Danmec Bot, Fast-Flux networks and recruitment of Zombies PCs
Danmec or Asprox, is the name of a trojan designed to recruit zombie machines while collecting confidential information from each of the victims it infects.
While the emergence of this trojan isn't new, now uses more complex strategies than those usually used by other malicious code, including its early variants, as techniques Fast-Flux to avoid detection by blocking programs and infect as many computers aspossible.
Currently, the networks Fast-Flux and massively exploited actively by thousands of Russian origin domains, activating again as that created by botnets Danmec.
While the emergence of this trojan isn't new, now uses more complex strategies than those usually used by other malicious code, including its early variants, as techniques Fast-Flux to avoid detection by blocking programs and infect as many computers aspossible.
Currently, the networks Fast-Flux and massively exploited actively by thousands of Russian origin domains, activating again as that created by botnets Danmec.
google-analitycs.lijg. ru
fmkopswuzhj. biz
fnygfr. com
fvwugekf. info
fwkbt. info
gbrpn. org
gbxpxugx. org
ghtileh. biz
gnyluuxneo. com
fuougcdv. org
www. dbrgf. ru
www. bnmd. kz
www. nvepe. ru
www. mtno. ru
www. wmpd. ru
www. msngk6. ru
www. vjhdo. com
www. aspx37. I
google-analitycs.dbrgf. ru
www. advabnr. com
www. lijg. ru
www. dft6s. kz
Each of these domains hosting the following script, written in JavaScript, called script.js (MD5:ccec2c026a38ce139c16ae97065ccd91), from which runs a Drive-by-Download:
This call through the iframe tag is made to a URL that is part of a network active Fast-Flux.; google-analitycs.lijg.ru. IN A
;; ANSWER SECTION:
google-analitycs.lijg.ru. 600 IN A 68.119.39.129
google-analitycs.lijg.ru. 600 IN A 69.176.46.57
google-analitycs.lijg.ru. 600 IN A 71.12.89.233
google-analitycs.lijg.ru. 600 IN A 76.73.237.59
google-analitycs.lijg.ru. 600 IN A 97.104.40.246
google-analitycs.lijg.ru. 600 IN A 98,194,180,179
google-analitycs.lijg.ru. 600 IN A 146.57.249.100
google-analitycs.lijg.ru. 600 IN A 151,118,186,131
google-analitycs.lijg.ru. 600 IN A 165.166.236.74
google-analitycs.lijg.ru. 600 IN A 173.16.99.131
google-analitycs.lijg.ru. 600 IN A 173.17.180.79
google-analitycs.lijg.ru. 600 IN A 24,107,209,119
google-analitycs.lijg.ru. 600 IN A 24,170,188,201
google-analitycs.lijg.ru. 600 IN A 68.93.61.194
;; AUTHORITY SECTION:
lijg.ru. 339,897 IN NS ns3.lijg.ru.
lijg.ru. 339,897 IN NS ns2.lijg.ru.
lijg.ru. 339,897 IN NS ns1.lijg.ru.
lijg.ru. 339,897 IN NS ns5.lijg.ru.
lijg.ru. 339,897 IN NS ns4.lijg.ru.
;; Query time: 263 msec
;; SERVER: 192.168.240.2 # 53 (192.168.240.2)
;; WHEN: Sun Jan 25 20:31:57 2009
;; MSG SIZE rcvd: 356
While each of the lines set out above web addresses are a new farm networks Fast-Flux with IP group mirrors.
Fast-Flux is an advanced technique used for malicious purposes, together with others, for the propagation of hazards. This forces them to be cautious at all times.Jorge Mieres
0 comentarios:
Post a Comment