Web Security And Awareness towards Cybercriminals: 2014-03-09

3/15/2014

Malicious/Suspicious Shellcode (Length 367/362):
Domains da-tom.de & www.x-7.de
Involved in Malicious Activities
(GERMANY)

MALICIOUS DOMAIN (da-tom.de)
WITH MALICIOUS SHELLCODE

http://www.x-7.de/

https://www.virustotal.com/de/url/8f45318803da1480fb37c429f4867128639f02b652c8081725b5094b1ba63faf/analysis/

THIS LINK HAS (HAD) 2 HIDDEN IFRAMES:

http://www.x-7.de/zirbel/archiv/01-okt/01-10-18.htm

1) http://sm7.sitemeter.com/js/counter.asp@site=sm7burschi

https://www.virustotal.com/de/url/3eb5ca2543a97a6f328224628b0cdbe44c5c0b483cd5c5f039708cc6b6abf3d4/analysis/

https://www.virustotal.com/de/file/d5b10953ba949844a4ce4501f3f2cb079daa5f5eb8323b9580aef1f7eac899aa/analysis/1394858312/

2) http://da-tom.de/index.html

https://www.virustotal.com/de/url/724c6bf4ee6b5d900b4e9cc2885992b7339cdd0a6422e42e1d5973ab97e6b8fa/analysis/1394897761/

Heuristic.LooksLike.HTML.Suspicious-URL.H

https://www.virustotal.com/de/file/e24b03b63d7c7bd98e9d033c5f33d03d21240bfff1ca6e48cc691954e205ff69/analysis/1394897389/

Malicious: Shellcode URL= https:/www.tumblr.com/login
Suspicious: Shellcode of length 367/362

http://jsunpack.jeek.org/?report=c01b80ad328fd7e709a043e7992f87d98ea41d4b

https://urlquery.net/report.php?id=9912306

https://urlquery.net/report.php?id=9912311

IP =

http://66.6.44.4/ (NEW YORK, United States)

https://www.virustotal.com/de/url/86cb910a3b1312fb45f4e4f4f00e29f4837e887226027d22717dffade9916097/analysis/1394902018/

https://www.virustotal.com/de/ip-address/66.6.44.4/information/

HTML:
WHICH SAYS:

Whatever you were looking for doesn't currently exist at this address. Unless you were looking for this error page, in which case: Congrats! You totally found it.

https://www.virustotal.com/de/file/8dff95da15fc0496a51c88006fefcc4fc1d7f84eae5243d9a6c1f88dddf3bbf3/analysis/

5 Bad Host Appearences

https://www.projecthoneypot.org/ip_66.6.44.4

FOR FULL REPORT SEE .txt ICON (MINORITY REPORT):

California ONLINE CHILD PREDATORS 2010:
Pete Andre Flores, 24, of Thornton, Sentenced to Six Years in Prison for
Child Pornography Charges

On March 15th, 2012, United States Attorney Benjamin B. Wagner announced that Pete Andre Flores, 24, of Thornton, was sentenced by United States District Judge Morrison C. England, Jr. to six years in prison, to be followed by 10 years of supervised release, for possessing child pornography.

US Att. Ben Wagner

According to court documents, on February 6th, 2010, an undercover LE Officer from New Hampshire was invited by Flores to use a peer-to-peer file-sharing program. The officer downloaded approximately 200 files depicting child pornography directly from Flores. On February 16th, 2010, a Sacramento FBI agent downloaded 20 files from Flores that depicted child pornography.

On February 18th, 2010, a federal search warrant was executed at Flores’s residence, and more than 27.300 images of child pornography were found on a Acer laptop computer belonging to Flores.

USDJ Morrison England

This case was the result of an investigation by the FBI, Sacramento Division, Sacramento Valley Hi-Tech Crimes Task Force on Internet Crimes Against Children, and the Keene Police Department in New Hampshire. Assistant United States Attorneys Michelle Prince and Ellen Endrizzi prosecuted the case.

Category MALICIOUS IP: Cutwail Spambot on IP 194.176.111.154 (Kyrgyzstan)
Pushdo Malware and Zeus Botnet - Dictionary Attacker

The IP Address 194.176.111.154 is listed in the CBL (Composite Blocking List). It appears to be infected with a spam sending trojan, proxy or some other form of botnet. It was last detected at 2014-03-15 04:00 GMT (+/- 30 minutes), approximately 5 hours ago.

