs.com:8933/daoj.exe
hxxxp://ccc.henbbs.com:8933/jxsj.exe
hxxxp://ccc.henbbs.com:8933/jj.exe b194470d959075552c55bcf1a8a54bb6caa8e929cfd0dac52070821425341b0d
hxxxp://ccc.henbbs.com:8933/rxcq.exe
hxxxp://ccc.henbbs.com:8933/moyu.exe
hxxxp://ccc.henbbs.com:8933/tian2.exe
hxxxp://ccc.henbbs.com:8933/daoj.exe 683e14f923de28d4eccb2756bc41d7852f9baaf2334a8ccdc71fbab3e2a52499
61c4c3cc42c00ba557a9af7ea53882504c7926c307cc6e916671b1f9a78295f1
hxxxp://www.rmbwa.com:8933/baidu.txt
hxxxp://ccc.henbbs.com:8933/du.exe c32816fd4ef057ca48210f1e3b0b2a92436c8b64764c1102fabdc3da1350aaf6
hxxxp://ccc.henbbs.com:8933/wowg.exe ba822be8630bac971a74bb4ad36407c35c7cef5c2672e869732a7c147f881cb5
hxxxp://ccc.henbbs.com:8933/dahua2.exe d47b1c4f3549f596a2701e5fd624ecf29fbcaaec38b0c95d67e72f76bcfa7595
hxxxp://ccc.henbbs.com:8933/tlong.exe fdf12359f9b5682ee8292ee91edc04fb69bcb50436354460fa507a91344ec72e
hxxxp://ccc.henbbs.com:8933/wend.exe a51ef579ee2dd278352d8dd30d7a8497565176f8b6d9cdd306f2437cd4d28f83
hxxxp://ccc.henbbs.com:8933/dnfx.exe 4e58b85a43cc8a4c75e1ec9d9d6e63783fec178f8f85c8838bf0c3b2c0e1db77
hxxxp://ccc.henbbs.com:8933/mhzx.exe 5689c90d6f4f9ec7801d074480dc2cb4aef849f50bb98ba16324729602555a6f
hxxxp://ccc.henbbs.com:8933/dmlp5.exe 41681c9410209780359e82b610d5113a3001d036f887876837b0ab97038a17b9
hxxxp://ccc.henbbs.com:8933/mhxy.exe 99642c4c39d7cd64fa251f33fb7f5fcfcfadc532a8008c285d44def9e8d31aad
hxxxp://ccc.henbbs.com:8933/QQ3g.exe f00305dc91e821da12d06321f1cb2839d77eef6357f31a746d9c14266dcdcdc5
hxxxp://ccc.henbbs.com:8933/qqhx.exe ebc56ee156c2762812017766ca045562b5419aedb035db6ac7e48fa9a043ffe1
hxxxp://ccc.henbbs.com:8933/lszt.exe 0a59428f9dfc06589bc3e1936b1ef7fc66b767e7554795777a704de39e6721db
hxxxp://ccc.henbbs.com:8933/wmgj.exe e577376c0c4399489933080d9e9f9aba9622f35ae744f5cf17c59eac6ac7ba36
hxxxp://ccc.henbbs.com:8933/ie9.exe 99315b5a85f578e5587eff7614eb1732b5583ccadcbf135fda98c567ba3e0e91
hxxxp://ccc.henbbs.com:8933/dtql.exe 14f4724689de9c0f876faa27a64f7d0343f08664617bcccc025612b52d065a27
hxxxp://ccc.henbbs.com:8933/ie3.exe 7d441433a7313b4f9a5b8dcb04f53f2786fa6137c963fa10594acef737c94a62
hxxxp://ccc.henbbs.com:8933/q9.exe 57f0e4e6fdbc1151dff11c69850df7084c655770b19f24b07de82390ff3f279f
hxxxp://ccc.henbbs.com:8933/jw3.exe f5a3962d766f3b56a3007351cf3980077ae324194a375c846b9673fe59122838
hxxxp://ccc.henbbs.com:8933/cqsj.exe
hxxxp://ccc.henbbs.com:8933/rxcq.exe 703b48de769f3e05a78201576303daca948f30731fd13a3872da83a7c76da70a
hxxxp://ccc.henbbs.com:8933/moyu.exe 09b096a9188ff6eda8d8e7c33a9a5a7abd705e163f2d88939684e2dcc2280002
hxxxp://ccc.henbbs.com:8933/tian2.exe c086feca7368048992db9363bff07dca52552fceec64b2d7ff0b289756a624d1
hxxxp://ccc.henbbs.com:8933/daoj.exe
hxxxp://ccc.henbbs.com:8933/jxsj.exe
hxxxp://ccc.henbbs.com:8933/jj.exe b194470d959075552c55bcf1a8a54bb6caa8e929cfd0dac52070821425341b0d
hxxxp://ccc.henbbs.com:8933/rxcq.exe
hxxxp://ccc.henbbs.com:8933/moyu.exe
hxxxp://ccc.henbbs.com:8933/tian2.exe
hxxxp://ccc.henbbs.com:8933/daoj.exe 683e14f923de28d4eccb2756bc41d7852f9baaf2334a8ccdc71fbab3e2a52499
Thursday, July 8, 2010
onpress.com.sg Printed Circuits compromised
http://onpress.com.sg/
--> http://onpress.com.sg/zcv.gif (Trojan)
By using Google search, users can easily get lots of similar websites compromised to host malicious code.
