Translate

2/15/2014

HEUR:Trojan.Script.Generic ---> artofzengraphics.com
IP 216.177.139.128

(Laguna Niguel, California, United States)




MALICIOUS SITE & IP: HEUR:Trojan.Script.Generic
http://artofzengraphics.com/
  • https://www.virustotal.com/de/url/81193b530827110d85212ac17af2962377242f30ea759b2b673ecb33a91bc00c/analysis/

INFECTION:
HEUR:Trojan.Script.Generic
  • https://www.virustotal.com/de/file/28c5a744588396a98aefcd426d21687d6523192503858b9d56bcfa90699938ee/analysis/1392491478/
  • http://wepawet.iseclab.org/view.php?hash=bc670ebbbcb5ac14506a784751b405fa&t=1392491777&type=js
FULL REPORT:
Document hosting: UploadEdit.com

wantedlist2.altervista.org
(Trojan-Clicker.HTML.IFrame.aoe)
ITALY, United States, Germany





MALWARE: Trojan-Clicker

http://wantedlist2.altervista.org/
  • https://www.virustotal.com/de/url/013fce8ec9d84efe2b18db9a2552db694539fd9f056c27a938ae2d491845dd27/analysis/1392474534/

INFECTED:

Trojan-Clicker.HTML.IFrame.aoe
  • https://www.virustotal.com/de/file/1ece9568d77b580a0b1d7be3c45aa11f09358fb71f2e0c821f3a98cc7cf3bf74/analysis/1392478038/
  • https://www.virustotal.com/de/file/a2da95d0db2d871406b58090f481a3f402befc7a62f7e735c950d49def8e293e/analysis/1392476773/
JS/Pakes
  • https://www.virustotal.com/de/file/8b6de8be678e4ac7d3b6a7496adfc086e7b2ab8a33d2b0b18f13f1576ee1ccce/analysis/1392476113/
  • https://www.virustotal.com/de/file/baa343e98f59fc0ebe77aaf5e38ee31eae8feb39ac317df9f1708826af2fc0e2/analysis/1392475284/
  • https://www.virustotal.com/de/file/1d49f50836faa0d5b057ea9faf4a8c82a9a2a41e3df7c490e8c7aeba7136183a/analysis/1392475833/
  • http://jsunpack.jeek.org/?report=750d2ce7d372ce1a2f23cf4f180a065f878e356b

FULL REPORT: Document hosting: UploadEdit.com

www.belvedere3re.it & agromolinillo.net
(ITALY & BULGARIA)
Infected With: Trojan.JS.Iframe.aeq & Trojan.JS.Blacole.Gen




MALWARE: Trojan.JS.Iframe.aeq (EXPLOIT)

http://www.belvedere3re.it/
  • https://www.virustotal.com/de/url/6500fe67f341d74fc3550812db85a0709477c4f496f4b5e4a13d7297dfac41fb/analysis/1392447566/
INFECTION: 
Trojan.JS.Iframe.aeq
  • https://www.virustotal.com/de/file/c762708b51850c161fdcc2800018a631df7cfee551987244fbcc2cc1cca0d1ee/analysis/1392447709/
  • http://wepawet.iseclab.org/view.php?hash=a808a7ecd79da728c378648af9da10f5&t=1392447580&type=js
Embedded iframe redirection - possible exploit kit indicator
  • https://urlquery.net/report.php?id=9442829


---------------------------------------------------------------------------------------------------------------------------------------------

DOMAIN:
http://agromolinillo.net/
  • https://www.virustotal.com/de/url/5101a27f16f6473637f25d7e21faa11997c5fa325098870e54168fddeefcdd67/analysis/1392448344/
INFECTION: 
Trojan.JS.Iframe.aeq
  • https://www.virustotal.com/de/file/c762708b51850c161fdcc2800018a631df7cfee551987244fbcc2cc1cca0d1ee/analysis/
  • https://urlquery.net/report.php?id=9442930
FULL REPORT: Document hosting: UploadEdit.com

2/14/2014

DOMAIN www.al360.it
Infected with HEUR:Trojan.Script.Generic
(ITALY & GERMANY (mosens.de))



MALWARE: HEUR:Trojan.Script.Generic
http://www.al360.it/
  • https://www.virustotal.com/de/url/1997dfdb219a58b84691e87b520bdd5298b65b2a41961869704b554167f49d78/analysis/1392394269/
INFECTION:
HEUR:Trojan.Script.Generic
  • https://www.virustotal.com/de/file/a9a22599cbf102ed368db4a89351f91f35c98f32dbc3d846e15e7f9ebc6ce18d/analysis/1392394434/
FULL REPORT:

Document hosting: UploadEdit.com

ABBA (S.O.S.) & New Malware Code:
www.abba.it & IP 79.135.167.28
Trojan.JS.Iframe.ahh & Trojan.JS.Iframe.ahi (PUA) (ITALY & POLAND)






ABBA MALWARE AT LEAST SINCE 2012: HEUR:Trojan.Script.Iframer (PUA) (RBN 351, ITALY & POLAND)


http://www.abba.it/
  • https://www.virustotal.com/de/url/84645d2eca6550ebd7c47540670934f2383b374162aac5210fe7b6be7e5704e9/analysis/1392389097/

INFECTION:

HEUR:Trojan.Script.Iframer (PUA)
  •  https://www.virustotal.com/de/file/3f6d4bcd51b2a294897c1e76402fc2ec956a411ac92acbe7f89029748eae3522/analysis/1392389334/

The complete report (.txt) can be seen here:

Document hosting: UploadEdit.com


SINCE 2009: www.cafi.it
Infected with Malware: Malicious Iframe Injection
At the Moment: HEUR:Trojan.Script.Iframer (ITALY & UKRAINE)


MALICIOUS DOMAIN ALREADY SINCE 2009: HEUR:Trojan.Script.Iframer (RBN 422) (UKRAINE)
http://www.cafi.it/
  • https://www.virustotal.com/de/url/7bd6d2f5f61ade1dcfe6c3357fd48b812d1f40ef8d54b3feae0a71cb831dd2b1/analysis/1392383368/
INFECTION: 
HEUR:Trojan.Script.Iframer
  • https://www.virustotal.com/de/file/3510b819f8d1d209bb267f3a721f9cb040fc2c609412e7ace7f2dcd75528e67d/analysis/1392384000/
Mal/Iframe-F
  • https://www.virustotal.com/de/file/6eb573fba0944e608d57dc882860149f14bdb2368a295ac19e93f7e6a0072386/analysis/1392383703/
Malicious iframe injection
Javascript associated with malicious code
  • https://urlquery.net/report.php?id=9433018
--->
http://91.207.61.32/.r/.fi/index.php
  • https://www.virustotal.com/de/url/9d80e5be6628f7734d3fd816c391733b5c4e491c2f96818e22738b8a9c2ed5c7/analysis/1392384629/
  • https://urlquery.net/report.php?id=9433214

NEWLY DETECTED: www.albertomanganaro.it
Infected with HEUR:Trojan.Script.Generic
(ITALY)


NEWLY DETECTED MALWARE SITE FROM ITALY: HEUR:Trojan.Script.Generic

Malicious iframe injection
  • https://urlquery.net/report.php?id=9432480
http://www.albertomanganaro.it/
  • https://www.virustotal.com/de/url/48d1ce8ef5d827edda2d76a7f190c37d64812b63c905739df28a28101a4732fd/analysis/1392334229/
HEUR:Trojan.Script.Generic
  • https://www.virustotal.com/de/file/d246753919f66e3b34e54e24c34b4ec331e07afa0a695b4763c7637470a7dea6/analysis/1392335647/
The complete report can be found here:

Document hosting: UploadEdit.com


2/13/2014

ANGLER EXPLOIT KIT:
IP 37.9.53.204
Category MALICIOUS IP/DOMAIN
(UNITED KINGDOM & RUSSIAN FEDERATION)




The following DOMAIN / IP is compromised with the ANGLER EXPLOIT KIT which mainly is to use vulnerbilities in Microsoft SILVERLIGHT.

ORIGINS: UNITED KINGDOM & RUSSIAN FEDERATION

http://37.9.53.204/
  • https://www.virustotal.com/de/url/248fe87973d0950dbe2699af672f4cfa25b99d6642e33fa04e995af929d97cc0/analysis/1392317892/
SPECIFIC LINK:
http://37.9.53.204/mobile.php?niche=newcj
  • https://www.virustotal.com/de/url/fd0581fc5f7e6b847021e161e81a7b67edab23275cf66aa05055f983e3df4fee/analysis/1392317833/
Malware.HTML.Iframe (paranoid heuristics)
  • http://virusscan.jotti.org/de/scanresult/6f18ec5f9439692aa66e4b0a8b021a2ee1073e6a
  • https://www.virustotal.com/de/file/cfae597233232ae04ac8fdc4809a00159c720e657ca6c32a4c4d5e45bdba9568/analysis/1392319600/
SCRIPT(s) CAN BE FOUND HERE:
  • http://jsunpack.jeek.org/?report=4404603b06b5bc656d0d7364c99f9921ba109afc
0) Angler exploit kit URL pattern
1) Angler EK Landing Page
2) Possible AnglerEK Java Exploit/Payload Structure Jan 16 2014
3) suspicious - gzipped file via JAVA - could be pack200-ed JAR
4) Possible Secondary Indicator of Java Exploit (Artifact Observed mostly in EKs/a few mis-configured apps)
5) Angler EK encrypted binary (3) Jan 17 2013