This IP is infected (or NATting for a computer that is infected) with the Cutwail Spambot. In other words, it's participating in a botnet.

Cutwail is a complex infection and requires a number of steps to ensure that it's eradicated.

First, Cutwail spams out very high volumes, and is one of the the largest vectors of malware on the Internet, and almost every cutwail infection also has a copy of the Pushdo (DDOS by web transaction) malware and/or the Zeus botnet. The Zeus botnet controls the Cutwail/Pushdo pair as well as does information stealing/keyboard logging. Hence, this is a very severe threat - not just to the owner of the infected computer, the other members of your internal network (if you have one) but the rest of the Internet too.

Second, there are two methods for detecting cutwail. One of the methods is by detecting the spams that cutwail sends. The other method does not work that way. This means that even if you block outbound port 25 from non-mail-servers on your local network, you can still detect a cutwail infection on your local network. This means that if you implement port 25 restrictions, you should implement logging so that you can detect what internal machines are being blocked by it and are thereby probably cutwail infections.

TO READ THE REST OF THIS ARTICLE, go to:

http://cbl.abuseat.org/lookup.cgi?ip=194.176.111.154

A small report on this IP can be seen by clicking the .txt. Icon:

Connecticut ONLINE CHILD PREDATORS 2012:
Arthur Galloway, 38, of Shelton Sentenced to 30 Months in Federal Prison
for Trading Child Pornography on the Internet

Deirdre M. Daly, Acting United States Attorney for the District of Connecticut, announced that Arthur Galloway, 38, of Shelton, was sentenced on June 27th, 2013, by United States District Judge Janet Bond Arterton in New Haven to 30 months of imprisonment, followed by 10 years of supervised release, for trading child pornography on the Internet.

According to court documents and statement made in court, on March 14, 2012, the Connecticut State Police Computer Crimes Unit, Shelton Police Department, and Federal Bureau of Investigation conducted a court-authorized search of Galloway’s residence and seized a laptop computer, an external hard drive, and other items. Investigators determined that Galloway used the Internet to trade numerous images and video of child pornography, and he was arrested at that time.

Subsequent forensic analysis of the seized items revealed that Galloway possessed 11 printed photographs, 913 images, and 45 videos of children engaging in sexually explicit conduct. Some of the videos exceeded 20 minutes in length.

On January 11, 2013, Galloway pleaded guilty to one count of receipt and distribution of child pornography.

The Connecticut Child Exploitation Task Force, which is housed at the main FBI field office in New Haven, investigates crimes against children occurring over the Internet and provides computer forensic review services for participating agencies.

3/14/2014

Just another Spam, from...
www.ratgeberplatz.com:
„15 Euro Gutschein bei BAUR sichern“
(„Get your 15 Euro Voucher from BAUR, Just like that!“)
from Germany

English:

www.ratgeberplatz.com is a Spamdomain. Just delete those mails. Do not click "unsuscribe Newsletter". If you do so, they only will register that you have read the Mail, and Spamming will become worse ! See Screenshot.

Related Posts:

Just another SPAM SCREENSHOT from ratgeberplatz.com...

Für Deutschsprachige Leser:

www.ratgeberplatz.com ist eine eindeutige Spamdomain. Diese Mails sollte man getrost löschen. Bloss nicht auf "Newsletter abbestellen" klicken. Das einzige was anschliessend geschieht, ist dass sie von dieser Domain noch mehr Spam geschickt bekommen, da sie sich durch ihren Klick preisgegeben haben, und die Domain ratgeberplatz.com nun weiss, dass sie die E-Mail gelesen haben! Siehe Screenshot.

