Archive for June 4th, 2009

04
Jun

New rogue domain: top-pornnet.com

By djpnuemo Comments
Categories: Database Update, Malicious Domains, Malware and Rogue Security Software

Another rogue domain recently registered pushing rogue security programs.  Same IP as other domains posted about.

Related posts:
http://malwaredatabase.net/blog/index.php/2009/06/03/new-rogue-domain-antivir-softcom/
http://malwaredatabase.net/blog/index.php/2009/06/02/new-rogue-domain-best-safety-softwarecom/
http://malwaredatabase.net/blog/index.php/2009/05/27/new-rogue-domain-antivirus-protection-toolscom/

Whois entry for top-pornnet.com 78.129.166.166
Vasilij Lanus ()
Fax:
Prospekt Mira 2.3.4
Moscow, 112111
RU

flash_player_plugin.exe (Privacy Center)
Result: 12/39 (30.77%)
MD5: ce76fb0375f6bf2717371ec43ff6ede2
VirusTotal
ThreatExpert Analysis
hxxp://top-pornnet.com/promo1/get.php?aid=0&vname=flash_player_plugin

04
Jun

Malware codec website: tvtube.myphotos.cc

By djpnuemo Comments
Categories: Codec, Database Update, Infection, Malicious Domains, Malware and Rogue Security Software

Found this website distributing a malware codec that will install a rogue security program.  The myphotos.cc domain is a dymanic DNS service.

The referrer that brought us to tvtube.myphotos.cc was olimpians.ru.  This domain contained a php file that had the following line to direct us to the codec website.

window.location=”http://”+”tvtube”+”.myphotos.cc”+”/”;

Whois entry for olimpians.ru 77.221.130.29

codec.exe (PC Defender)
Result: 19/39 (48.72%)
MD5: 675777f309675e1fa7455c5ca4303ff6
VirusTotal
ThreatExpert Analysis



 

June 2009
M T W T F S S
« May   Jul »
1234567
891011121314
15161718192021
22232425262728
2930