  • https://urlquery.net/report.php?id=9424546
The complete analysis review with more details can be found here:
Document hosting: UploadEdit.com




Just another Spam from: www.ratgeberplatz.com:
„Herzlichen Glückwunsch“ („Congratulations“)
from Germany

English:


www.ratgeberplatz.com is a Spamdomain. Just delete those mails. Do not click "unsuscribe Newsletter". If you do so, they only will register that you have read the Mail, and Spamming will become worse ! See Screenshot.

Related Posts:

Just another SPAM SCREENSHOT from ratgeberplatz.com...


Für Deutschsprachige Leser:


www.ratgeberplatz.com ist eine eindeutige Spamdomain. Diese Mails sollte man getrost löschen. Bloss nicht auf "Newsletter abbestellen" klicken. Das einzige was anschliessend geschieht, ist dass sie von dieser Domain noch mehr Spam geschickt bekommen, da sie sich durch ihren Klick preisgegeben haben, und die Domain ratgeberplatz.com nun weiss, dass sie die E-Mail gelesen haben! Siehe Screenshot.

Verwandte Artikel:

19066.saeke.com:
MALICIOUS VISITOR OF THE WEEK (A BOTNET) & New Malicious Code
Trojan-Downloader.HTML.IFrame.aip, aiq, air
(CHINA, POLAND & RUSSIA)


MALICIOUS VISITOR OF THE WEEK (A BOTNET)