Verwandte Artikel:

Interessenten können auch diesen Artikel lesen:
http://www.it-recht-kanzlei.de/abmahnung-unverlangt-zugesandter-email-newsletter.html

Category MALICIOUS IP: 91.200.13.57 (UKRAINE)
Comment Spammer
Spamhaus Listed SBL190623

Ukranian Flag in Colours

CATEGORY MALICIOUS IP: 91.200.13.57
(COMMENT SPAMMER, UKRAINE)

IP:

http://91.200.13.57/

https://www.virustotal.com/de/url/8dc15e28c1ef4acadca8a839d4ce140fcf76180fef657d7fbc6a1ed65d5d0b36/analysis/1394809243/

https://www.virustotal.com/de/ip-address/91.200.13.57/information/

THE IP IS LISTED AT SPAMHAUS (SBL): BOTNET SPAMMER

http://www.spamcop.net/w3m?action=checkblock&ip=91.200.13.57

E-MAIL REPUTATION: POOR

WEB REPUTATION: POOR

http://www.senderbase.org/lookup/?search_string=91.200.13.57

13.480 Web Post Submissions

https://www.projecthoneypot.org/ip_91.200.13.57

http://glubina.com.ua/

https://www.virustotal.com/de/url/0307b0678d32d537e08147614d05e160f27ac4f83777bc06c4083fa2997867b1/analysis/1394811245/

3/13/2014

Beware of PASSWORD STEAM-PHISHING from POLAND:
8 SITES hosted on the same Server
carding.pl
staemcommnity.com
steamcommunity.com.kz
steamcommunly.com
steamcomnuinity.com
steamcomnunitu.com
steamcomnuntly.com
stearncommynity.com

THE FOLLOWING DOMAINS ARE SETUP TO PHISH
YOUR PERSONAL INFORMATION LIKE PASSWORDS, E-MAIL ADRESS ETC from Steam:
DOMAINS ARE BLUE:

http://carding.pl

https://www.virustotal.com/de/url/cf559f3de9bbc8ec910a0c82b1219d7a73f1a180f48d36f61140c91b2891e943/analysis/

http://staemcommnity.com

https://www.virustotal.com/de/url/b71eae1b48b15e40c77ed5313f2ba168001e789bf22751e7bc66d4bfa5f02541/analysis/

http://steamcommunity.com.kz

https://www.virustotal.com/de/url/b703e98a91925b20103dfdee789405b1f6b7b06a7dafd522563dff3cf8871207/analysis/

http://steamcommunly.com

https://www.virustotal.com/de/url/a417baa1ba043ad0858ee2e5499763e373bdcf58fbe5a43cbfc089374059857e/analysis/

http://steamcomnuinity.com

https://www.virustotal.com/de/url/b40ad3922e0de4658aaac818f7bf6d867c224d65840af60b9711f70d442351fe/analysis/

http://steamcomnunitu.com

https://www.virustotal.com/de/url/ea9455325003675be1977842cd1b0e8c858762dcb0d3824227e9d13cdd2c1c07/analysis/

http://steamcomnuntly.com

https://www.virustotal.com/de/url/68b58963666dbb66f5501c091abff270551b66fc56175fd123802b3655e4d00c/analysis/

http://stearncommynity.com

https://www.virustotal.com/de/url/530e45299fce01a963c2e57182ae6e5f6ded4f76ad313662a9ea9a21b833b138/analysis/

IP =

http://91.188.124.157

https://www.virustotal.com/de/url/5c57e04dde30362f07ca72a10e36cbae0d475336197138e26ef986bf5f570612/analysis/1394729002/

ONLINE CHILD PREDATORS 2011:
Retired Florida Teacher Dale Chisena, Sentenced to 30 Years for Traveling to Kentucky for Sexual Relations with Two Juveniles

U.S. District Judge Karen Caldwell sentenced 60-year-old Dale Chisena for interstate travel to engage in sex with a person under 12 years of age. "I'm pleased to say that my Cybercrimes Investigators working with the U.S. Attorney's Office and the Florida Department of Law Enforcement have taken another child predator off of the streets," General Conway said.

Chisena admitted that in July of 2011 he engaged in numerous online chats with a person he thought was the mother of nine and 11-year-old daughters. In reality, Chisena was talking to one of General Conway's cybercrimes investigators working undercover. Chisena was indicted on federal charges in April of 2011. According to his plea agreement, Chisena explained in detail his intentions to engage in sexual acts with the mother and her two daughters.

Dale Chisena

"Mr. Chisena had every intention of sexually exploiting young children," said U.S. Attorney Kerry Harvey. "We were fortunate that he was chatting with an undercover officer and not vulnerable children."