--> http://onpress.com.sg/zcv.gif (Trojan)
By using Google search, users can easily get lots of similar websites compromised to host malicious code.
Wednesday, July 7, 2010
World Of Warcraft - Phishing
IP Address: 58.30.234.45
*.cn.321mf.com
80base.org
bjadyx.com
cn.321mf.com
hao700.net
jcjsq.com
mail.cokogo.com
myistar.net
nbfor.info
wg853.com
worldofwarcraft-blizzard-battle.net
worldofwarcraft-warning-battle.net
wow-blizzard-battle.net
wuzhou63.com
www.hc330.com
wyhbs.com
IP Address: 208.115.113.82
*.ns1.ra91888.com
*.ra91888.com
36kx.com
414hj.com
51kbb.info
51rich.org
52chat.info
56moto.com
58gh.com
5iliao.info
75kj.com
7liao8.info
83sf.net
88la.info
93mux.com
941wansf.com
98ktv.info
99cu.info
accountinvestigationworldofwarcraft.com
accountsecuritymanagement-worldofwarcraft.com
aiqjiuszheyd.com
aldidhtiaaooad.net
aucntion.net
badao45.com
blizzard-worldofwarcraft-users.com
cardkuu.com
chaorenjz.net
dnfmeinv.com
dns7.xuridns.com
dzhongzhi.com
fgwoool.com
fl7777.com
gankuaitao.com
gyylt.com
happybuy66.com
ik77.com
jiaxing66.com
jiqing98.info
jqmm8.info
ku10000.cn
lcxfw.net
lliao.info
lytt1.com
mail.badao45.com
md6668.com
mir2od.com
mirsdn8.com
mm9420.info
newbz.org
ns1.ra91888.com
ourshaiya.com
qqhhpp.com
qzonelm.com
ra91888.com
ranshaoqc.com
root.ns1.ra91888.com
rrxq.net
rzhzsm.com
se8vip.com
sf5944.com
sumdj.cn
sz80club.com
tw963.com
ux85.com
why007.com
wj5173.com
wohui666.net
wohui666hn.com
worldofwarcrwaft.com
www.7liao8.info
www.88la.info
www.98ktv.info
www.9iliao.info
www.jqmm8.info
www.newbz.org
www.qqhhpp.com
www.ranshaoqc.com
www.ruyisf.com
www.sf584.com
www.sumdj.cn
www.tw963.com
www.ucbear.com
www.xinghua8.cn
www.xs5.info
www.zhibo5.net
xl9d.info
xp156.com
xp45.net
xs5.info
yy45.net
zw08.com
Lexically nearby names:
worldofwarcrarrft.com
worldofwarcrarrft.net
worldofwarcrarsft.com
worldofwarcrart.com
worldofwarcrartft.com
worldofwarcraruft.com
worldofwarcrarvft.com
worldofwarcrasft.com
worldofwarcrast.com
worldofwarcrat.com
worldofwarcratf.com
worldofwarcratf.net
worldofwarcratft.com
worldofwarcratfus.com
worldofwarcrath.com
worldofwarcratmovies.com
worldofwarcratt.com
worldofwarcrattf.com
worldofwarcravt.com
worldofwarcrawt.com
worldofwarcrazft.com
worldofwarcrbaft.com
worldofwarcrcaft-account.com
worldofwarcrcaft.com
worldofwarcrcft-manage.com
worldofwarcrcft-test.com
worldofwarcrcft.com
worldofwarcrcftv.com
worldofwarcrcraft.com
worldofwarcrctf.com
worldofwarcrdft.com
worldofwarcreaft.com
worldofwarcreft-catacly.com
worldofwarcreft-manage.com
worldofwarcreft.com
worldofwarcreft.net
worldofwarcreraft.com
worldofwarcretf.com
worldofwarcrfaft.com
worldofwarcrfat.com
worldofwarcrfet.com
worldofwarcrft-account.com
worldofwarcrft.com
worldofwarcrfti.com
worldofwarcrftloot.com
worldofwarcrfts.com
worldofwarcrftv.com
worldofwarcrgft.com
worldofwarcriaft.com
worldofwarcrift-test.com
worldofwarcrift.com
worldofwarcriraft.com
worldofwarcrlaft.com
worldofwarcrlft.com
worldofwarcrmft.com
worldofwarcrnafatblizzrad.net
worldofwarcrnaft.com
worldofwarcrnaftblizzrad.net
worldofwarcrnft-test.com
worldofwarcrnft.com
Pharmaceutic - Canadian Neighbor Pharmacy