MALICIOUS (CHINA, POLAND & RUSSIA): Trojan-Downloader.HTML.IFrame.air
Reply Sinkhole - sinkhole.cert.pl 148.81.111.111 (Shadowserver Reported CnC Server IP group 3)
CVE-2008-2463 & CVE-2008-0015
http://19066.saeke.com/
https://www.virustotal.com/de/url/0768ee5a780f2d235f9b17e6789cd62fb2f9f2d08683d0351bd941ce0ea8c968/analysis/1392145114/
Exploit-IFrame.gen.ah
https://www.virustotal.com/de/file/d6c86c0aea173bb04a179812520b77e32b1f6f72b1f1d5f939898f3515cb92a0/analysis/1392205682/
Reply Sinkhole - http://sinkhole.cert.pl (148.81.111.111)
https://urlquery.net/report.php?id=9394745
https://urlquery.net/report.php?id=9394753
https://urlquery.net/report.php?id=9394749
https://urlquery.net/report.php?id=9394736
SCRIPT CODE: http://jsunpack.jeek.org/?report=6597a99bfac1a8733e9db2282b26a50e06efddc8
--->
http://19066.saeke.com/tj.js
https://www.virustotal.com/de/url/da19987591c4bfcceb3ff19582b77057402b4147172dbf9e5c9d2a1b496f8df3/analysis/1392217975/
https://www.virustotal.com/de/file/c17accf46049ffc28b33e8dfb56990ca0b035cc974dfc825952a7d94bc8e130e/analysis/1392217978/
--->
http://count45.51yes.com/click.aspx?id=450998701&logo=12
https://www.virustotal.com/de/url/34f490099e4c9785ddfba9018f2ee803943ad70736004f6bfd67d653ee4e6b26/analysis/1392218499/
https://www.virustotal.com/de/file/a9c13f407dd2befae9e13015941831b1c0a4433381700fd2210da2f4e4858cec/analysis/1392218278/
--->
http://count45.51yes.com/sa.htm?id=450998701
https://www.virustotal.com/de/url/f036a01fd81657fe43ac7724fd8bfef9279c67a13ff3823a763806a6edae7744/analysis/
--->
http://19066.saeke.com/gg.js
https://www.virustotal.com/de/url/be691723ba9286a06b1c95dc1855eb2fbff83c3b61f2774ab0d97fa38afcfe69/analysis/1392217936/
https://www.virustotal.com/de/file/2bde577fdaf14ced5c83ddc3e80c2ce78f5d06657aaf93aaeed628841597d7bf/analysis/1392217940/
--->
----------------------------
1st) http://www.0002555.com/
http://jsunpack.jeek.org/?report=b2b887ac1cc0b97c383d4d77550fa60c762d951b
https://www.virustotal.com/de/url/9f40196ff30f7143de35faba39e57193b52e11899b83e363f549254990f56033/analysis/1392212926/
JS:Decode-AHP [Trj] & JS/Exploit
https://www.virustotal.com/de/file/f2b87dd97c96d86679cc9db8050930e3c80d53fe86ee1f300a9c30ae2197dde7/analysis/1392213008/
JS/Exploit
https://www.virustotal.com/de/url/9f40196ff30f7143de35faba39e57193b52e11899b83e363f549254990f56033/analysis/1392212926/
--->
2nd) http://www.0002555.com/
http://jsunpack.jeek.org/?report=357f1217863b57f4544b34c7c90e26ace423885c
https://www.virustotal.com/de/url/9f40196ff30f7143de35faba39e57193b52e11899b83e363f549254990f56033/analysis/1392219336/
JS:Decode-AHP [Trj]
https://www.virustotal.com/de/file/da097870d62b19b49bd849e42d28536d05dbe4f3dc51f9c72c821d5bae746f4b/analysis/1392219103/
JS/Exploit
https://www.virustotal.com/de/file/37754a8ad7e8976ac0784fb7a6914854bcbcfea04cc4ac18506ba43a53672893/analysis/1392219542/
--->
http://www.0002555.com/?jdfwkey=ltxhx2
https://www.virustotal.com/de/url/e98cc7adf2b66b409f9c3f1a204bf92e07095e113f3507c155604d1a1963f343/analysis/1392220534/
Trojan.Url.IframeB.rrxhg
https://www.virustotal.com/de/file/ec46a7ddc9363450c29f79bec511b6d2910434744fd58b35c86efcda4f925d70/analysis/1392219094/
--->
http://count41.51yes.com/click.aspx?id=418575533&logo=11
https://www.virustotal.com/de/url/3ecfeb8d9385e5ce340628caf9bc5d54be6831df820b41bf5822d2bddf16350e/analysis/1392219731/
Trojan.Url.IframeB.rrxhg
https://www.virustotal.com/de/file/4b15dfa57083bb09ce49282b65290351ad27897ba9170aa00075fde2d7d21d86/analysis/1392219053/
https://www.virustotal.com/de/file/c2878b0fe3502325b658e57346d8c8bd78125a5b3cdfe6023a051724b66a5bf3/analysis/1392219061/
--->
http://count41.51yes.com/sa.htm?id=418575533
https://www.virustotal.com/de/url/29a17f881cb94afee5b57ae6d484a9dedc383b48352516fca1e73c2f06d11e66/analysis/1392220106/
--->
http://count30.51yes.com/click.aspx?id=308228346&logo=2
https://www.virustotal.com/de/url/8a02b1b560f3abf37ca36d1d57464716da3f03e9b56cb37628cd727808889991/analysis/1392220198/
https://www.virustotal.com/de/file/e879df4e1a5d975ca1418d14eb50f35a5330fcaadb4d198ed6a2fb4853b572e1/analysis/
--->
http://count30.51yes.com/sa.htm?id=308228346
https://www.virustotal.com/de/url/ec51f98a5309cc55f56af2ff7c9e9d50a06208b3526da6c5b329301a85e8913c/analysis/1392220375/
--->
http://player.youku.com/player.php/sid/XNjYwNDI1MTI4/v.swf
https://www.virustotal.com/de/url/992fad2fcdcc6b663dfbb25ca14a15a8c02656de0b2a7312fc749bee10ee558e/analysis/
https://www.virustotal.com/de/file/906fe6e47fe95ee6638b1e05195a5b3759a4a68f2967d6646d456b75acb71271/analysis/1392187035/
--->
http://static.youku.com/v1.0.0400/v/swf/loader.swf?VideoIDS=XNjYwNDI1MTI4
https://www.virustotal.com/de/url/357f07d6e7d50783a04222552b115c0e9826fc3c49a3ebe465e94bdc68130dc3/analysis/1392221033/
--->
http://player.youku.com/player.php/sid/XNDI4ODQxOTMy/v.swf
https://www.virustotal.com/de/url/51aac3efbee0778f03b8a6446e4cc3e3be69c8e0a009b1b578be6ac3af5cb4fb/analysis/1392221205/
--->
http://static.youku.com/v1.0.0400/v/swf/loader.swf?VideoIDS=XNDI4ODQxOTMy
https://www.virustotal.com/de/url/8cb172325549ac5a74c8208a58230f6699cd22a83618d53915ab6f47672af44e/analysis/1392221286/
--->
http://player.youku.com/player.php/sid/XNjU4ODk3MzU2/v.swf
https://www.virustotal.com/de/url/8e9692d910802f217669a3d4203d72e9499a25c6e5859394393cb4290872e070/analysis/1392221347/
--->
http://static.youku.com/v1.0.0400/v/swf/loader.swf?VideoIDS=XNjU4ODk3MzU2
https://www.virustotal.com/de/url/5f8a0f3dfb857fb4be2327fa72038115853e40274b309d9d240a724e47f0ad7d/analysis/1392221402/
--->
http://player.youku.com/player.php/sid/XNjY4MjQ4MzE2/v.swf
https://www.virustotal.com/de/url/68fb9fec46f372784f8193172829c26479024d3609687f75912cd77e30186f17/analysis/1392221486/
--->
http://static.youku.com/v1.0.0400/v/swf/loader.swf?VideoIDS=XNjY4MjQ4MzE2
https://www.virustotal.com/de/url/879301b1d169129c1b391d1eb68e411853a5a9ac63592112d8c30b187b07c4bc/analysis/1392221591/
--->
http://player.youku.com/player.php/sid/XNjY2MzQzODg4/v.swf
https://www.virustotal.com/de/url/7a85c31c8dd22d05e9d20297fd343d0b7f94faee7a1017832c2eb88b4c8b8236/analysis/1392221648/
--->
http://static.youku.com/v1.0.0400/v/swf/loader.swf?VideoIDS=XNjY2MzQzODg4
https://www.virustotal.com/de/url/ee1ef43787634c68ddc8b20b90baf8856b45758162fdefd7acf64764bbf40cb3/analysis/1392221724/
---->
CVE-2008-2463
Office Snapshot Viewer    The Microsoft Office Snapshot Viewer ActiveX control allows remote attackers to download arbitrary files to a client machine
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2463
CVE-2008-0015
MsVidCtl Overflow    Overflow in Microsoft Video ActiveX Control via specially-crafted data parameter
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2008-0015
http://www.Brenz.pl/
https://www.virustotal.com/de/url/31ce243b2ef5dd3790be577eeb9d68df7afdda26be2131de243cb06b3d742efc/analysis/1392222143/
https://urlquery.net/report.php?id=9412380
http://www.Brenz.pl/rc/
https://www.virustotal.com/de/url/4df2dbeb23a75f5631c006b880092a8843ffb8451dd2acbec429878b5bc44e8a/analysis/1392221816/
Shadowserver Reported CnC Server IP group 3
https://urlquery.net/report.php?id=9412383
http://wepawet.iseclab.org/view.php?type=js&hash=12962b1916a95d5314edc824efbff88b&t=1270649249
---> FINAL ARRIVE
http://sinkhole.cert.pl/
https://www.virustotal.com/de/url/ef6aa460ada5cc7d5f8dd784ae083eb0f2f3654bfb6559444d2eff704aed4bb6/analysis/1392217250/
https://urlquery.net/report.php?id=9411000
--->
http://148.81.111.111/
https://www.virustotal.com/de/url/986707e69ef388d44bdee6824a6cf10819c16ded7874a3c0d5ea3ad880030489/analysis/1392217321/
https://urlquery.net/report.php?id=9411000
------------------------------------------
SEE ALSO:
http://wepawet.iseclab.org/view.php?hash=2a24c85462e9dc30ca3776286f99886a&t=1392145172&type=js
http://wepawet.iseclab.org/view.php?hash=7382f78798d46535438780e5eb9cabd2&t=1392219910&type=js
http://safebrowsing.clients.google.com/safebrowsing/diagnostic?site=19066.saeke.com
http://zulu.zscaler.com/submission/show/40ce5691550607bbeab209159d154ad0-1392145179
http://app.webinspector.com/public/reports/20032993
http://www.urlvoid.com/scan/19066.saeke.com/