On February 4, 2011, Chisena flew from Florida to Lexington. He was arrested shortly after arriving at Bluegrass Airport by investigators from General Conway's Cybercrimes Unit. Chisena had brought gifts for the girls and other items that indicated his intention to perform sexual acts on the girls.

The investigation was conducted by the Attorney General's office and the FBI. The U.S. Attorney's Office was represented in the case by its Fort Mitchel Branch Office.

Since its creation in June of 2008, General Conway's Cybercrimes Unit has launched more than 270 child pornography investigations and seized more than 300.000 child pornographic images and videos from the Internet.

Source: http://migration.kentucky.gov/newsroom/ag/chisenasentenced.htm

MALICIOUS VISITOR (to this blog):
keld-electronics.com
(IP: 194.143.194.106) SPAIN

DOMAIN:

http://www.keld-electronics.com/

https://www.virustotal.com/de/url/d27cb127f2a4373457990c1f6f3d38ff8d02edaa4ce045c050b0da62898b5c93/analysis/1394714792/

http://www.yandex.com/infected?url=keld-electronics.com&l10n=en

IP:

http://194.143.194.106/

https://www.virustotal.com/de/url/f14401acac4ed2c05f35eedd7703165aa347c5dca76d10dd064f90132af170b8/analysis/1394716080/

Bad Host Appearances: 99

https://www.projecthoneypot.org/ip_194.143.194.106

https://www.virustotal.com/de/ip-address/194.143.194.106/information/

3/12/2014

BAYER 04 LEVERKUSEN TRACKING FANS:
www.bayer04.de & Obfuscated PUA
(Leverkusen, GERMANY)

MALICIOUS BACKGROUND INTENT:
OBFUSCATED JS (PUA, TRACKER, SPYING) OUTSIDE THE HTMLSRC-HEADER

http://www.bayer04.de/

https://www.virustotal.com/de/url/b7d931cbc1a767be418ce46c6a010fc0c55d8cf7efd19ea827c0efc7ba8b6f46/analysis/1394658933/

Obfuscated PUA Link:

http://www.bayer04.de/webtrekk/webtrekk.js

https://www.virustotal.com/de/url/8a7ee2b1aed1dbbf6ee9e775ad9e098523120650cbf3248df0b8d5b118a6151b/analysis/1394659517/

PUA.JS.Obfus-2

https://www.virustotal.com/de/file/e004c9f7e78fa72379e72f04b2b897ec3f57f74675d25966c9cd1b6b5ad1ba84/analysis/1394659379/

http://virusscan.jotti.org/de/scanresult/725ffacc8f21b11ad85a21ba3b1c435d501aba89

IP =

http://184.25.102.88/

https://www.virustotal.com/de/url/55b77a9dbfd0212684dd8e10f930ab2db452cb09099358806dc2f5ac05bf1dc0/analysis/1394661164/

https://www.virustotal.com/de/ip-address/184.25.102.88/information/

Sinkhole Microsoft 199.2.137.0/24
Malicious Gambling Domain www.livecasino-turko.com
(ROMANIA & TURKEY)

MALICIOUS: Reply Sinkhole - Microsoft - 199.2.137.0/24

DOMAIN:

http://www.livecasino-turko.com/

https://www.virustotal.com/de/url/a807cd59e12ccd40e77d6239227ee79b885a1cea687988c112f94e4ff527954c/analysis/1394641932/

HTML

https://www.virustotal.com/de/file/4ab1791af09ffd1c745f3435e198a4fc64920ec250679dae253d90b84beafa4d/analysis/1394642068/

https://urlquery.net/report.php?id=9869953

https://urlquery.net/report.php?id=9869956

https://urlquery.net/report.php?id=9869957

--->

http://iddaliyim.org/javalar/c.js

https://www.virustotal.com/de/url/ff2108bc86ba5d6bd0a2b4e9f353b1a00fdb2089131a4d47001dd59b94e9acbb/analysis/1394642315/

https://www.virustotal.com/de/file/fb7d17d68c5d80cf0a364d927b1966bc0f75a68895c174a887e45a23afb58a9c/analysis/1394642319/

