Thursday, June 23, 2011

Beware shortcuts for getting more followers on Twitter


There are various different ways of getting more followers on Twitter.
The easiest method is to be a celebrity. It doesn't matter if you tweet anything interesting, you'll probably find a fair number of people will follow you regardless.
Alternatively, you could try to tweet something that people find useful or amusing or informative on a regular basis. If you put in the hours, write great tweets and be yourself then you may find others are happy to follow you and engage with you online.
But if both of those options sound far too tricky, you might be tempted to try the Twitter equivalent to a "get rich quick" scheme in your hunt for more followers.
Take these messages which are currently appearing on Twitter, for instance:
Get more followers tweets
GET MORE FOLLOWERS MY BEST FRIENDS? I WILL FOLLOW YOU BACK IF YOU FOLLOW ME - [LINK]
If you are tempted to click on the link, you will be taken to a webpage which offers you a service that promises hundreds or thousands of new followers. Many different websites exist like this, here's just two of the sites we have seen being used in the current campaign.
Get more followers webpages
Although the graphics differ, the basic template of the site remains the same - including options to either pay for a VIP plan or try out a free service that promises hundreds of new followers.
I must admit I smelt a rat, and so I created a brand new Twitter account to see what would happen if I tried out the "free trial".
Get more followers username and password request
Hello hello.. what's this? The pages ask you to enter your Twitter username and password. That should instantly have you running for the hills - why should a third-party webpage require your Twitter credentials? What are the owners of these webpages planning to do with your username and password? Can they be trusted?
In the bottom right hand corner, they admit that they are not endorsed or affiliated with Twitter.
Now obviously I wasn't going to handle over the password for my @gcluley Twitter account, so I entered the login details for the test account I had just created instead.
Before I knew it, I was presented with a familiar Twitter dialog box asking me if I really wanted to grant an application access to my Twitter account.
Get more followers authorise app
Common sense would hopefully tell you to step back at this point, and not allow the app's authorisation. But if you're hungry for new followers maybe you would continue, oblivious to the risks.
But sadly, some people are too keen for new followers. And they pay the price in the form of a message promoting the followers service is posted to their feed. In this way, the links can spread rapidly between Twitter users.
Get more followers tweets
What surprised me the most however is that I started to get many more followers on my test Twitter account. Other, seemingly random, Twitter user began to follow my test account in huge swathes and my account began to follow seemingly random people in return.
Although this may seem like a good thing, it isn't. After all, the rogue app has now made your account follow scores of seemingly random Twitter users - if you have no interest in what they have to say, you're going to find that pretty irritating.
Blue birdFurthermore, if you're just playing a numbers game on Twitter you're fooling no-one but yourself. It doesn't actually matter how many people in total follow you on Twitter - what's much more important is how many people are listening to what you're saying on Twitter.
It's no good, for instance, if you have five million Twitter followers but there aren't actual people sitting behind them, reading what you have to say.
In other words, these "get more followers fast" apps are a waste of time. You're not interested in what random people are saying on Twitter, so why should random people care about what you have to say?
Furthermore, whose to say that some of these new people who you are following are not cybercriminals, planning to tweet out malicious links or spam messages in your direction?
Twitter has published information on its help pages which describes the dangers of these "Get More Followers Fast"-type websites and apps.
So, what should you do?
Well, if you fell for the trap and granted the rogue application access to your Twitter account, revoke its rights immediately by going to the Twitter website and visiting Settings/Applications and revoking the offending app's rights.
Revoke Twitter application
But don't forget that you entered your username and password on the third-party website too! That means you should consider your password to now be compromised, and you should change it as soon as possible.
Remember - the fact that you gave them your username and password means they could in theory log into your account and read any of the information you store up there - including your email address and your private direct messages.
If you take no action against attacks like this, don't be surprised if the unknown parties who now have control over your Twitter account use it to commit crimes or cause a nuisance.


Original Blog: http://nakedsecurity.sophos.com/2011/06/23/beware-shortcuts-for-getting-more-followers-on-twitter/

modsecurity - SQL Injection Challenge

Trustwave Security Solution Company, announced their first hacking challenge for community. All the challenges about SQL Injection and Filter Evasion. There have four commercial demo sites.


Each of the winner who success to second level will reward with T-Shirt from Trustwave's Spiderlabs.

McAfee WhitePaper - The New Reality of Stealth Crimeware [PDF]

Another good reading material from McAfee about Stealth Crimeware Whitepaper.

ABSTRACT:

As cloud computing continues to gain widespread adoption across organizations, the issue of security and maintaining a secure environment still remains a top concern. This white paper highlights powerful toolkits that make stealth malware development a "point-and-click" effort.
Learn from this exclusive resource about Zeus Crimeware Toolkits and the available malware software that can help you achieve a secure cloud environment. Protect your organization's data in the cloud with this easy to use software tool developer.

Read the Full Whitepaper from here.

Spam and Suspicious link 23-June-11


84.247.61.25

diamondexchange2011.ru


92.38.232.91

carbossa.biz
carboxxxs.biz
www.saobbcgermanyetc.co.tv


92.38.232.92

aecdmkk.cz.cc
analyticgoogle.net
boleslaw.ru
borsteodor.com
facebook-hot.com
facebook-top.com
fbfbvfbfbrgrgr.cz.cc
free-openservice.com
fruittrust.com
greatkelly.com
hot-bestforyou.cz.cc
i88com.com
iglgxib.cz.cc
josue.ru
k99comp.com
lsospawwdfg.cz.cc
mail.analyticgoogle.net
mail.borsteodor.com
mail.salesforceappi.com
mail.upsclients.org
mail.upstrack.org
nogavitu.net
odifmbhatw.cz.cc
proderton.com
qpofuyfjhask.cz.cc
somerandomiframedomain.com
stephanos.ru
tarabona.cz.cc
tha-facebook.com
uasifyufttgas.cz.cc
upsclients.org
upstrack.org
varealestateblog.com
vbnbvhyftdgd.cz.cc
wowldskuydg.cz.cc
yxrenhe.cz.cc


91.212.135.234

1pills.net
doctor-approved.org
med-drugs-plus.com
ns1.different-payment.com
ns1.host-ns.net
ns1.host-ns.org
ns1.paymentrx.com
ns1.xferpoint.com
ns2.dnsserv1.com
ns2.rxproshop.com
ns2.smartsol.biz
the-us-drugs.com
thecanadian-rx-drugs.com
www.the-us-drugs.com


91.212.135.235

adobeapdatej.com
adobeupdateg.com
adobeupdateq.com
adobeupdatey.com
adobeuptodate.com
ns1.host-ns.net
ns4.different-payment.com
ns4.paymentrx.com
ns4.xferpoint.com
xhamsterb.com
xhamstermd.com
xhamsterp.com
xhamsterty.com
xhamsterv.com


78.41.203.16

defender-gmkwc.box.tl
defender-jocpq.box.tl
defender-tbxac.gv.vg


95.64.47.191

363b5902d595b97ef52029c98316dc85.info
465fb505d28aff11d9c42ffc6702658d.info
67b6afde82a6c8dc7713c481a3c5e6a6.info
d8cba7cb863034ea6e0f44472eb4898b.info
d940ccf4e6ce08e63325fe1ef53d9779.info
opensoftupdate.com
windowsserversystemupdate.com
winupdatesystem.com


216.119.67.123

high-private.com
high-update.com
resourceroom.net
www.resourceroom.net

Wednesday, June 22, 2011

Spam & Suspicious link 22-June-11

127.0.0.1 (Internal local IP)