THE SAME SCHEME APPLIES AS WELL FOR THE FOLLOWING DOMAIN(S):
1) http://shenxingdubo.wuhou.ru/
https://www.virustotal.com/de/url/4b2a06f4a7e233b1cb50a0700997a697ac1acfe7c2524e0116a55f5777a7a8e2/analysis/1392222909/
Exploit-IFrame.gen.ah
https://www.virustotal.com/de/file/c2e1c253bd05372138c7da63f89152f5408923b2d7fac8147d4b5a10aebd0183/analysis/1392223274/
https://urlquery.net/report.php?id=9412757
http://jsunpack.jeek.org/?report=ac909241b96c177472a11c6d43f84b2ad74ac73a
2) http://bocaitonghaoxiangbo.se966.com/
https://www.virustotal.com/de/url/1d21050badc72f3864b75b0bf68e2856e2af881ba8a7dd9688665cd1571e1de1/analysis/1392223637/
3) http://kaihucaijinyulecheng.qkkyy.com/
https://www.virustotal.com/de/url/aab847e63610663609a5d62188cdf3971c3234b056ac619b97dbddf7ef608d6b/analysis/1392224039/
https://www.virustotal.com/de/file/a392b918860b282a2a1d8848060811228da928fd67ec8c9e487c8001f723fc6e/analysis/1392224103/
https://urlquery.net/report.php?id=9413126
ETC.
* http://aomenpujingyulechang.tpctr.com/
* http://songtiyanjin.cqchildren.cn/
* http://aomenyulecheng.aacpu.com/
* http://xinpujingyulecheng.ddy77.com/
* http://dota2bocaiba.130p.com/
* http://liuhehecaiwangzhi.mm532.com/
* http://zhangxinyouguanfangweibo.qkkyy.com/
* http://yulechengyouhui.sdhutao.com/
* http://wushengdongfangmingzhu.ddy77.com/
* http://bogoubodog.ningxi.net/
* http://dadongfangyulecheng.se966.com/
http://yulechengzaiwangshangzenmezhuce.jobflats.com/
http://007huangjiaduchangqvod.aacpu.com/
http://ribenzuqiubaobeishipin.ddy77.com/
http://guangdongtiyupindaoluxiang.bd84.com/
http://shengshiguoji.aacpu.com/
http://shuangseqiutouzhujiqiao27zhaofa.zhuolingxiu.com/
http://gaokejidubogongju.qkkyy.com/
http://F1wenzizhibo.hf025.com/
FOR MORE SEE & GO ON SCANNING WITH ZULU (ITs SIMPLY A BOTNET) :D:
http://zulu.zscaler.com/submission/show/fdbedf19d7cf1179c64c21c7f109c2df-1392224551
http://zulu.zscaler.com/submission/show/b7c15629a0ef5f92de4fcccf5d94164f-1392224591
http://zulu.zscaler.com/submission/show/80fbe6e5dd86bc2a8fbf68b2aaacc785-1392224731
http://zulu.zscaler.com/submission/show/f3d259b3bdb26c7f3c7f0253a9a6b1f0-1392225180
AND SO ON....