---->

http://46.45.138.126/analiz.gif?user=millenium13&wnos=4&wnobr=16&k=ccyes&referer=https%3A//www.google.com&l=http%3A//www.livecasino-turko.com/&w=1176&h=885&n=1&ce=true&r=0.3367771523564048&ns=1

https://www.virustotal.com/de/url/ce64637c5c560331bdf4e44eda2abba820c0bcc51a0c6697605e3201b41816d6/analysis/1394642488/

3/11/2014

ONLINE CHILD PREDATORS 2011:
Justin M. Bowman, age 26, of Glen Burnie, MARYLAND
(Child Porn Producer)

According to a plea agreement and statements in court, on June 21 and 22, 2011, Bowman used the computer at the gas station convenience store where he worked to view and download child pornography to the computer’s hard drive and to a thumb drive. After a store employee discovered Bowman’s activities on the computer, the Anne Arundel County Police began an investigation. On July 14, 2011, law enforcement executed search warrants and seized the computer from the store where Bowman worked, as well as Bowman’s home computer, netbook computer, and thumb drive from his residence.

All of the items seized contained images of minors engaged in sexually explicit conduct. The images found included those produced by Bowman at his home between September 8, 2010, and July 12, 2011 of three minor victims. Bowman admitted that he took sexually explicit photos of the victims - an 11-year-old boy and two toddlers, a boy and a girl. In addition to the images of child pornography that Bowman produced, there were more than 100 images of child pornography located on the seized items.

As part of his plea agreement, Bowman must register as a sex offender in the place where he resides, where he is an employee, and where he is a student, under the Sex Offender Registration and Notification Act (SORNA).

Source:
http://www.justice.gov/usao/md/news/2012/AnneArundelCountyManAdmitsSexualAbuseofChildrenafterCaughtDownloadingChildPornographyatWork.html

DAILY PHISH, SPAM & SCAM:
news.online-surftipps.com & gratisinfoservice.de (IP 2.1.8.110)
"Revolutionäre Geschäftsidee:
Steigen Sie ein, und verlieren Sie dabei ihr ganzes Vermögen"
FRANCE & GERMANY

Sehr geehrte Damen und Herren,

Jetzt gibt es ein neues revolutionäres Geschäftsmodell, mit dem Sie in einen der größten Märkte weltweit einsteigen können.

Welcher das ist, erfahren Sie hier.

http://gratisinfoservice.de/ilead.php?prodid=_&agent=_

SCAM-Screenshot

http://gratisinfoservice.de/

https://www.virustotal.com/de/url/e1b612f6268292103b7df2845a421146f141143c714ef342b3a66f20b20eea8b/analysis/1394563241/

http://gratisinfoservice.de/ilead.php

https://www.virustotal.com/de/url/5a7fbc141a4903d49a1ef4f967d29681d710596b9497007d9319d6f4f6f29ddf/analysis/

Originating IP

2.1.8.110

https://www.virustotal.com/de/url/f511e3823cedc584bdcd55ec4b788197390a851dcf630c4398caba3cbc929d36/analysis/1394563757/

LISTED AT SPAMHAUS (PBL):

http://www.spamhaus.org/query/bl?ip=2.1.8.110

Email Reputation: Poor

http://www.senderbase.org/lookup/?search_string=2.1.8.110

------------------------------------------------------------------------------------------------------------------------

http://news.online-surftipps.com/

https://www.virustotal.com/de/url/9b289c2e28e2790291f4b6fad96c31623ea5894c4867379652d4adbda52f3b38/analysis/1394563975/

MALWARE (RE-)NEWLY DETECTED:
HEUR:Trojan.Script.Generic on shoppingbasketsrus.com
IP: 174.127.107.2
(Providence, Utah, UNITED STATES & SPAIN)

Lets go Shopping...with...

