Trojan-Downloader.JS.Agent.fdg - Infected Domain: anatoly.voiz.ru - Russian Federation

       THE DOMAIN anatoly.voiz.ru HAS BEEN RECENTLY DETECTED WITH MALWARE

URL:

anatoly.voiz.ru

• https://www.virustotal.com/de/url/4d8a635f97aa257213cab84628e8313340eeab2e2d344fee54cd39b9474780ed/analysis/1387358073/

INFECTED WITH:

FIRST DETECTED MARCH 17th 2010

• https://www.virustotal.com/de/file/b2c3aa974a0ab23ee3f3d3aafc67c6280ca888124e2fd945e14141449d69e886/analysis/1387358326/

---> PATTERN

zragore.info/index2.php

• https://www.virustotal.com/de/url/eb15297aa6098cc87c651df547b31318e392935c8824a4cbf35d14447d92c0b7/analysis/1387358596/

---->

www.august13.com/index2.php

• https://www.virustotal.com/de/url/4e45ec544c094914d5ddc2e2f8fa68a6ff50bc39d93ba75fd6c7c9d84f6b2039/analysis/
• http://www.UnmaskParasites.com/security-report/?page=anatoly.voiz.ru

-----> CVE-2008-2992 & CVE-2009-0927

qsfgyee.com:3129/js

• https://www.virustotal.com/de/url/02315217e9b30f9902ee226be14bb5abb02cd2205fc01ea88eb121bbc7492725/analysis/1387358739/
• http://wepawet.iseclab.org/view.php?hash=1bb25dc6e3144b854ad246c18416e500&t=1387358627&type=js
• http://wepawet.iseclab.org/view.php?type=js&hash=4d751f2b8633ba754a7994b46290a825&t=1271400874

IP:

anatoly.voiz.ru ---> 90.156.201.112

• https://www.virustotal.com/de/url/6c535613db365e049f05060b4c234c229f3388a21838bba58e591ee317623bb1/analysis/1387369061/
• https://www.virustotal.com/de/ip-address/90.156.201.112/information/

Bad Host Appearances: 149

• https://www.projecthoneypot.org/ip_90.156.201.112

Fwd/Rev DNS Match: No

• http://www.senderbase.org/lookup/?search_string=90.156.201.112