127.fx.ro
1point2.iae.nl
247.215.192.in-addr.arpa
323f.nl
3treepoint.com
40m.fr
a-better-world-for-all-people.com
a-pocket.com
a2u2.com
aapginfo.org
aaronmarheine.com
aaronmarheine.net
abbrueche.info
abc-network.com
abercrombiemodel.com
abest.com
abfuelltechnik.com
abgasanlagen.com
abhdtv.com
abilitymanagement.com
abogadomadrid.com
abogados-madrid.com
abramsrealty.com
academiatraining.com
accesoriomoto.com
accidentassist.net
achims.net
achterdeur.thuis.net
acmetulsa.net
actelionsucks.com
activesimian.com
ad-world.info
addictijggames.com
addictinggakes.com
adminseek.com
adultfriendfinderr.com
advensoft.com
advocacyone.com
advochart.com
advochart24.com
aenderungsschneidereien.info
affiliatedweb.net
affiliatedweb.org
affiliatedwebattractions.com
affiliatedwebattractions.net
affiliatedwebattractions.org
afrodot.org
agencia-eventos-baleares.com
agencia-golf-baleares.com
agentechannel.com
ahprotex.com
ai-quest.com
aiok.com
air-display.us
akseli.net
alamodeqaerictu001.com
alamodeqaerictu002.com
albuquerquerealestate.net
alcorgrup.ro
alia.com.au
all-around-you.com
allianceconsulting-ok.com
allirc.net
allvga.net
alphagenlabs.net
altersrentecheck.com
altiserv.com
altrafedelta.com
aluminumskylight.com
ama-pdx.com
amanzi-technik.com
ambienisdangerous.com
amicalifesucks.biz
amicalifesucks.com
amicalifesucks.info
amicasucks.biz
amicasucks.info
ampang.net
anareis.com
anbote.info
andalusiteresources.com
andpow.com
angelbitch.com
angelinadream.com
angelinadream.org
anlagensteuerung.com
annahervey.com
annie.net
antipiracypetition.com
antispam.net.nz
antispam.sugababes.nl
anwaltsuchen.info
awi-water.com
bitbucket.cistron.nl
blackedge.org
blackhole.ukr.net
boilerhoops.com
boumanenlangelaar.nl
cabi.net
celox.nl
cobalt.rackshack.net
contestix.com
dc.sint.pl
derdangoor.com
devnull.bluedns.nl
die.azalea.se
dingalingz.net
drschollssandals.com
dthost.net
ensuing.com
eprlon.com
fcvirginias.com
feigelman.com
filip.dns2go.com
frektor.dns2go.com
frisno.com
giveachildachance.com
giveachildachance.org
inaddr.intergenia.de
infogate.se
innoventivepartners.com
interswitch.net
ircd.bsd.org
jcaa.com
jcandco.dns2go.com
junktrap.net
key2peace.org
lars.port80.se
localhost.cs.kiev.ua
localhost.free.net
localhost.freo.com
localhost.rabobank.fr
localhost.rabobank.info
localhost.rabobank.se
localhost.ri-si.com
localhost.sentex.ca
localhost.stango.info
localhost.tf-md.net
localhost.ua.net
loopback.domainsatcost.ca
loopback.internic.ca
loopback.merant.com
loopback.pacificedge.com
loopback.rfc1035.com
mail-gateway.metrologic.com
mail.apprentice.com
mail.debruijn.com
mail.dnsfort.com
mail.edu.com
mail.gts.t-fcn.net
mail.live3p.com
mail.medwell.com
mail.mgae.com
mail.pghost.com
mail.t-fcn.net
mail.tfcn.gts.org
mail.vestide.info
mail.woonbedrijf-sre.net
mail.woonbedrijf-swshhvl.com
mail.woonbedrijf-swshhvl.info
mail.woonbedrijf-swshhvl.org
mail.woonbedrijfsre.info
mail.woonbedrijfswshhvl.com
mail.woonbedrijfswshhvl.info
mail.woonbedrijfswshhvl.net
mail.xplizit.be
mail.you.com
maildump.bitic.nl
mailhost.bsd.org
mccabe-petrucci.com
mgsops.com
molestonfd.com
namewebdns.com
nantucket.dns2go.com
nomail.ripn.net
novalidusers.bitshop.com
ns-iad.loligo.com
ns.interland.net
ns1.rackshack.net
ns12.de
ns2.rackshack.net
ns4.de
ob-mail-com-bk.mr.outblaze.com
pario.net
pop.celox.nl
presence-group.net
purestatic.com
rain.com
registerfly.com
rmindustries.com
rocketnet.com
rsns.hosteurope.de
rulex.net
sansome.com
scarynet.org
serv3.freehostia.com
smtp-nomail.enfox.com
smtp.impsat1.com.ar
sunx.org
teamtogut.com
tgirlnation.com
vestide.info
virginnigeria.com
whaww.org
whirlaway.sugarmegs.org
windermeresucks.com
womasters.com
woonbedrijf-sre.net
woonbedrijf-swshhvl.com
woonbedrijf-swshhvl.info
woonbedrijf-swshhvl.org
woonbedrijfsre.info
woonbedrijfswshhvl.com
woonbedrijfswshhvl.info
woonbedrijfswshhvl.net
wpns.hosteurope.de
wsns.hosteurope.de
www.jcandco.dns2go.com
xplizit.be



46.182.105.212

digitalmind.cn


208.73.210.29

123syndic.com
1am.coffeyloans.com
2am.coffeyloans.com
3798283.com
aafsco.com
absoluteinc.com
abuzzhire.com
accessibilityworld.com
ace-pacific.com
acetaterecordbar.com
albashqip.com
alliance-forest.com
aquavistaproperty.com
arthurberger.com
aryya.com
auditrack.com
australianmasonry.com
automobilearchives.com
azais.net
backup.freaknames.com
bait-zion.com
banksmart.ca
bankvisalia.com
bbr-smpp.com
bentpencil.com
betabet.com
bmosoftware.com
branhamday.com
broanfans.com
brook.absoluteinc.com
bunkefloif.com
cablesew.com
catinthebathtubpress.com
celebris.net
ciervomodular.com
cityassistedliving.com
clickadsdirect.com
coffeyloans.com
consulate.mazware.net
corbancom.com
corporatedevelopmentprogram.com
cport.com
crbrands.com
ctsworks.com
cuestasys.com
cyberweb1.com
ddstech.net
digital.celebris.net
dns.go2america.com
dns2.anonymous-servers.com
domainsnare.com
downloads-reviews.info
dsredirection.com
dtdcad.com
e-tradinghouse.com
edumaster.net
ehrlichrentokil.com
emapadvertising.com
energ.com
entourage.ca
espotting.info
estboxes.com
eventatrfarm.com
exchquebec1.entourage.ca
exinder.com
fazetron.com
federalcourt.ca
flygprestanda.com
freaknames.com
free-satellite-network.com
ftp.azais.net
fullartoncapital.com
g-spotting.com
gem-nursing.org
gemsplusg.com
getconnectedradio.com
go2america.com
gohur.com
goodwebsearch.net
handlanu.net
harwoodgolf.com
heimag.com
hotdogsrfun.com
icfaipress.org
itabspl.com
jetwaychev.com
jldev.com
karaoke-rental.com
kiss100fm.com
landstartitle.com
langleycares.com
lr-logistics.com
lwtkbk.com
mail.aafsco.com
mail.ace-pacific.com
mail.alliance-forest.com
mail.banksmart.ca
mail.betabet.com
mail.branhamday.com
mail.etaxes.ca
mail.flygprestanda.com
mail.karaoke-rental.com
mail.phukettravelshop.com
mail.postatr.com
mail.racezoneonline.com
mail.securemailportal.com
mail.suesse-maedchen.com
mail.surveyorsinstrument.com
mail.worldlinx.com
mail2.mygisol.com
mailgw.itabspl.com
mailhost.brook.absoluteinc.com
mailsvr.coffeyloans.com
mailthrasher.com
majorconnection.com
managedns1.estboxes.com
managedns2.estboxes.com
managedns3.estboxes.com
managedns4.estboxes.com
massive-belysning.se
mazware.net
menas.net
mir.ca
mlbk.com
mmmtech.com
momyu.net
mx1.bentpencil.com
mybklounge.com
mydigitalpaper.com
mygisol.com
mypeoplecanada.com
netevade.com
ns-2.webservergator.com
ns-3.webservergator.com
ns.edumaster.net
ns.momyu.net
ns.robertsonmktg.com
ns1.cyberweb1.com
ns1.exinder.com
ns1.freaknames.com
ns1.omnisturk.com
ns2.edumaster.net
ns2.exinder.com
ns2.freaknames.com
omnisturk.com
onlinetransactions.net
pal9.com
paradoxondemand.com
parwholesale.com
pgdakar.com
phukettravelshop.com
pleides.ddstech.net
plexserve.edumaster.net
polochon.com
postatr.com
python-hpio.net
racezoneonline.com
rambos.net
regalinternational.com
ritavilhena.com
robertsonmktg.com
russiancoins.net
sable.ca
samlink.com
sealsolutionz.com
secure.toshibamyconnect.com
securemailportal.com
serimikami.com
shounishino.com
sleftrade.com
smtp.e-lorraine.net
smtp.regalinternational.com
stompsnowtools.com
suesse-maedchen.com
sumarank.com
superiorshelters.com
surveyorsinstrument.com
tfainc.com
thefeeddirectory.com
tinsystems.com
tls.se
toshibamyconnect.com
tricountycc.org
v-vending.com
vltab.com
voyager.ddstech.net
wc3modforge.com
webservergator.com
webtajm.com
wewak.net
windowcorp.com
womenfdn.org
worldlinx.com
wvjb.com
www.123syndic.com
www.aafsco.com
www.auditrack.com
www.bbr-smpp.com
www.crbrands.com
www.dtdcad.com
www.e-tradinghouse.com
www.flygprestanda.com
www.handlanu.net
www.harwoodgolf.com
www.icfaipress.org
www.landstartitle.com
www.mlbk.com
www.mydigitalpaper.com
www.nyslivingmuseum.org
www.polochon.com
www.sable.ca
www.shounishino.com
www.toshibamyconnect.com
www.tricountycc.org
www.worldlinx.com
wzbt.org
yuma-asami.com
zinniasdesignstudio.com
zonnedit.com


66.150.14.78

games.platrium.com
platrium.com
www.platrium.com

66.150.14.49

zangocash.com
zangocash.net
zangocash.biz


66.150.14.60

browserdl.com
downloadfreesoft.net
freefilesoft.net
freezefrog.com
securesoft.info
sharefreeware.net


64.94.137.72

180solutions.com
epipo.com
games.zango.com
gametownamerica.com
imp.games.zango.com
tons-of-free-games.com
totallyfunfreegames.com
totallyfunfreestuff.com
www.totallyfunfreestuff.com
www.zango.com
www.zangogames.com
zango.com
zangogames.com