2/11/2014

Action required ! THE DAY WE FIGHT BACK !

On Anniversary of Aaron Swartz's Tragic Passing, Leading Internet Groups and Online Platforms Announce Day of Activism Against NSA Surveillance



Mobilization, dubbed "The Day We Fight Back" to Honor Swartz & Celebrate Anniversary of SOPA Blackout

Washington, DC – A broad coalition of activist groups, companies, and online platforms will hold a worldwide day of activism in opposition to the NSA's mass spying regime on February 11th. Dubbed "The Day We Fight Back", the day of activism was announced on the eve of the anniversary of the tragic passing of activist and technologist Aaron Swartz. The protest is both in his honor and in celebration of the victory over the Stop Online Piracy Act two years ago this month, which he helped spur.

Participants including Access, Demand Progress, the Electronic Frontier Foundation, Fight for the Future, Free Press, BoingBoing, Reddit, Mozilla, ThoughtWorks, and more to come, will join potentially millions of Internet users to pressure lawmakers to end mass surveillance -- of both Americans and the citizens of the whole world.

On January 11, 2013, Aaron Swartz took his own life. Aaron had a brilliant, inquisitive mind that he employed towards the ends of technology, writing, research, art, and so much more. Near the end of his life, his focus was political activism, in support of civil liberties, democracy, and economic justice.

Aaron sparked and helped guide the movement that would eventually defeat the Stop Online Piracy Act in January 2012. That bill would have destroyed the Internet as we know it, by blocking access to sites that allowed for user-generated content -- the very thing that makes the Internet so dynamic.