... http://shoppingbasketsrus.com/

https://www.virustotal.com/de/url/ddde76b76f146499e1519c8953f10610b03bbccf9357bb26d35367a21b25b689/analysis/1394550645/

http://www.shoppingbasketsrus.com/

https://www.virustotal.com/de/url/0005ee1f15048e13908a59b7df9c634ff17e9e50182f5220728fe042dbbe8979/analysis/1394554790/

HEUR:Trojan.Script.Generic

https://www.virustotal.com/de/file/b0f9fb1ab3c4ec1ed2d4c96b4fb875cbd361932fab35c3f221b2daf223048527/analysis/1394550908/

IP =

http://174.127.107.2/ (U.S.A.)

https://www.virustotal.com/de/url/781f439b7de4b4b27ae584f451c61c3fa7559986cd12bfd69b80d48739c1d8e6/analysis/1394555995/

https://www.virustotal.com/de/ip-address/174.127.107.2/information/

Fwd/Rev DNS Match: NO
EMAIL REPUTATION: POOR

http://www.senderbase.org/lookup/?search_string=174.127.107.2

--->

http://verification.mvpitsolutions.com/lander/Password%20Page_files/gwjs.js

https://www.virustotal.com/de/file/04b7e22618e86fbcd0242cce19626981f788f7a6c0e69bf54201f802054f8d3a/analysis/1394555081/

HTML (404)

https://www.virustotal.com/de/url/7b5064aad4683d29fef4d5b14bf22411fb3f4cd663342ffbefeb2d411d269795/analysis/1394555026/

---->

http://verification.mvpitsolutions.com/lander/AdBlock%20Must%20be%20Disabled%20to%20View%20This%20Content.html

https://www.virustotal.com/de/url/d13d219e99e9958a8eab825a839d62934595d5d4fc849a57873d623266808565/analysis/1394555414/

HTML (404)

https://www.virustotal.com/de/file/8eeb187060f0d745b00173b7feb76365f600970bfce36d4a21948493fb5b70d0/analysis/1394555378/

----->
about:blank

http://wepawet.iseclab.org/view.php?hash=ec748845ad651dd3700100f201b6e130&t=1394550651&type=js

IP =

http://127.0.0.2/ (AT HOME :D)

https://www.virustotal.com/de/url/5c2bf869c66bc4bc9e87344962d5e7d31ee7f66a9fb3e0ce83486bd74e9bdf05/analysis/

----------------------------------------------------------------------------------------------

REMOTE URL (HIDDEN IFRAME)

http://sexshopsexy.es/waser.html

https://www.virustotal.com/de/url/9d71724af54a74209f495b747c83b5610f41eaaaecb879007e4f6d7b6f2607d2/analysis/1394555819/

HTML (NOT FOUND)

https://www.virustotal.com/de/file/93d1612f07cc23a297f4e66afcdf964e6d7b708f919a62eb80b4a7802002d798/analysis/1394555637/

IP =

http://188.95.253.83/ (SPAIN)

https://www.virustotal.com/de/url/b57b575458c48a2005bf4214f3fa26f3eaa93fa6cba17e8632b2dba87160c324/analysis/1394556604/

https://www.virustotal.com/de/ip-address/188.95.253.83/information/

Category MALICIOUS IP: 177.55.96.212 (BRAZIL)
Listed at SPAMHAUS (CBL)
Linux, FreeBSD or some other form of UNIX

The IP Address 177.55.96.212 is listed in the CBL (Composite Blocking List). It appears to be infected with a spam sending trojan, proxy or some other form of botnet. It was last detected at 2014-03-04 14:00 GMT (+/- 30 minutes), approximately 6 days, 21 hours ago.

CBL has detected that this IP is infected with (or NATting for) a spambot that attempts to break into other systems using stolen or compromised credentials and sends VERY VERY large volumes of spam. The infected machine is probably Linux, FreeBSD or some other form of UNIX, but sometimes Windows machines are infected. CBL has zero tolerance for reinfections.

Of late some of these infections are facilitiated by a SSH Rootkit. See this link for more details.

In most cases, this IP address would be that of a shared hosting environment. If you are a customer of this environment, you will almost certainly not be able to do anything about it, only the administrators of the hosting environment itself can. Please contact your administrators, and refer them to this page.

If the administrators are reluctant to do anything please try to convince them, because there is nothing you can do to fix this problem.