66.150.14.58

freedownloadsoft.net
freefilesoft.net
origin-prompt.zangocash.com
origin-static.zangocash.com


64.94.137.52

180technologies.net
blockspamutilities.com
corporate.zango.com
crazycarcrashes.com
easy-screensavers.com
fullarmorstudios.com
games4good.com
games4good.net
games4good.org
gametoolbar.com
his.180solutions.com
metricsdirect.net
n-case.com
seekmo.com
shared.zango.com
shopperreports.com
smartshopper.com
www.180searchassistant.com
www.games4good.com
www.seekmo.com
www.smartshopper.com
www.zangomessenger.com
www.zangoprizes.com
zangomessenger.com
zangopartner.com
zangopartner.net
zangopartners.com
zangopartners.net
zangoprizes.com


92.38.209.235

spyprotect.net


92.38.209.236

centersecurity.cx.cc
microsoftserver.cx.cc
securityserver.cx.cc
www.todo05.com


91.213.29.16

xpoesa.cz.cc
zppla.co.be



1.1.1.1

0800encoder.com
123come.net
17uy.net
24tt.net
2ggw.net
456win.net
4freepussy.com
5991.com
5991.net
5portpwpwpw123.afraid.org
91tg.net
abraxasabstract.com
allmybrainchildren.net
allsensorshop.com
analogencoder.com
aquiline.com
argenmar.com
arservice.net
artspecialty.net
atbest.com
babes-sexy.com
back-ns.de
bdlly.net
bedekbayit.co.il
bestencoder.com
bigpack.net
biltriteindustries.com
blackhole.roccoc.net
blackholemedia.net
bluharvest.com
bob-inc.net
brandgo.com
brandloyalty.de
brits.com
broadmeade.net
builderspreferredmortgage.net
builderspreferredmtg.net
burbridgerealty.net
butorplaza.net
catalogonazionale.net
catholicliving.com
charterfabrics.com
china-tc.net
clinres.com
codeurs.com
collins-debden.com
contaxcameras.info
copperbeechcap.net
crownguest.net
deborahyoung.net
devcell.com
dieying.net
djye.net
drehgeber.net
drehgebershop.com
drehimpulsgeber.com
druekerco.net
e-hvbc.com
ebonysexteens.com
encoderkid.com
encoderkit.com
encodersolutions.com
encoderstore.com
encodeur.com
engineering-joy.net
eratings.com
erotic-livecams.com
extremefrog.net
fat-xxx.com
fd0.net
findcancerexperts.com
finitezero.net
fptraders.com
franken-connect.net
free-gay-webcam.com
freespiritaero.net
genius-shop.net
geniusshop.net
gesgroup-online.com
global-encoder.com
global-encoder.net
globalencoder.net
globalencodersolutions.com
globalmediahouse.com
golfpalya.net
goofymail.stipowered.com
greatunix.net
green702.com
grunny.com
gtauro.net
guiaderubi.com
gwbn.net
haodian.net
hillari.net
hohlwellengeber.com
hotaaa.net
hottriplea.net
hualei.online.sh.cn
huongloc.com
hurencam.net
impulsgeber.com
indobetonline.com
indusensor.com
indusensor.net
industrial-encoder.net
inkrementalencoder.com
inkrementalgeber.com
innovation-fighters.net
innovationfighters.net
intelligentmarketing.com
k-tecusa.com
karisdevelopment.com
keacapital.com
kenland-international.net
kio.kz
kstrat.com
labanda.com
lagardener.com
legalgraphix.com
live-sex-shows.net
lovelands.net
luton-family.com
mail.newtimescargo.com
mail2.gargox.com
mail2.klingler.net
marciarussell.net
mars.dnsdc7.com
mediaprojet.com
mein-expert-office.net
mein-express-office.net
mein-xpert-office.net
mein-xpress-office.net
meinexpertoffice.net
meinexpressoffice.net
meinxpertoffice.net
meinxpressoffice.net
missbellydance.net
misshastanc.net
mrfreddys.com
mx1.schottdorf-it.de
mx2.autoanoleggio.com
my-expert-office.net
my-express-office.net
my-xpert-office.net
my-xpress-office.net
myexpertoffice.net
myexpressoffice.net
myxpertoffice.net
myxpressoffice.net
newflashmedia.net
newpluginsflash.net
n2ngw.nyser.net
novatitlellc.com
nowhere.ce2l.net
nowhere.ibretagne.net
nowhere.lucky.pitux.allnet.fr
old-sexy-sluts.com
opticalencodershop.com
pnorris.com
portmangroup.com
private-babes.com
privatecerts.net
rcfaith.com
rokkas.net
rotaryencodershop.com
s-tassociates.com
schottdorf-it.de
schwangere-girls.net
searchltc.net
sensoricshop.com
sensorikshop.com
server.no
sex-brasil.com
sfins.com
shanedrinkard.com
shemales-transsexuals.com
sherksoftcanada.com
sherpa2.com
sightholder.net
sink.nosense.org
slbbs.net
smoking-airline.net
smoothj.net
smtpbogus.asia1.com.sg
solutions-for-automation.com
sourceex.com
spinningdoors.com
star-lighter.com
stonepost.net
striptise.net
supportcvtest.com
swb7.net
tboxsunglasses.net
teenpussyaction.com
test.interland.net
thaiha.net
the-exposures.com
theglassmithshop.com
thomasgregor.com
uk.mrfreddys.com
ultrajazz.net
uncnet.net
unisonllc.net
vginvestor.com
viguard.com
visionaryretailer.net
webcam-sex-live.net
webmediaonline.net
widecomputer.net
wlan-controller-1.hivolda.no
wlan-gw.kymp.net
wlc.dir.garr.it
www.back-ns.de
www.jason314.com
x6a.net
xpress-office.net
xpressdesktop.net
xxxpornotv.com
xxxteenporno.com
youareonnotice.net
zinesoft.net

Monday, June 20, 2011

Malware campaign uses direct injection of Java exploit code


Attackers usually compromise web pages to drive traffic to web servers hosting exploit kits. In this injection though, we see exploit code directly planted into legitimate pages:



The code shown attacks an Oracle Java vulnerability (CVE-2010-4452) by exploiting a design flaw in the Java class loader to execute an unsigned Java applet with local user rights. The exploit affects Java Runtime Environment versions 6 Update 23 and earlier. It was addressed by Oracle with Update 24 in February 2011. In internal tests, we could confirm that the malicious applet would load in all popular browsers with built-in Java support like IE, Firefox, and Opera. The applet in this attack is used to locate and execute a .exe payload that is disguised in the foreground parameter of the applet-tag as a .jpg file. While the system gets attacked, the user would only see the Java icon popping up in the Windows taskbar:



The payload in this case is the nowadays ubiquitous Rogue Antivirus:



In case you haven't already done so, don't forget to update your Java version as soon as possible.


Original Source: http://community.websense.com/blogs/securitylabs/archive/2011/06/20/malware-campaign-uses-direct-injection-of-java-exploit-code.aspx

Saturday, June 18, 2011

Spam and Suspicious link 18-June-2011 - Part2


200.63.45.11

accesspharmacy.ru
buymedicines.ru
compupharmacy.ru
connectpharmacy.ru
cyberpharmacy.ru
deeperwinnings.com
directpharmacy.ru
domain-pharmacy.ru
e-card-greeting.com
ecard2011.ru
ezmedicines.ru
ezpharmacy.ru
fancy-e-card.com
hiddendate.com
hotmedicines.ru
hotpharmacy.ru
internetpharmacy.ru
megapharmacy.ru
propharmacy.ru
rxfromhome.com
usatermlifequoter.com
www.megapharmacy.ru
www.special-e-card4you.com
yourlifequotesterm.com


90.182.175.229

addmiss.ru
admin.fatpenisinfo.ru
admin.fatpenismarket.ru
admin.oldfast.com
admin.qualitywatchestrail.ru
admin.rolexstorehotel.ru
admin.rulestar.ru
admin.viagpure.ru
babeland.ru
bestbabe.ru
bitquery.ru
burntug.ru
cashdoll.ru
coinword.ru
fatpenisinfo.ru
fatpenismarket.ru
gapline.ru
headdate.ru
imgstring.com
lanefood.ru
mightywhitesmile.com
naturalpenispoker.ru
naturalpenisnetwork.ru
needgin.ru
ns1.mightywhitesmile.com
ns2.mightywhitesmile.com
pieford.ru
poundtax.ru
qualitywatchestrail.ru
rolexreplicagolf.ru
rolexstoredomains.ru
rolexstoreforex.ru
rolexstorehotel.ru
rolexstorehyper.ru
romannut.ru
royalcan.ru
sawreck.ru
sofatree.ru
steelear.ru
stuffday.ru
superwatchessextic.ru
viagpure.ru
wreckask.ru
your-longerpenis.com


188.229.95.28

mail.swisswatchesdog.ru
mail.swisswatchesgate.ru
swisswatchesdate.ru
swisswatchesgate.ru
swisswatchesdog.ru