David Segal, executive director of Demand Progress, which he co-founded with Swartz, said: "Today the greatest threat to a free Internet, and broader free society, is the National Security Agency's mass spying regime. If Aaron were alive he'd be on the front lines, fighting back against these practices that undermine our ability to engage with each other as genuinely free human beings." According to Roy Singham, Chairman of the global technology company ThoughtWorks, where Aaron was working up until the time of his passing:

"Aaron showed us that being a technologist in the 21st century means taking action to prevent technology from being turned against the public interest. The time is now for the global tribe of technologists to rise up together and defeat mass surveillance."

According to Josh Levy of Free Press:

"Since the first revelations last summer, hundreds of thousands of Internet users have come together online and offline to protest the NSA’s unconstitutional surveillance programs. These programs attack our basic rights to connect and communicate in private, and strike at the foundations of democracy itself. Only a broad movement of activists, organizations and companies can convince Washington to restore these rights.”

Brett Solomon, Executive Director, Access, added:

"Aaron thought in systems. He knew that a free and open internet is a critical prerequisite to preserving our free and open societies. His spirit lives in our belief that where there are threats to this freedom, we will rise to overcome them. On February 11th, we'll rise against mass surveillance."

On the day of action, the coalition and the activists it represents make calls and drive emails to lawmakers. Owners of websites will install banners to encourage their visitors to fight back against surveillance, and employees of technology companies will demand that their organizations do the same. Internet users are being asked to develop memes and change their social media avatars to reflect their demands.

Websites and Internet users who want to talk part can visit TheDayWeFightBack.org to sign up for email updates and to register websites to participate. Regular updates will be posted to the site between now and the February 11th day of action.

WHO: Access, Demand Progress, Electronic Frontier Foundation, Fight for the Future, Free Press, The Other 98%, BoingBoing, Mozilla, Reddit, ThoughtWorks -- and many more to come

WHAT: Day of Action in Opposition to Mass Spying, Honoring Aaron Swartz and SOPA Blackout Anniversary

WHEN: February 11, 2014

HOW INTERNET USERS CAN HELP:

  •     Sign up to indicate that you'll participate and receive updates.
  •     Sign up to install widgets on websites encouraging its visitors to fight back  against surveillance. (These are being finalized in coming days.)
  •     Use the social media tools on the site to announce your participation.
  •     Develop memes, tools, websites, and do whatever else you can to participate -- and encourage others to do the same.

NEW MALWARE CODE: Trojan-Downloader.JS.Iframe.dfm
INFECTED DOMAIN castelgiorgio.com
(ITALY - AUSTRALIA - UNITED STATES)


2/10/2014

Potentially MALICIOUS IP-VISITOR TO THIS BLOG:
5.228.175.88 (RUSSIAN FEDERATION)
Listed at SPAMHAUS (PBL)







POTENTIALLY MALICIOUS IP: (RUSSIAN FEDERATION)
5.228.175.88
  • https://www.virustotal.com/de/url/9a5637c8f5e9e879f58b3cfe1543d4e99d2887e934d6c212e93437feac0b22e6/analysis/1392062781/

LISTED AT SPAMHAUS (PBL):
  • http://www.spamhaus.org/query/bl?ip=5.228.175.88

Email Reputation: Poor
  • http://www.senderbase.org/lookup/?search_string=5.228.175.88

HOSTNAME:
broadband-5-228-175-88.nationalcablenetworks.ru
  • https://www.virustotal.com/de/url/a8681b9778da0b6e81f869a1a481143702f0d420c80c3263ead51a3127b03a4b/analysis/1392063552/

DOMAIN:
nationalcablenetworks.ru
  • https://www.virustotal.com/de/url/8e8530d88e624479f71553153beb0a55797a2ceb259233b198c47104eb7ce2bd/analysis/1392063734/

NETWORK OWNER:
www.rostelecom.ru
  • https://www.virustotal.com/de/url/a1de2b65a0f6c052d2fab4d62d1bd8dc96fbeec821c1d2e94642c5478d353fc5/analysis/1392064034/
  • http://www.senderbase.org/lookup/org/?search_string=OJSC%20Rostelecom
rostelecom.ru links either directly or indirectly to the following Domains: 
widgets.twimg.com
  • https://www.virustotal.com/de/url/fc8fb130582f32fba6ff856d59a615af1ea1214aeb4283b366d3a1061d5c2a80/analysis/1392064674/
qsoft.ru
  • https://www.virustotal.com/de/url/145246976aef9e4f1975b45cbf76fc0aa77660197d2740949a8e670ddf803d8d/analysis/1392064722/


NEWLY DETECTED:
ricaworld.altervista.org
HEUR:Trojan.Script.Generic (GERMANY)



