Malware Database

There’s no end in sight for the malspam campaign that we’ve been blogging about. This is a new round of spam emails we’ve received again with current events in the subject and body to get the user to click the link. The file get_flash_update.exe is still being pushed with these websites. They are still changing the landing page as you’ll see below. Some are on the same domains, but different landing pages (livestreaming.html, top.html, whatsup.html).

Warning: These sites are active. Proceed at your own risk.

hxxp://chantal-carlioz.fr/livestreaming.html
hxxp://didierbrockly.info/livestreaming.html
hxxp://jabezinformatica.com/livestreaming.html
hxxp://jugendtanzgruppe.de/livestreaming.html
hxxp://ministerstwo.nazwa.pl/livestreaming.html
hxxp://moveonforu.oranc.co.kr/livestreaming.html
hxxp://quimigama.net/livestreaming.html
hxxp://rmodelismo.com/livestreaming.html
hxxp://rogger.it/livestreaming.html
hxxp://sabineanton.de/livestreaming.html
hxxp://scemprestimoconsignado.com.br/livestreaming.html
hxxp://steveellery.com/livestreaming.html
hxxp://thalies.com/livestreaming.html
hxxp://www.femyp.com/livestreaming.html
hxxp://www.firma-thummerer.de/livestreaming.html
hxxp://www.nawaro-management.de/livestreaming.html
hxxp://www.outwork-for-you.de/livestreaming.html
hxxp://www.porzellanklinik-hinz.de/livestreaming.html
hxxp://www.restekiste.com/livestreaming.html
hxxp://www.tch-clubhaus.de/livestreaming.html
hxxp://z0l7.com/livestreaming.html

hxxp://duka-coaching.dk/top.html
hxxp://www.promo2.es/top.html
hxxp://fedecopy.com.ar/top.html
hxxp://www.urresti.es/top.html
hxxp://www.browsetomy.gmxhome.de/top.html
hxxp://www.aquasphere.cz/top.html

hxxp://halkjaer.biz/whatsup.html
hxxp://frankietomattos.com/whatsup.html
hxxp://duka-coaching.dk/whatsup.html
hxxp://manuelarodriguez.com.br/whatsup.html
hxxp://snoopen.de/whatsup.html