122.224.6.32

a3whw0qz.medicalxx.info
avapills.com
badoctori.ru
bnszr.medicvt6.com
boopills.com
cabpills.com
cammedic.ru
chemedic.ru
chpills.com
coidns.com
comcard.de
dafhost.com
ditmedic.com
doctornger.com
ellpills.ru
enmedic.ru
eptkf.rxshopds12.com
estmedtrans.net
eypills.com
felladns.com
gggyw.pharmacypl26.com
hilpills.ru
hormedic.ru
hostmaster.pharmacypa26.com
hucpills.com
jpillsli.com
larxdrugs.com
lenesale.ru
lpillsnd.ru
lumedic.ru
medicalxx.info
medicaxajt.info
medicck.ru
medicgy.ru
medicic.ru
medicinexi5.ru
medicitie.com
medicmp.ru
medicng.ru
medicno.com
medicog.ru
medicpharmdy6.com
medicpr.ru
medicrq7.ru
medicrq9.ru
medicrxin43.com
medicry.ru
medicsy.ru
medicta.ru
medicuctu.com
medicvt20.com
medicvt6.com
medshopnt13.com
melmedic.ru
metdrug.ru
midiclxic.ru
nengmao.net
ngmedic.ru
ns1.anpills.ru
ns1.badoctor.ru
ns1.cabpills.com
ns1.calmedic.ru
ns1.capills.ru
ns1.chimedic.ru
ns1.cidmedic.ru
ns1.cldmedic.ru
ns1.cldoctor.ru
ns1.coidns.com
ns1.comedicc.ru
ns1.comedicp.ru
ns1.crmedic.ru
ns1.curldns.com
ns1.diemedic.ru
ns1.dmedicla.ru
ns1.doctoret.ru
ns1.doctorga.ru
ns1.doctornt.ru
ns1.doctorsi.ru
ns1.doctorvi.ru
ns1.felladns.com
ns1.gelmedic.ru
ns1.godmedic.ru
ns1.golmedic.ru
ns1.hilpills.ru
ns1.lumedic.ru
ns1.pharmacypa26.com
ns1.pharmacypl26.com
ns1.slmedic.com
ns2.andns.ru
ns2.barypdns.com
ns2.ceodns.ru
ns2.coidns.com
ns2.decedns.com
ns2.deriodns.com
ns2.dns3host.com
ns2.dns4box.ru
ns2.dnsbell.ru
ns2.dnsbfie.ru
ns2.dnsfoli.ru
ns2.dnsfox.ru
ns2.dnsrodo.ru
ns2.dnssms.ru
ns2.dnstive.ru
ns2.entaldns.ru
ns2.felladns.com
ns2.funddns.com
ns2.spohost.com
nvbespoke.com
outdomnovolume.net
parmedic.ru
pharmacymedll7.com
pharmacypl26.com
pharmarxan8.com
pillsperil.ru
pramedic.ru
prmedic.ru
pupharmacy1.com
pwkfr.pharmacypl26.com
qmedicil.com
qmedicke.com
rermedic.ru
revdoctor.ru
root.anpills.ru
root.badoctor.ru
root.cabpills.com
root.calmedic.ru
root.capills.ru
root.chimedic.ru
root.cidmedic.ru
root.cldmedic.ru
root.cldoctor.ru
root.comedicc.ru
root.comedicp.ru
root.crmedic.ru
root.diemedic.ru
root.dmedicla.ru
root.doctoret.ru
root.doctorga.ru
root.doctornt.ru
root.doctorsi.ru
root.doctorvi.ru
root.gelmedic.ru
root.godmedic.ru
root.golmedic.ru
root.hilpills.ru
root.lumedic.ru
root.pharmacypa26.com
root.pharmacypa31.com
root.slmedic.com
rxdrugns7.com
rxshopds1.com
rxshopds12.com
schmed.ru
shipillsx.com
shmedic.ru
siadrug.ru
skemedic.ru
slmedic.com
stmmedic.com
tagmedic.ru
tennitmedic.com
thomedic.ru
tocmedic.ru
trmedic.ru
undmedic.ru
vamedic.ru
vermedic.ru
wetmedic.ru
www.medicitie.com
zamedic.ru


127.0.0.5

10secondserver.net
217-28-101-112.zwonet.de
217-28-101-113.zwonet.de
217-28-101-114.zwonet.de
217-28-101-115.zwonet.de
217-28-101-116.zwonet.de
217-28-101-117.zwonet.de
217-28-101-118.zwonet.de
217-28-101-119.zwonet.de
airgate.zwonet.de
alljplanet.com
andns.ru
barypdns.com
ceodns.ru
chdns.ru
chickenboo.tigerbyte.com
chleudns.com
cyclicrings.com
cyclone.zwonet.de
d.test3.rbls.org
decedns.com
dms-demo.zwonet.de
dns3host.com
dns4box.ru
dnsbell.ru
dnsdleb.ru
dnsfiure.ru
dnsfoli.ru
dnsfox.ru
dnslliz.com
dnsonbiz.com
dnsrodo.ru
dnssms.ru
dnstive.ru
dnsvo.ru
entaldns.ru
everycdn.com
fumihost.ru
funddns.com
gatekeeper.zwonet.de
girassdns.ru
greendataweb.in
hostmaster.alljplanet.com
hostmaster.baraba.in
hostmaster.emule-security.net
hostmaster.licguard.com
i.am.verymad.net
im.verymad.net
in.the.madhacker.biz
inmx1.rfc1459.org
irc.h-o-s-t.name
ircian.net
kornstrasse.airgate.zwonet.de
licguard.com
loveminim.com
mail.apubzone.com
mail.horsecountrytour.com
mail.horsecountrytours.com
mail.horsecountrytoursofnorthtexas.com
mail.maridan.com
mail.marthaseviltwin.com
mail.westoakarea.org
marlenerstrasse.airgate.zwonet.de
mx1.zwonet.de
mx2.zwonet.de
pop.loveminim.com
spohost.com
testbox.zwonet.de
upd.emule-security.net
vitrahost.com
worldautodns.com
www.drmnguard.com
xx.rbls.org
yourbox.josiah.net


69.43.160.175

0daymedia.net
10150.net
2ire.com
800cleanair.net
9rdh.org
abbyrosedesigns.com
abnormalekg.com
abzgolf.com
admastudio.com
adultrew.com
airbornespeedway.com
allinclusivepass.biz
allsportequipment.com
alphapolo.com
alpinistas.org
amazingnudemen.com
ambientecollection.com
american-naruto.com
antiaging-supplements.net
antivirusreview.info
anzilov.com
aroraavalon.com
arroyorc.com
artificialbreasts.com
asgexoticcars.com
asphalt-specialists.info
attorneyinny.com
autopagesystems.com
babydue.org
backporchdyeworks.com
backupmx.65535.net
bad-schmiedeberg.net
bananariverresort.com
berthawhacksoff.com
blackbox-flash.com
blpkg.com
braandpantiegallerys.com
canalsalud.info
capellisalons.net
capxous.com
careers.articlesarchive.net
casabuenavista.bluemoondomain.com
casaicprinting.com
cb2000info.com
cerberusnetwork.com
chaosnoir.com
chapodesinaloa.net
clearblogs.com
codemayhem.com
conceptohogar.com
cricmania.com
crystalcspl.com
dandjneedlework.com
data129-186.datapnet.com
descendancedesautels.com
djvegacr.com
dmoneygirls.com
e-ambulance.net
earthlogequitygroup.com
education.articlesarchive.net
ehdenoffroad.com
filmovi.biz
firsttimetwinks.org
fixedhandicap.com
flamingomania.com
flashingpussy.com
fleurdelisperfumes.com
flmd.org
free-music-page.com
freesexmoviees.com
ftp.thevirtualtimes.com
futbolbrunete.com
gw-2021.vii.net
gwx.biz
hashhunter.com
hct-muscat.net
health2005.com
hhr.net
hivmirror.com
hornyheather.com
i-model.net
i386.ia.64x.org
icrema.com
ifasthosting.com
illinoisrecyclesdirectory.org
immanuelpca.org
iranbeauties.com
irotika.com
itsux.org
ixtapa-zihuatanejo.org
jaxonjaganov.com
jvpjewelry.com
kaori-et-kaori.com
kickinchicken.org
kittermanplastics.com
kualphachiomega.com
l3d.net
lasiksurgeryohio.com
lawnornamentsplus.com
loomia.com
lotspeichmotors.com
lovelybrazil.com
loveselegance.com
m5.inbox.net
maepharmacy.com
mail.contechedu.com
mail.fixedhandicap.com
mail.iranbeauties.com
mail.k2smokes.com
mail.ncbenglish.com
mail.nychotels.org
mail.spamblocked.com
mail.telextreme.com
mail4.2serveu2.net
marikasculpture.com
mclambmonument.com
mest4host.com
mhmcb.com
miamibeachmartialarts.com
miautoloco.com
mikrosystem.net
mosuro.info
mp3airchecks.com
mp3downloads.us
mradio.biz
mundogallo.com
neoshaper.com
nettvbroadcasts.com
nmr.net
noon36.com
npmm.net
nptel.org
ns.ehdenoffroad.com
ns1.65535.net
ns1.casaicprinting.com
ns1.one0twofour.com
ns1.paidexplosion.com
ns2.65535.net
ns2.casaicprinting.com
ns2.one0twofour.com
ns2.paidexplosion.com
ns3.65535.net
nychotels.org
octaxprep.com
one0twofour.com
onlinecreditcardhelp.info
pagehot.com
paidexplosion.com
panelectric.org
papelius.com
parkcitiespetals.com
pillchamp.com
processprotect.com
ralphwoodsonline.com
rastamombasa.com
rbn.net
rebootcomputer.com
red.telefonica.wholesale.net
rjs-enterprise.com
royalmag.net
runosh.com
russoilcorp.com
rvk.net
salsasearch.com
samlansoccer.com
samsari.net
scandalousfetish.com
scrollingpages.com
showplate.net
silverquills.net
sinaiuniversity.com
sitepocket.com
soluna.net
soursopfruit.com
spamblocked.com
studio-judo.com
submissionmagic.net
superfamicast.com
survivornews.net
svetslik.com
tekneeks.net
telextreme.com
test.tsregistry.org
thepitbullplace.com
thetvmembersarea.com
thevirtualtimes.com
thirdcousins.com
thor.65535.net
thoughtfulsingles.com
tsregistry.org
ture.org
vcstavka.com
vii.net
virvid.com
vort-x.net
w56.org
wag-inc.org
waitingpenpals.com
walala.org
webmasterprofiles.com
williamasmithphotography.com
womenshealthissue.com
www.bad-schmiedeberg.net
www.blam-blam.com
www.boostvip.com
www.codemayhem.com
www.fantasysuper14.com
www.fixedhandicap.com
www.knightonlinearea.net
www.myziva.com
www.okobojilive.com
www.qoqc.com
www.russoilcorp.com
www.somalitvinternet.com
www2.telextreme.com
xbigvids.com
xiao77.info
yanuc.com
yourheritagehome.com
zprototyping.com