One way of finding the user that is infected and spewing spam is to use the "lsof" (list open files) utility. "lsof" is available for most versions of UNIX-like systems such as Linux as part of the official distribution, but may not be installed by default. So first, make sure you have it installed. On many systems such as Ubuntu, you can install it by:

TO READ THE REST OF THIS ARTICLE, go to:

http://cbl.abuseat.org/lookup.cgi?ip=177.55.96.212

An example of a Malicious Domain hosted in this IP is for example:

http://jatrol.com.br/

To see the full Report of this Domain, click the .txt Icon:

3/10/2014

Newly Detected: HEUR:Trojan.Script.Generic @ doxyworld.pagesperso-orange.fr (IP: 193.252.122.54) FRANCE, GERMANY

NEWLY DETECTED MALWARE PAGE: HEUR:Trojan.Script.Generic

DOMAIN:

http://doxyworld.pagesperso-orange.fr/

https://www.virustotal.com/de/url/be5e27bd2dab4929346a3864e019a06629eabd2ec299fc273e3adedd827bb8eb/analysis/

HEUR:Trojan.Script.Generic

https://www.virustotal.com/de/file/1001774c185cdf8ae86cf818031e76284cb449ada029e67cd6b4e5768052e23d/analysis/1394454288/

TDS URL PATTERN

https://urlquery.net/report.php?id=9843517

--->

http://asdpietroguarino.ilbello.com/post.php?id472092

https://www.virustotal.com/de/url/1304d7f29d95a0bafaf13f6ecf4f9c082702bfe8109abe22a5a56b87ed058a91/analysis/1394454714/

3/09/2014

Trojan-Clicker.HTML.IFrame.afm found on albertselectrical.com (SPAMMER-IP: 199.204.248.105)
Columbus, Ohio, United States

RECENTLY DETECTED, MALWARE:

Trojan-Clicker

DOMAIN:

http://albertselectrical.com/

https://www.virustotal.com/de/url/ae15e043b2ac961b89d21dd3057338e4a926e5ea6821b74bf39c2ce37764c40d/analysis/1394398411/

Trojan-Clicker.HTML.IFrame.afm

https://www.virustotal.com/de/file/4ec978ff6cae8e113183141ba1ba1443328fb44fea9fcf575becf2cd5f9b4de4/analysis/1394398285/

--->

http://bfdedzzazbzcgc.users.iframecounter.ru/?s=1

https://www.virustotal.com/de/url/5c143a2fcce63ecfaa12a7023c281b25a8f27ba5b2d25dee3d48164071e910c1/analysis/1394398670/

IP =

http://199.204.248.105/

https://www.virustotal.com/de/url/47ee985cd24c5e3899fb96950e5e128ee6e80c562fee2f7b70912ca237be0eba/analysis/1394398823/

https://www.virustotal.com/de/ip-address/199.204.248.105/information/

SPAM LEVEL: VERY HIGH

http://www.senderbase.org/lookup/?search_string=199.204.248.105

The Hidden Idiot................................................................................

.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

RECENT DETECTION: alkhaleejperfumes.com
Redirects with Trojan.JS.Redirector.aaw to Russian (Perfume)-Phishing
Russian Federation & United States

MALWARE: Trojan.JS.Redirector.aaw
(PERFUME PHISHING)

DOMAIN:

http://alkhaleejperfumes.com/

https://www.virustotal.com/de/url/4bba656a716030859df99c8ecb9dd5dee4a6ba47fd1e8ddb8e80fdbf0eb4ccf9/analysis/1394391837/

Trojan.JS.Redirector.aaw

https://www.virustotal.com/de/file/709c7765d82d32cdfa2654b58703b439a41b8e75d88d8ed31026c469264b98b4/analysis/1394391738/

--->

Spamhaus DROP Listed Traffic Inbound group 5

http://91.239.15.61/google.js

https://www.virustotal.com/de/url/afcd08ea9a1a624f0151b849b1d1b3d92be1aa89624c7ca7aa621122e71d7182/analysis/1394392195/

OTHER IP:

http://205.251.156.146/

https://www.virustotal.com/de/url/6ff1953bbfa5881e8ea13c832d049bca05ea53875180e59abf9dd53b872e4aa1/analysis/1394392398/

https://www.virustotal.com/de/ip-address/205.251.156.146/information/

Translate

3/15/2014

3/14/2014

English:

Für Deutschsprachige Leser:

3/13/2014

3/12/2014

3/11/2014

3/10/2014

3/09/2014