MalwareIntelligence is a site dedicated to research on all matters relating to anti-malware security, criminology computing and information security in general, always from a perspective closely related to the field of intelligence.

30.7.09

A recent tour of scareware XI

Malware type scareware are increasing and have attained a high level of spread and infection globally, combining different methods of deception to the propagation process and using new domains.

Below are some of them so they can be frozen and thus minimize the potential risk of infection. However, it's clear that this list represents only a small percentage of the huge volume of daily scareware that appears. 


XP Deluxe Protector
MD5: 8df5930924c6ba659033554764beed67
IP: 85.10.194.157, 213.182.197.46
Germany Germany Gunzenhausen Hetzner-rz-nbg-net
Domains associated
xp-deluxeprotector .com
xpdeluxeprotector .com
antispy2009 .net
antispy2009 .net/onlinescan/index.php
butterflysearch .net

Result: 24/41 (58.54%)

retulahertomanof.com/2/installer/Installer.exe?u=1025&s=e8f4f9a25ccda16144f11cd34e2528ff&t=2 (98.126.38.28) - United States Orange Vpls Inc. D/b/a Krypt Technologies
wertabulionsedaf .com/2/installer/Installer.exe?u=1025&s=e8f4f9a25ccda16144f11cd34e2528ff&t=2 (174.37.235.106) - United States Softlayer Technologies Inc
download.sttcounter.cn (211.95.78.98) Install.exe - China United Telecommunications Corporation
securedvirusproscanner.com (94.102.48.29)
personalfolderscanv2 .com (78.46.251.41) - Germany Siarhei Shandrokha
bestdomus .com/Klitecodec.exe (216.39.57.104) - United States Sunnyvale Altavista Company
downloadsoftwareserver3 .com/xpdeluxe.exe (213.182.197.46) - Latvia Riga Real_host_net
exereload .com (95.211.8.20) - Netherlands Netherlands Leaseweb

scanworldwideweb .com/download.php?affid=18911, securityscanavailable .com/hitin.php?land=20&affid=20100 (209.44.126.22), scanriteweb .com/hitin.php?land=98&affid=16100 (209.44.126.36), namearra.info (209.44.126.152), totalsecuritysite.com/scan.php?affid=20900 (209.44.126.81) - Canada Laval Netelligent Hosting Services Inc

goscaniron .com, goscanslim .com, goslimscan.com (38.105.19.27) - United States Psinet Inc
pornotube915 .com/scan (78.46.88.142) - Germany Gunzenhausen Hetzner-rz-nbg-net

befynru .cn/?wm=70106, dakbesy .cn/?wm=70106, atoylev .cn/?wm=70321 (195.95.151.174) - Ukraine Kiev Eastnet-ua-net

ancom1 .ru/tds/go.php?sid=&sref= (87.118.84.124) - Germany Erfurt Keyweb Ag Ip Network
genantivirus .com (188.40.52.180) - Germany Hetzner
zocleaner .com/download.php?affid=00000, sucupdate.com/download.php?affid=00000, ircleaner .com (89.149.250.12) - install.exe - Poland Netdirect-net-dediserv

sprut-cluster .info (174.142.113.206), anti-virus-best.com (174.142.113.202) - Canada Iweb Technologies Inc

Home Antivirus 2010
MD5: 28b293e5556cd6490c6bd50e762711e0
IP: 72.52.210.131
Germany Germany Gunzenhausen Hetzner-rz-nbg-net
Domains associated
home-anti-virus2010 .com
homeantivirus2010 .com
homeav2010 .com

Result: 14/40 (35%)

Related information this Blog
Una recorrida por los últimos scareware X
Una recorrida por los últimos scareware IX
Una recorrida por los últimos scareware VIII
Una recorrida por los últimos scareware VII
Una recorrida por los últimos scareware VI
Una recorrida por los últimos scareware V
Una recorrida por los últimos scareware IV
Una recorrida por los últimos scareware III
Una recorrida por los últimos scareware II
Una recorrida por los últimos scareware

Jorge Mieres

0 comentarios:

Post a Comment