Massive exploitation of vulnerabilities through ghost servers
The number of Chinese domains are used daily to exploit vulnerabilities in the computers of people accessing web pages designed for malicious purposes, it is really important.
These servers host pages containing exploits weaknesses for different Microsoft Windows operating systems and some other applications. Currently being used massively for the spread of malicious code.
705sese *. cn (59.34.197.15) contains exploits for MS06-014, MS08-067, StormPlayer, RealPlayer running from / a2/fxx.htm and download the binary al.css time exploiting vulnerabilities in MS08-067.
d.bc-s350 *. cn (58.253.68.65) download the binary gr.exe (MD5: abd5bcb105dd982ae0b9c1f8c66bc07c - virus total report 33/39).
yandex2 *. cn (193.138.172.5) download the binary load.exe (MD5: 2ce6d3c0f526f96b32db8cef06921ffc - virus total report 23/39) from / load.php? id = 21 & spl =5.
*. cn MetaGer (193.138.172.5)
*. cn copy-past (195.242.161.24) contains exploit.
whitebiz *. cn (91.211.64.155) download a binary called load.exe (MD5: d7d03b7ea57ecaf008350a4215f8e2bc-virus total report 12/39) from / service /load.php.
*. cn winesamile
*. cn bigsellstaff
*. cn cntotalizator
*. com party-tests
*. fresh-best-movies cn
*. cn helinking
*. cn ns2.oxdnski
*. cn onlinestat
*. cn trafiks
783456788839 *. cn (195.190.13.106) from downloading Trojan / load.php? Spl =zango1. 234,273,849,543 *. cn
*. Cn 384756783900
*. Cn 109438129432
sinakis *. cn (91.211.64.89) download malware from / baner / load.php? id = 187 & spl = 4 *. nohtingherez cn (217.20.112.96) download the binary adv111.exe (MD5: 4adc9c50005c301db9af13f8467801f7 - virus total report 14/37).
o6ls *. cn (91.203.4.137) download malware from / load.php? id = 3459 & spl =4.
Jorge Mieres
0 comentarios:
Post a Comment