221.206.88.198

4uitem-genuine.ru
7rxmed.com
800rxmed.com
8rxmed.com
9rxmed.com
accessrxmed.com
admin.4uitem-genuine.ru
admin.bluerx.ru
admin.cheappharmacybook.ru
admin.deal-saferx.ru
admin.discountmedsguru.ru
admin.discountmedspop.ru
admin.finallycheaprx.com
admin.getmedrx.com
admin.health-drug.ru
admin.health-drugpharmacy.ru
admin.healthdrug-pharmacy.ru
admin.holegitsrx.ru
admin.med-cheaperrx.ru
admin.med-rx.ru
admin.medzrx-2.ru
admin.my-stuffes.ru
admin.mycheap-med.ru
admin.myrx-top-quality.com
admin.mysaferxhere.com
admin.rx-4.ru
admin.rx-cheap.com
admin.rx-medz.ru
admin.rx-safedeal.ru
admin.rx-top-qualitysite.com
admin.rxbelow.com
admin.rxcaremall.com
admin.rxmedz.ru
admin.rxsalesrefill.com
admin.rxsavings-bargain.ru
admin.safe-rx-mall.com
admin.savings-bargainrx.ru
admin.savingsbargain-rx.ru
admin.stackofmed1.ru
admin.storerx-cheap.ru
admin.stylinmeddydeals1.ru
admin.therealrx.com
admin.wantrxmed.com
admin.wantrxnow.com
answerrxmed.com
baserxmed.com
bluerx.ru
brand-rx.com
buvumetofo.health-drug.ru
consultrefill.com
couponrefill.com
craftrefill.com
dayrefill.com
discountmedsopen.ru
domrefill.com
downloadrefill.com
edurefill.com
estaterefill.com
eventsrefill.com
expertrefill.com
feedrefill.com
firstrefill.com
fixrefill.com
flexrefill.com
focusrefill.com
forrefill.com
fuserefill.com
gamerrefill.com
gardenrefill.com
graphicrefill.com
graphicsrefill.com
healthyrefill.com
holidayrefill.com
ideasrefill.com
innorefill.com
intrefill.com
kidrefill.com
leadrefill.com
loansrefill.com
logorefill.com
looprefill.com
macrefill.com
mallrefill.com
matchrefill.com
med-doctor24.com
moorefill.com
morerefill.com
moviesrefill.com
naturalrefill.com
novarefill.com
ns.cheapmedsdigital.ru
ns.cheappharmacyblog.ru
ns.cheappharmacybuy.ru
ns.cheappharmacyclick.ru
ns.deal-saferx.ru
ns.discountmedsphotography.ru
ns.finallycheaprx.com
ns.getmedrx.com
ns.health-drug.ru
ns.healthdrug-pharmacy.ru
ns.healthdrugpharmacy.ru
ns.holegitsrx.ru
ns.med-rx.ru
ns.medzrx-2.ru
ns.my-stuffes.ru
ns.mycheap-med.ru
ns.myrx-top-quality.com
ns.mysaferxhere.com
ns.pharmacy-health.ru
ns.rx-4.ru
ns.rx-cheap.com
ns.rx-medz.ru
ns.rx-safedeal.ru
ns.rx-top-quality.com
ns.rx-top-qualitysite.com
ns.rxbelow.com
ns.rxcaremall.com
ns.rxdeals.ru
ns.rxlegitcare.com
ns.rxsalesrefill.com
ns.rxsavings-bargain.ru
ns.safe-rx-mall.com
ns.savingsbargainrx.ru
ns.sforsavings101.ru
ns.shipfast.ru
ns.storerx-cheap.ru
ns.stylishdeal1.ru
ns.therealrx.com
ns.wantrxnow.com
ns2.kolimas9.ru
orangerefill.com
ourrefill.com
pathrefill.com
petsrefill.com
picturerefill.com
pressrefill.com
proxyrefill.com
purerefill.com
qavosihova.health-drugpharmacy.ru
radiorefill.com
raterefill.com
realtyrefill.com
reviewsrefill.com
roomrefill.com
rx-brand.com
rxdeals.ru
rxdrug-store.com
rxmedanswer.com
rxmedbase.com
rxmedbin.com
rxmedbot.com
rxmedchannel.com
rxmedcircle.com
rxmedcompass.com
rxmedcontact.com
rxmedcrank.com
rxmeddir.com
rxmeddirections.com
rxmeddiscover.com
rxmeddrive.com
rxmedexplore.com
rxmedfind.com
rxmedflex.com
rxmedflexor.com
rxmedgate.com
rxmedindex.com
rxmedindexer.com
rxmedknow.com
rxmedmap.com
rxmednavigator.com
rxmedoverview.com
rxmedprobe.com
rxmedroll.com
rxrefilltop.ru
salesrx.ru
searefill.com
seekrefill.com
servicesrefill.com
showrefill.com
soccerrefill.com
sparkrefill.com
stonerefill.com
supportrefill.com
www.rx-4u.ru


175.116.168.152
175.121.56.55
90.182.175.238

238.175.broadband15.iol.cz
abovepoet.ru
abrade.gainlarge.ru
addmiss.ru
admin.absolutebox.ru
admin.actsun.ru
admin.advantagedeal.ru
admin.airwife.ru
admin.alternativething.ru
admin.baggagesky.ru
admin.bayhose.ru
admin.beachsolo.ru
admin.boycave.ru
admin.buttonbars.ru
admin.cafepot.ru
admin.cakeson.ru
admin.companysociety.ru
admin.cowbrick.com
admin.crystalpride.ru
admin.dingoocean.ru
admin.fatpeniscreative.ru
admin.flyslim.com
admin.gainlarge.ru
admin.gatehour.ru
admin.goalgain.ru
admin.gutcash.ru
admin.heartmountain.ru
admin.ladymum.ru
admin.lanebag.ru
admin.lunaticbit.ru
admin.lunchquery.ru
admin.manegg.ru
admin.messagepages.ru
admin.micice.ru
admin.mirrorhero.ru
admin.naturalpenisbest.ru
admin.oceansea.ru
admin.oldspot.ru
admin.onechick.ru
admin.peaceshelf.ru
admin.pineplay.ru
admin.plannail.ru
admin.ponybreeze.ru
admin.poolmom.ru
admin.rainbowsea.ru
admin.realpenisenlarge.com
admin.rep-watches.ru
admin.rulestar.ru
admin.salegap.ru
admin.saltduck.ru
admin.shirtdream.ru
admin.skinnytab.ru
admin.sonham.ru
admin.sontab.ru
admin.stackpup.ru
admin.strapnod.ru
admin.tanzero.ru
admin.testguide.ru
admin.tipwear.ru
admin.tunetrack.ru
admin.wantstuff.ru
admin.yearchild.ru
admin.your-longerpenis.com
admin.zenleg.ru
admin.zitatlantic.ru
admin.zoolips.ru
advantagedeal.ru
airwife.ru
akkxzcn.ru
alternativething.ru
babeland.ru
backcase.ru
baggagesky.ru
barpeer.ru
bathnet.ru
batskirt.ru
bayhose.ru
beachsolo.ru
beardwit.ru
bestbabe.ru
bitquery.ru
boycave.ru
brownjewel.com
buttonbars.ru
cafepot.ru
cakeson.ru
cashdoll.ru
clapuse.ru
coinword.ru
companysociety.ru
customersupportpage.ru
dailyold.com
electricbluecig.com
enlargemypenisnatural.ru
fixburn.ru
flyslim.com
gainlarge.ru
gapline.ru
gutcash.ru
headdate.ru
heartmountain.ru
hotreplicafinish.ru
ladymum.ru
lanebag.ru
lanefood.ru
lionwire.ru
lunaticbit.ru
manegg.ru
manmack.ru
micice.ru
nearbus.ru
needgin.ru
oldspot.ru
patfancy.ru
pieford.ru
ponybreeze.ru
poundtax.ru
rainbowsea.ru
realpenisenlarge.com
romannut.ru
royalcan.ru
rulestar.ru
salegap.ru
saltduck.ru
skinnytab.ru
sofatree.ru
soloboat.ru
sonham.ru
sontab.ru
staremarry.ru
steelear.ru
strapnod.ru
stuffday.ru
tanzero.ru
tapcell.ru
testguide.ru
tipwear.ru
usefax.ru
usekeys.ru
wantstuff.ru
wifezoo.ru
worldelf.ru
www.alternativething.ru
www.beachsolo.ru
www.companysociety.ru
www.heartmountain.ru
www.rainbowsea.ru
www.saltduck.ru
www.sonham.ru
www.sontab.ru
yearmic.ru
yourbiggerman.com
zenleg.ru
zitatlantic.ru
zoolips.ru