IP Address: 218.71.239.39
*.bienzouff.com
*.cheaprx-foryou.com
*.culledsomes.eu
*.eclokzet.com
*.greatpillsstore.net
*.healthcanadadrugexchange.net
*.healthymedsonline.net
*.hlurpuvlyr.com
*.hlurpuvlyr.net
*.kwyplafku.com
*.lozogamwye.com
*.nemgawqe.com
*.nemgawqe.net
*.octasato.com
*.qualitypilldiscounts.com
*.ragzelpup.com
*.tabletownhealthdirect.com
*.wrikevba.com
*.xoqwudve.com
admin.bienzouff.com
admin.bzyasgaoska.com
admin.calfetrok.com
admin.cheaprx-foryou.com
admin.djostocfi.com
admin.eclokzet.com
admin.fayhwaut.com
admin.greatpillsstore.net
admin.gurryjbatma.com
admin.healthcanadadrugexchange.net
admin.healthymedsonline.net
admin.hlurpuvlyr.com
admin.hlurpuvlyr.net
admin.kwyplafku.com
admin.lozogamwye.com
admin.molhyuhbure.com
admin.nemgawqe.com
admin.nemgawqe.net
admin.qualitypilldiscounts.com
admin.ragzelpup.com
admin.tabletownhealthdirect.com
admin.wrikevba.com
admin.xoqwudve.com
admin.yotparduge.com
baiheyuan.com
bienzouff.com
cheaprx-foryou.com
culledsomes.eu
discountrx-pills.com
djostocfi.com
eclokzet.com
f.bienzouff.com
greatpillsstore.net
greattabletsdrug.com
gyrjarmyxvy.com
healthcanadadrugexchange.net
healthymedsonline.net
hlurpuvlyr.com
iczopwyku.com
jabtysky.com
lozogamwye.com
mail.bienzouff.com
mail.bzyasgaoska.com
mail.cheaprx-foryou.com
mail.culledsomes.eu
mail.eclokzet.com
mail.fayhwaut.com
mail.greatpillsstore.net
mail.healthcanadadrugexchange.net
mail.healthymedsonline.net
mail.hlurpuvlyr.com
mail.hlurpuvlyr.net
mail.lozogamwye.com
mail.nemgawqe.com
mail.nemgawqe.net
mail.octasato.com
mail.qualitypilldiscounts.com
mail.tabletownhealthdirect.com
mail.vzyubolqut.com
mssmartstart.eu
nemgawqe.com
nemgawqe.net
ns1.bienzouff.com
ns1.bzyasgaoska.com
ns1.calfetrok.com
ns1.cheaprx-foryou.com
ns1.eclokzet.com
ns1.fayhwaut.com
ns1.hlurpuvlyr.com
ns1.hlurpuvlyr.net
ns1.jaldoysurw.com
ns1.lozogamwye.com
ns1.nemgawqe.com
ns1.nemgawqe.net
ns1.octasato.com
ns1.qualitypilldiscounts.com
ns1.thibcalni.com
ns1.wrikevba.com
ns1.yotparduge.com
ns2.bienzouff.com
ns2.bzyasgaoska.com
ns2.cheaprx-foryou.com
ns2.eclokzet.com
ns2.fayhwaut.com
ns2.hlurpuvlyr.com
ns2.hlurpuvlyr.net
ns2.jaldoysurw.com
ns2.lozogamwye.com
ns2.molhyuhbure.com
ns2.nemgawqe.com
ns2.nemgawqe.net
ns2.qualitypilldiscounts.com
ns2.vzyubolqut.com
ns2.yotparduge.com
qualitypilldiscounts.com
therxcapsules.eu
thetabletspills.com
unitedrxpills.com
www.greatpillsstore.net
www.healthymedsonline.net
www.hlurpuvlyr.net
xoqwudve.net
IP Address: 218.248.66.190
*.pillstoreprescription.net
*.shoparoundpills.net
*.tabletscheaprxmeds.net
*.takemedsnow.net
*.ugsyjyzh.com
*.yabmejhus.com
*.yuwqukzyt.com
admin.shoparoundpills.net
admin.tabletscheaprxmeds.net
admin.takemedsnow.net
admin.zluzgymwo.net
mail.ragzelpup.com
mail.shoparoundpills.net
mail.tabletscheaprxmeds.net
mail.takemedsnow.net
mail.yabmejhus.com
mail.yuwqukzyt.com
mail.zluzgymwo.net
medsnowrxonline.com
ns1.xyckyhco.com
ns1.yabmejhus.com
ns1.yuwqukzyt.com
ns2.xoqwudve.com
ns2.xyckyhco.com
ns2.zluzgymwo.net
shoparoundpills.net
tabletscheaprxmeds.net
takemedsnow.net
ugsyjyzh.com
xyckyhco.com
yahoznavl.com
