MalwareIntelligence is a site dedicated to research on all matters relating to anti-malware security, criminology computing and information security in general, always from a perspective closely related to the field of intelligence.

24.1.09

Massive exploitation of vulnerabilities through ghost servers

The number of Chinese domains are used daily to exploit vulnerabilities in the computers of people accessing web pages designed for malicious purposes, it is really important.


These servers host pages containing exploits weaknesses for different Microsoft Windows operating systems and some other applications. Currently being used massively for the spread of malicious code.

According to ThreatExpert, China along with Russia make up the two countries with the highest rate of spread of threats.
The domains described below are part of server farms hosted in ghosts and many are active, so it is suggested to be careful if you want to access them. The purpose of making known these domains is purely investigative and informative, and considered useful for blocking malicious URLs.

705sese *. cn (59.34.197.15) contains exploits for MS06-014, MS08-067, StormPlayer, RealPlayer running from / a2/fxx.htm and download the binary al.css time exploiting vulnerabilities in MS08-067.
d.bc-s350 *. cn
(58.253.68.65) download the binary gr.exe (MD5: abd5bcb105dd982ae0b9c1f8c66bc07c - virus total report 33/39).
yandex2 *. cn (193.138.172.5) download the binary load.exe (MD5: 2ce6d3c0f526f96b32db8cef06921ffc - virus total report 23/39) from / load.php? id = 21 & spl =5.
*. cn MetaGer
(193.138.172.5)
*. cn copy-past
(195.242.161.24) contains exploit.
whitebiz *. cn (91.211.64.155) download a binary called load.exe (MD5: d7d03b7ea57ecaf008350a4215f8e2bc-virus total report 12/39) from / service /load.php.
*. cn winesamile
*. cn bigsellstaff
*. cn cntotalizator

*. com party-tests

*. fresh-best-movies cn

*. cn helinking

*. cn ns2.oxdnski

*. cn onlinestat

*. cn trafiks

783456788839 *. cn (195.190.13.106) from downloading Trojan / load.php? Spl =zango1. 234,273,849,543 *. cn
*. Cn 384756783900

*. Cn 109438129432
sinakis *. cn
(91.211.64.89) download malware from / baner / load.php? id = 187 & spl = 4 *. nohtingherez cn (217.20.112.96) download the binary adv111.exe (MD5: 4adc9c50005c301db9af13f8467801f7 - virus total report 14/37).
o6ls *. cn
(91.203.4.137) download malware from / load.php? id = 3459 & spl =4.

Jorge Mieres

0 comentarios:

Post a Comment