Spam and Suspicious link 18-June-2011 - Part1

91.200.240.251
200.91.115.75

admin.alphapharm.ru
admin.bzespatzou.com
admin.davepotus.com
admin.drugshealthprescription.ru
admin.drugstorepharmacycareerstablets.ru
admin.healthdrugsmedic.ru
admin.healthplanspharmacyguide.net
admin.humwotuane.com
admin.klaobtymgi.com
admin.medicarerxdrugstore.net
admin.medicbuymeds.ru
admin.medicbuypharmacy.ru
admin.medicbuyphysic.ru
admin.medicinedrugsmedic.ru
admin.perpizvybik.com
admin.plhvj.ru
admin.retaildrugstoremeds.ru
admin.rlekd.ru
admin.rxpharmacyclub.net
admin.scakashiv.com
admin.segorzybla.com
admin.tabletrxdrugspills.com
admin.tabletrxdrugstore.net
admin.vkafeuth.com
babif.ru
buyonlinedrugs.ru
bzespatzou.com
djakifzixi.com
earthmedicall.ru
eosfeibiesl.com
g5z4l6.vrglb.ru
healthbuymedicine.ru
healthdrugstablets.ru
healthplanspharmacyguide.net
jkfoi.ru
justkegin.com
ljypfeiha.com
mail.alphapharm.ru
mail.bzespatzou.com
mail.davepotus.com
mail.drugshealthprescription.ru
mail.drugstorepharmacycareerstablets.ru
mail.fnyf.ru
mail.healthdrugsmedic.ru
mail.humwotuane.com
mail.khulinkyne.com
mail.klaobtymgi.com
mail.medicarerxdrugstore.net
mail.medicbuymeds.ru
mail.medicbuypharmacy.ru
mail.medicbuyphysic.ru
mail.medicinedrugsmedic.ru
mail.perpizvybik.com
mail.pillmedspharmacy.ru
mail.plhvj.ru
mail.retaildrugstoremeds.ru
mail.rlekd.ru
mail.rxpharmacyclub.net
mail.rxstorepharmacymeds.ru
mail.scakashiv.com
mail.segorzybla.com
mail.tabletrxdrugspills.com
mail.tabletrxdrugstore.net
mail.vkafeuth.com
medicinebuyonline.ru
ns1.bzespatzou.com
ns1.humwotuane.com
ns1.khulinkyne.com
ns1.klaobtymgi.com
ns1.perpizvybik.com
ns1.scakashiv.com
ns1.vkafeuth.com
ns2.bzespatzou.com
ns2.davepotus.com
ns2.humwotuane.com
ns2.khulinkyne.com
ns2.klaobtymgi.com
ns2.perpizvybik.com
ns2.scakashiv.com
ns2.vkafeuth.com
numvuivs.com
ogsopaggu.com
pharmacydrugsmedicine.ru
pillmedicineshealth.net
pillrxmeds.ru
pillsdrugstoremeds.org
pillsprescriptionmedstablets.org
pillsrxpharmacytech.ru
pillstabletsmeds.ru
pilltorontorxmeds.ru
rxhealthpharmacy.com
sentakrio.com
srgdg.ru
tabletwellbeingproducts.ru
tcifongos.com
u3s2j1.tcifongos.com
vamej.ru
verpaumip.com
vrglb.ru
wellbeingpillsrx.net
www.babif.ru
x7c1t2.jkfoi.ru
x7c1t3.jkfoi.ru


194.50.7.213

admin.agfg.ru
admin.aqrlr.ru
admin.babad.ru
admin.babag.ru
admin.babal.ru
admin.babap.ru
admin.babeh.ru
admin.babet.ru
admin.babig.ru
admin.babil.ru
admin.bafac.ru
admin.bafam.ru
admin.bafaq.ru
admin.bafat.ru
admin.bafaw.ru
admin.bafax.ru
admin.bafaz.ru
admin.bafec.ru
admin.cjbvh.ru
admin.cleel.ru
admin.crcgx.ru
admin.dgff.ru
admin.dimnerolaf.com
admin.dozal.ru
admin.drffr.ru
admin.drugsmedic.ru
admin.gffhg.ru
admin.iogyt.ru
admin.jrycn.ru
agfg.ru
aqrlr.ru
babad.ru
babag.ru
babal.ru
babap.ru
babeh.ru
babet.ru
babew.ru
babig.ru
babil.ru
bafac.ru
bafam.ru
bafaq.ru
bafat.ru
bafaw.ru
bafax.ru
bafaz.ru
bafec.ru
burkinamy.com
buydrugsmedic.com
buyhealthmeds.com
buymedicinemeds.com
buymedstech.ru
cleel.ru
cneua.ru
crcgx.ru
dgff.ru
dozal.ru
drffr.ru
drugshealthpills.com
drugshealthtablets.com
drugsmedicbuy.com
drugsmedicinemedic.com
drugsmedicpharmacy.com
drugsmedictablets.com
drugsmedictech.com
drugstoremedspills.at
dtcsh.ru
ffvig.ru
fybod.ru
gffhg.ru
gpifc.ru
healthmedsmedicine.ru
iogyt.ru
jrycn.ru
koinfecyu.com
mail.agfg.ru
mail.aqrlr.ru
mail.babad.ru
mail.babag.ru
mail.babal.ru
mail.babap.ru
mail.babeh.ru
mail.babet.ru
mail.babig.ru
mail.babil.ru
mail.bafac.ru
mail.bafam.ru
mail.bafaq.ru
mail.bafat.ru
mail.bafaw.ru
mail.bafax.ru
mail.bafaz.ru
mail.bafec.ru
mail.cjbvh.ru
mail.crcgx.ru
mail.cromdiklo.com
mail.dgff.ru
mail.dozal.ru
mail.drffr.ru
mail.drugsmedic.ru
mail.gffhg.ru
mail.iogyt.ru
mail.jrycn.ru
ns1.cromdiklo.com
ns1.dimnerolaf.com
ns2.dimnerolaf.com


62.90.136.196

francaise.com
admin.agfj.ru
admin.dujh.ru
admin.fymh.ru
admin.gujf.ru
admin.hgfj.ru
admin.hujj.ru
admin.jujh.ru
admin.licnh.ru
admin.lolpa.ru
admin.lqoeh.ru
admin.mgmzt.ru
admin.nyiyh.ru
admin.pgfg.ru
admin.pgfj.ru
best-edpill.com
blueviagramarket.com
buymedsprescription.ru
claytabletsmeds.ru
drugs-purchase.info
drugs24.net
drugstorerxpharmacytablets.net
en-sys.biz
lolpa.ru
mgmzt.ru
mail.agfj.ru
mail.fymh.ru
mail.gujf.ru
mail.hujj.ru
mail.iujf.ru
mail.jujf.ru
mail.licnh.ru
mail.lolpa.ru
mail.mgmzt.ru
mail.nyiyh.ru
mail.pgfg.ru
mail.pgfj.ru
natures-pharmacy.com
ordergenerics.biz
painmedsdrugstore.ru
pgfg.ru
pillshealth.net
relay.pharmacie-en-ligne-francaise.com
web-expert.info
www.iphoneworld.co.il