yourchoicepharmacy.eu
yuwqukzyt.com
Trend Micro Browser Guard 2010 Offered Free Web Protection
Trend Micro Browser Guard 2010 is a free browser plug-in which proactively protects users against Internet threats by identifying malicious web pages and blocking the threat before it can infect the user's computer.
It can protect users from sophisticated Internet threats such as the Hydraq and Aurora Zero-day attacks. These type of attacks are comprised of malicious threats in various communication vectors—email, web, and file--and take advantage of zero-day, unknown, vulnerabilities in Internet Explorer.
Cybercriminals often secretly insert malicious JavaScript onto web pages in the hope that people using vulnerable versions of IE browsers visit these pages and inadvertently download the malware onto their computers.
Browser Guard protects users from such attacks by analyzing and subsequently blocking malicious JavaScript from exploiting vulnerabilities and performing malicious activities on the user's computer. Browser Guard communicates with the Trend Micro Smart Protection Network infrastructure, bringing users the latest Internet protection whenever they surf the web, even if they use other Trend Micro products.
Supported operating systems for Browser Guard include: Windows XP Home/Professional (with the latest service pack), Windows Vista (with the latest service pack), and Windows 7.
However, the tool only supported on Microsoft IE browsers. Hope next version of Browser Guard plug-in can support for other browsers as well.
You may download the tool from http://free.antivirus.com/browser-guard/
Reference:
- http://www.net-security.org/secworld.php?id=9538
It can protect users from sophisticated Internet threats such as the Hydraq and Aurora Zero-day attacks. These type of attacks are comprised of malicious threats in various communication vectors—email, web, and file--and take advantage of zero-day, unknown, vulnerabilities in Internet Explorer.
Cybercriminals often secretly insert malicious JavaScript onto web pages in the hope that people using vulnerable versions of IE browsers visit these pages and inadvertently download the malware onto their computers.
Browser Guard protects users from such attacks by analyzing and subsequently blocking malicious JavaScript from exploiting vulnerabilities and performing malicious activities on the user's computer. Browser Guard communicates with the Trend Micro Smart Protection Network infrastructure, bringing users the latest Internet protection whenever they surf the web, even if they use other Trend Micro products.
Supported operating systems for Browser Guard include: Windows XP Home/Professional (with the latest service pack), Windows Vista (with the latest service pack), and Windows 7.
However, the tool only supported on Microsoft IE browsers. Hope next version of Browser Guard plug-in can support for other browsers as well.
You may download the tool from http://free.antivirus.com/browser-guard/
Reference:
- http://www.net-security.org/secworld.php?id=9538
Subscribe to:
Posts (Atom)