NEWLY DETECTED MALWARE: HIDDEN IFRAME (HEUR:Trojan.Script.Generic)
ricaworld.altervista.org
  • https://www.virustotal.com/de/url/75c19d584b99aa082712e4ff096bc54f5edc683048b8729344b9f854b2608fe7/analysis/1392036074/

INFECTION:
Trojan.JS.QXJ
  • https://www.virustotal.com/de/file/e42c571c0963b0d0d7a7344f9582c6252bcf12614a6c8e368559502d643d48c0/analysis/1392036385/
--->
ricaworld.altervista.org/Scripts/AC_RunActiveContent.js
  • https://www.virustotal.com/de/url/fb38eb2a93366fdd5276b20f708db788dfcad2f2e6662ff916779246be29b3bf/analysis/1392036955/

INFECTION:
HEUR:Trojan.Script.Generic
  • https://www.virustotal.com/de/file/b5b1d54315c2a2e9d9486452b6e0b27be42cbe78a31f28d3f49051c30663897a/analysis/1392036765/
  • https://www.virustotal.com/de/file/481cdfa5cb56926629612634970abf7679b43261dc92ad5040eba08a513f82fd/analysis/1392036780/
 


--->
chcipenize.wz.cz/mailcheck.php
  • https://www.virustotal.com/de/url/de21862addb9217bd2c8085868153c321b2fa58ef42248920d2ad2c819cb269e/analysis/1392037277/
  • https://www.virustotal.com/de/file/a406668064e43de3c55fb9293777d8f9651ace466dc1f51bf53fcf9a0402a7d2/analysis/1375077498/
  • https://www.virustotal.com/de/file/ac21eb5fb9ff8ad43bf2826385b0019225ed43bbc3098e6ce65542ce8f9b6e12/analysis/1392037253/
--->
www.iws-leipzig.de/contacts.php
  • https://www.virustotal.com/de/url/d0b7f370689cad91470fe8264879beeca58ae2600215d5b899d084bde6a25559/analysis/1392037470/

NEW:
yansalamandra.ru
HEUR:Trojan.Script.Generic
Russian Federation




NEWLY DETECTED: MALICIOUS IFRAME (RBN 365)
yansalamandra.ru
  • https://www.virustotal.com/de/url/67921025f91c62ba5e76eda2f819051ee0ad0d25d2aa551bdb8b7f215979ce12/analysis/1391972916/

INFECTION: 
HEUR:Trojan.Script.Generic
  • https://www.virustotal.com/de/file/4d878e5f2db1d468d80a1d15ab6a5bef205b4834e85e5226f8ba9cae406e4b64/analysis/1391974022/
  • https://urlquery.net/report.php?id=9327064
  • http://jsunpack.jeek.org/?report=5c2537adab93e2e9a6fa9108f149dc6d9138b788
--->
advomn.pp.ua
  • https://www.virustotal.com/de/url/93856bf13af0b2df401a4080f6b72274156db06cc73e05499e0d3cffe0cf7e86/analysis/1391975226/
  • https://urlquery.net/report.php?id=9327399
advomn.pp.ua/38c190227eaddbe1e920ad1a993701980a6d4d8e516d3011c2fc023a042b7d4b171a7f801a278e4630354f01a9232a6a3a2ec980002e92716c9ce0dc480c29447345c6dee2d30344b6b
  • https://www.virustotal.com/de/url/df4bd15c09f7e998375234b0ec08a26dce90f07c9cd2da9dde32f54ca1336bb2/analysis/1391975200/
--->
changeip.changeip.name/rsize.js
  • https://www.virustotal.com/de/url/41c106f4f24956e8e6d031bc20861b77b7b9674f8ad231ef4e51fff8892e90a3/analysis/1391974447/
  • https://urlquery.net/report.php?id=9327265
  • https://urlquery.net/report.php?id=9327273
------------------------------------------

OTHER MALICIOUS LINK:

yansalamandra.ru/administrator/help/en-GB/chinchin.js
  • https://www.virustotal.com/de/url/286c044eac09bac2fe39efa3e21ab1e60bbee92349e1499c02e7efe4e02d7eec/analysis/1391975320/

INFECTION:
Troj/JSRedir-MN
  • https://www.virustotal.com/de/file/c3755028d1adf4d41fd5d0ffd1bdabffc9a093be438025b491fca6901c74cc06/analysis/1391975322/
  • http://jsunpack.jeek.org/?report=009476f8e2cc5e8c96b8a51b339bcd41b26c9851