68.178.232.99

121960-web1.chakra.com
1stsolutions.com
4d.net
911-medical-billing-services.com
a2zcourses.com
aaatimeshare.net
academyawardsshow.com
acceschalets.com
accionline.com
aclkin.com
acqsoft.com
adpool.org
adviceprice.com
affordableportraits.net
afv.com
agood.name
agrinafta.com
airtechnologies.net
allwaresolutions.com
alscrubs.com
amstarmtg.com
antiquedesignusa.com
antispamhaus.com
aplaceto.com
apportraits.com
apw.com
aralkanemlak.com
armchairtrainer.com
article-library.info
attoo.portamundi.net
barkavenuesalon.info
barnards.us
bearshare-uk.com
beefedcomputers.com
belenson.com
bethesda.tv
bluejesus.com
blueskiesit.com
bolour.com
brainygames.com
c3.64r.net
cafegrille.com
calaverasfoodbank.org
calljennifer.net
candiddiabetes.com
castogolf.com
cgkgroup.com
cheapt1.info
cleanerup.com
cocopack.com
comelio.net
completealbumlyrics.com
compulabelinc.com
country-from-the-heart.com
creativebeast.com
deathbyemail.com
dgxa.com
dialsaves.com
diginex.com
digitaldealernews.com
divagalaxy.com
dns01.anpiservices.com
dns1.seeknet.com
dns2.seeknet.com
dockresins.com
donsww.com
dtp.net
earth.myamphi.net
engwish.com
estservices.com
faleno.com
fashionphotographyonline.com
felixpeukert.com
fineartstore.us
fireboxhosting.com
fonlon-nichols.org
fonlon.org
gayaliens.com
glacebaybasketball.com
gngwane.com
goldenageart.com
goldsmithfamily.net
greaterchinamedia.com
halfsigma.com
hd4me.com
hedish.org
heycosmo.com
homes4sale-florida.com
host.raystractorparts.com
host67.sendamerica.com
host69.sendamerica.com
idi.net
is.agood.name
itm-dns.com
jacobnguni.com
jesusradio.info
jimbimedia.com
journalinginward.com
khatwani.com
klbar.org
lectureroom.com
literateweb.com
localhost.stjohnmarketing.com
localhost.themoneygames.com
m-card.us
mail.metrocomfortmasters.com
mail01.cooperlan.net
mail1.ex24.com
mail1.zayedgate.com
mail2.idpubs.com
mail4.echelonsolutions.com
mailservice.mr-o.net
maximizeit.net
mediabraintrust.net
medicalmarijuanainfo.com
miasesorfinanciero.com
michelhannacpa.com
michtel.com
morenomi.com
morminos.com
mr-o.net
mwcci.com
mx.n01.net
mychefxpress.com
mynmw.howmnymor.com
mysterysnail.com
nakednerve.flaction.com
net-lotto.org
newc.net
nr1-hosting.com
ns.enchantedcharms.com
ns0.ldesimone.com
ns01.unf.nu
ns1.auth-dns.com
ns1.c4uinc.com
ns1.internetgov.org
ns1.ldesimone.com
ns1.nr1-hosting.com
ns1.parkednameserver.com
ns1.privatewhoisdomain.com
ns1.rdesimone.com
ns1.superset.com
ns2.air2lan.com
ns2.auth-dns.com
ns2.c4uinc.com
ns2.epmissionary.org
ns2.forshore.net
ns2.nr1-hosting.com
ns2.parkednameserver.com
ns2.privatewhoisdomain.com
ns2.rdesimone.com
ns2.superset.com
ns2.taskport.com
ns3.trexhost.com
ns4.trexhost.com
ns5.trexhost.com
ns7.nr1-hosting.com
ns8.nr1-hosting.com
nt4.i-theta.com
oktreasures.com
oscar2.com
parkednameserver.com
parkwebwin-v02.prod.mesa1.secureserver.net
pbin5.com
pcmaprograms.org
penn.dgoldman.com
portaset.net
postwatchmagazine.com
pyvid.biz
rc2.cc
routenullmx.buildingdepartment.net
routenullmx.richwalters.com
rtcinc.net
safefun4families.com
seanallenfenn.net
server.com
server3.sidns.com
sesamenetworks.net
sewebsites.com
sexyf.info
soasecure.net
softwaredispatch.com
sparecom.info
spencer-speedway.com
stopdomesticviolence.com
swgdns.com
tastl.com
tequiladesandoval.com
texomacharters.com
the-bomb.com
thedistillery.com.au
theedgefootball.com
thumbaride.com
toplesslottery.com
tourmag.info
travelsmart4u.com
truelightwireless.com
tune1000.com
uet-me.com
ultracamps.com
undergroundelectric.com
utilitools.com
vaguespace.net
voicegateway.net
whatistortreform.com
wigga.niggaplz.com
wiseme.com
wopr.imageek.org
wordlessdharma.com
www.1stsolutions.com
www.alscrubs.com
www.cleanerup.com
www.goldenageart.com
www.spencer-speedway.com
www.undergroundelectric.com
www2.shesheparis.com
xp1.is.agood.name
zayedgate.com
zeroandbelow.com
zise.info


208.98.42.75

admin.dtcsh.ru
admin.dwigdimlixn.net
admin.eshty.ru
admin.eufos.ru
admin.eyldz.ru
admin.fccma.ru
admin.fnmh.ru
admin.fujg.ru
admin.fujj.ru
admin.fyfg.ru
admin.fyhg.ru
admin.gagf.ru
admin.gffxc.ru
admin.ggfh.ru
admin.ggfj.ru
admin.gockg.ru
admin.gujh.ru
admin.healthmedstech.ru
admin.hgff.ru
admin.hugyp.ru
admin.hujf.ru
admin.hujg.ru
admin.hxacq.ru
admin.hxktv.ru
admin.igff.ru
admin.igfh.ru
admin.iitlv.ru
admin.imageacquireworld.nl
admin.iujf.ru
admin.jacduvaku.com
admin.jbyte.ru
admin.jnwsl.ru
admin.jujf.ru
admin.jzpli.ru
admin.kllpw.ru
admin.kloou.ru
admin.kmawc.ru
admin.kmkio.ru
admin.korlt.ru
admin.kwlzn.ru
admin.pgfh.ru
admin.pillmedspharmacy.ru
agfj.ru
cjbvh.ru
dgfj.ru
drugstorepharmacypills.net
dzajigayt.com
edmargyehi.com
eshty.ru
etxmy.ru
eufos.ru
eyldz.ru
fccma.ru
fdsgg.ru
fqddh.ru
fvopf.ru
fyfg.ru
gockg.ru
greattabletshealthrx.net
gujf.ru
healthdietpillsmeds.com
healthrxmedsshop.com
hggdg.ru
hghfg.ru
hxacq.ru
iitlv.ru
imvisyaxyo.com
jbyte.ru
jojpu.ru
jzpli.ru
kllpw.ru
kmkio.ru
korlt.ru
mail.dtcsh.ru
mail.dujh.ru
mail.dwigdimlixn.net
mail.eshty.ru
mail.eufos.ru
mail.eyldz.ru
mail.fccma.ru
mail.fnmh.ru
mail.fujg.ru
mail.fujj.ru
mail.fvopf.ru
mail.fyhg.ru
mail.gagf.ru
mail.gffxc.ru
mail.ggfh.ru
mail.ggfj.ru
mail.gockg.ru
mail.gujh.ru
mail.healthmedstech.ru
mail.hgff.ru
mail.hgfj.ru
mail.hugyp.ru
mail.hujf.ru
mail.hujg.ru
mail.hxacq.ru
mail.hxktv.ru
mail.igff.ru
mail.igfh.ru
mail.iitlv.ru
mail.imageacquireworld.nl
mail.jacduvaku.com
mail.jbyte.ru
mail.jnwsl.ru
mail.jujh.ru
mail.jzpli.ru
mail.kllpw.ru
mail.kloou.ru
mail.kmawc.ru
mail.kmkio.ru
mail.korlt.ru
mail.kwlzn.ru
mail.lqoeh.ru
mail.pgfh.ru
medichealthpills.ru
mraoqwed.com
ns1.dwigdimlixn.net
pharmacydrugstorechains.ru
pharmacystoreowners.ru
pillmedspharmacy.ru
pillsmedsdrugstoredirect.net
www.mraoqwed.com


194.50.7.208

admin.dtcsh.ru
admin.dwigdimlixn.net
admin.eshty.ru
admin.eufos.ru
admin.eyldz.ru
admin.fccma.ru
admin.fnmh.ru
admin.fujg.ru
admin.fujj.ru
admin.fyfg.ru
admin.fyhg.ru
admin.gagf.ru
admin.gffxc.ru
admin.ggfh.ru
admin.ggfj.ru
admin.gockg.ru
admin.gujh.ru
admin.healthmedstech.ru
admin.hgff.ru
admin.hugyp.ru
admin.hujf.ru
admin.hujg.ru
admin.hxacq.ru
admin.hxktv.ru
admin.igff.ru
admin.igfh.ru
admin.iitlv.ru
admin.imageacquireworld.nl
admin.iujf.ru
admin.jacduvaku.com
admin.jbyte.ru
admin.jnwsl.ru
admin.jujf.ru
admin.jzpli.ru
admin.kllpw.ru
admin.kloou.ru
admin.kmawc.ru
admin.kmkio.ru
admin.korlt.ru
admin.kwlzn.ru
admin.pgfh.ru
admin.pillmedspharmacy.ru
agfj.ru
cjbvh.ru
dgfj.ru
drugstorepharmacypills.net
dzajigayt.com
edmargyehi.com
eshty.ru
etxmy.ru
eufos.ru
eyldz.ru
fccma.ru
fdsgg.ru
fqddh.ru
fvopf.ru
fyfg.ru
gockg.ru
greattabletshealthrx.net
gujf.ru
healthdietpillsmeds.com
healthrxmedsshop.com
hggdg.ru
hghfg.ru
hxacq.ru
iitlv.ru
imvisyaxyo.com
iujf.ru
jbyte.ru
jojpu.ru
jzpli.ru
kllpw.ru
kmkio.ru
korlt.ru
kwlzn.ru
mail.dtcsh.ru
mail.dujh.ru
mail.dwigdimlixn.net
mail.eshty.ru
mail.eufos.ru
mail.eyldz.ru
mail.fccma.ru
mail.fnmh.ru
mail.fujg.ru
mail.fujj.ru
mail.fvopf.ru
mail.fyhg.ru
mail.gagf.ru
mail.gffxc.ru
mail.ggfh.ru
mail.ggfj.ru
mail.gockg.ru
mail.gujh.ru
mail.healthmedstech.ru
mail.hgff.ru
mail.hgfj.ru
mail.hugyp.ru
mail.hujf.ru
mail.hujg.ru
mail.hxacq.ru
mail.hxktv.ru
mail.igff.ru
mail.igfh.ru
mail.iitlv.ru
mail.imageacquireworld.nl
mail.jacduvaku.com
mail.jbyte.ru
mail.jnwsl.ru
mail.jujh.ru
mail.jzpli.ru
mail.kllpw.ru
mail.kloou.ru
mail.kmawc.ru
mail.kmkio.ru
mail.korlt.ru
mail.kwlzn.ru
mail.lqoeh.ru
mail.pgfh.ru
medichealthpills.ru
mraoqwed.com
ns1.dwigdimlixn.net
pharmacydrugstorechains.ru
pharmacystoreowners.ru
pillmedspharmacy.ru
pillsmedsdrugstoredirect.net
www.mraoqwed.com

Acrobat Memory Corruption Denial of Service (DoS) Exploit - CVE-2011-2105

Adobe released their Security updates to cover several critical vulnerabilities in Adobe Reader X(10.01) and earlier version for Windows, Adobe Reader X (10.0.3) and earlier versions for Macintosh, and Adobe Acrobat X (10.0.3) and earlier versions for Windows and Macintosh.

One of the vulnerability (CVE-2011-2105) has been disclosed in public through Exploit-DB.

PoC Details: 
The following JS was the problem point inside the PDF file (Open the PoC file by a text editor):
/*****************************************************************************/
var temp;
for(var i=0;i<=8;i++)
{
temp+=temp+temp+"A";
}
var result = temp;
try{
viewState= result;
}catch(e){}
dirty; // Important!
/*****************************************************************************/

Solution:
Apply an update

Adobe recommends all users upgrade to Adobe Reader and Acrobat 10.1, 9.4.5, or 8.3. APSB11-16 contains more details. Please also consider the following workarounds:

Use the Microsoft Enhanced Mitigation Experience Toolkit

The Microsoft Enhanced Mitigation Experience Toolkit (EMET) can be used to help prevent exploitation of this and other vulnerabilities.

Enable DEP in Microsoft Windows

Consider enabling Data Execution Prevention (DEP) in supported versions of Windows. DEP should not be treated as a complete workaround, but it can mitigate the execution of attacker-supplied code in some cases. Microsoft has published detailed technical information about DEP in Security Research & Defense blog posts "Understanding DEP as a mitigation technology" part 1 and part 2. DEP should be used in conjunction with the application of patches or other mitigations described in this document.

Note that when relying on DEP for exploit mitigation, it is important to use a system that supports Address Space Layout Randomization (ASLR) as well. ASLR is not supported by Windows XP or Windows Server 2003 or earlier. ASLR was introduced with Microsoft Windows Vista and Windows Server 2008. Please see the Microsoft SRD blog entry: On the effectiveness of DEP and ASLR for more details.

Disable JavaScript in Adobe Reader and Acrobat

Disabling JavaScript helps to reduce attack surface and mitigates some exploitation techniques. If this workaround is applied to updated versions of Adobe Reader and Acrobat, it may protect against future vulnerabilities.

To disable JavaScript in Adobe Reader:

    Open Adobe Acrobat Reader.
    Open the Edit menu.
    Choose the Preferences... option.
    Choose the JavaScript section.
    Uncheck the Enable Acrobat JavaScript checkbox.

Note that when JavaScript is disabled, Adobe Reader and Acrobat prompt to re-enable JavaScript when opening a PDF that contains JavaScript.

Prevent Internet Explorer from automatically opening PDF documents

The installer for Adobe Reader and Acrobat configures Internet Explorer to automatically open PDF files without any user interaction. This behavior can be reverted to the safer option of prompting the user by importing the following as a .REG file:

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\AcroExch.Document.7]
    "EditFlags"=hex:00,00,00,00

Disable the displaying of PDF documents in the web browser

Preventing PDF documents from opening inside a web browser reduces attack surface. If this workaround is applied to updated versions of Adobe Reader and Acrobat, it may protect against future vulnerabilities.

To prevent PDF documents from automatically being opened in a web browser with Adobe Reader:

    Open Adobe Acrobat Reader.
    Open the Edit menu.
    Choose the Preferences... option.
    Choose the Internet section.
    Uncheck the Display PDF in browser checkbox.


Reference:
http://www.adobe.com/support/security/bulletins/apsb11-16.html
http://www.kb.cert.org/vuls/id/264729
http://secunia.com/advisories/43269/

Tuesday, June 7, 2011

RSA finally comes clean: SecurID is compromised


RSA Security will replace virtually every one of the 40 million SecurID tokens currently in use as a result of the hacking attack the company disclosed back in March. The EMC subsidiary issued a letter to customers acknowledging that SecurID failed to protect defense contractor Lockheed Martin, which last month reported a hack attempt.
SecurID tokens are used in two-factor authentication systems. Each user account is linked to a token, and each token generates a pseudo-random number that changes periodically, typically every 30 or 60 seconds. To log in, the user enters a username, password, and the number shown on their token. The authentication server knows what number a particular token should be showing, and so uses this number to prove that the user is in possession of their token.
The exact sequence of numbers that a token generates is determined by a secret RSA-developed algorithm, and a seed value used to initialize the token. Each token has a different seed, and it's this seed that is linked to each user account. If the algorithm and seed are disclosed, the token itself becomes worthless; the numbers can be calculated in just the same way that the authentication server calculates them.
This admission puts paid to RSA's initial claims that the hack would not allow any "direct attack" on SecurID tokens; wholesale replacement of the tokens can only mean that the tokens currently in the wild do not offer the security that they are supposed to. Sources close to RSA tell Ars that the March breach did indeed result in seeds being compromised. The algorithm is already public knowledge.
As a result, SecurID offered no defense against the hackers that broke into RSA in March. For those hackers, SecurID was rendered equivalent to basic password authentication, with all the vulnerability to keyloggers and password reuse that entails.
RSA Security Chairman Art Coviello said that the reason RSA had not disclosed the full extent of the vulnerability because doing so would have revealed to the hackers how to perform further attacks. RSA's customers might question this reasoning; the Lockheed Martin incident suggests that the RSA hackers knew what to do anyway—failing to properly disclose the true nature of the attack served only to mislead RSA's customers about the risks they faced.
RSA is working with other customers believed to have been attacked as a result of the SecurID compromise, though it has not named any. Defense contractors Northrop Grumman and L-3 Communications are both rumored to have faced similar attacks, with claims that Northrop suspended all remote access to its network last week.

Source: Ars Security

Another Android Malware Utilizing a Root Exploit

Another Android malware utilizing the root exploit "Rage Against The Cage" has been found. We were able to find a sample ourselves and we now detect it as Trojan:Android/DroidKungFu.A.

This new malware was embedded on a trojanized application that may require a root access in order to conceal itself. The infection occurs in two parts:

Infection: Part 1

The first part is the installation of a trojanized application that would gain root privilege and install the com.google.ssearch application. This application points to the Trojan:Android/DroidKungFu.A's service component that will start a service com.google.ssearch.Receiver. On the creation of this service, it will call the function getPermission() that will install an embedded APK.

Droid Kung Fu create

Droid Kung Fu permission

This will call for checkPermission() that will check if com.google.ssearch.apk already exists. If not, it will install the "legacy" file, which is an APK file, to the "system/app" (the application folder).

Droid Kung Fu check permission

Infection: Part 2

The second part deals with the main malware component, com.google.ssearch.apk. As we may recall, this component was also present in the trojanized application.

Here is a screenshot showing the com.google.ssearch.apk installed.

Droid Kung Fu screen

The malware appears to have a backdoor functionality. Here are some of its capabilities that we have seen:

  •  execDelete — execute command to delete a supplied file
  •  execHomepage — execute a command to open a supplied homepage
  •  execInstall — download and install a supplied APK
  •  execOpenUrl — open a supplied URL
  •  execStartApp — run or start a supplied application package

Trojan:Android/DroidKungFu.A can also obtain the following information and post it to a remote server:

  •  imei — IMEI number
  •  ostype — Build version release, e.g., 2.2
  •  osapi — SDK version
  •  mobile — users' mobile number
  •  mobilemodel — Phone model
  •  netoperator — Network Operator
  •  nettype — Type of Net Connectivity
  •  managerid — hard-coded value which is "sp033"
  •  sdmemory — SD card available memory
  •  aliamemory — Phone available memory

Root is set to 1 as to signify with root, and these information are then sent to "http://search.gong[...].php."

The malware obtains the commands from "http://search.gong[...].php" by posting in the "imei," "managerid" and root value. It also reports the status of the commands on "http://search.gong[...].php" by posting in "imei," "taskid," "state" and "comment."

Threat Solutions post by — Zimry

-----

Updated to clarify: Original discovery of the trojan was by a research team at North Carolina State University. We were able to independently find a sample for our own analysis.    



Source: F-Secure Labs Blog