Mass propagation of malware in fake codecs
On another occasion he commented that both the creators and disseminators of malicious code continue to use old and other familiar techniques of deception as is the spread of malware through fakecodecs, supposedly necessary for viewing videos fake.
This proven technique of deception (visual social engineering) is being actively used and massively to the spread of Trojan downloader. The name of the Trojans may be:
TubeViewer.ver.6.exe (MD5: 1E66BEFC96CBC87FE58A8167A287ADA9)
TubePlayer.v.9.exe (MD5: 88427AF3D5DD4F641589AA0D2D40DB59)
tubeviewerfile.exe (MD5: 64C66D519FFFD889221436E09721F403)
tubeviewerfile.exe (MD5: 1F7D97194AD503A6B355DF1CEFBF001F0)
tubeviewerfile.exe (MD5: 5F25C00280E0F9075E47DCB06E908B15)
tubeviewerfile.exe (MD5: B120D58ACC1CE584E07C5F648A45AD01)
tubeviewerfile.exe (MD5: 429E897FAE57E5EA19C81B39D3745CC6)
TestCodec.v.3.127.exe (MD5: 1E2404CBAFB1E617AB0B0D3DB3EF46E3)
FlashPlayer.v.exe (MD5: CD612747CF868DF8647D47DE23AED47F)
In this case, all the url's from where you download the malware are pornographic sites, a highly exploited resource to try to infect the systems of users who use such sites.
digg .com / celebrity / Namitha_Nude_Video
broken-tv .com / broadcast /? d = Namitha_nude
tube-nonstop-sluts videos-.com / xplaymovie. php? id = 20,081
2009-tube-collection .com / XPlay. Php? Id = 20,467
tube-sex-xxx-tube .com / xplays. php? id = 1802
tube-sex-xxx-tube .com / XPlay. php? id = 1760
tube-sex-xxx-tube.com/xplay.php? id = 1819
streamingonlinetube .com / xplaymovie. php? id = 385
streamingonlinetube .com / xplaymovie. php? id = 334
celebnudestars .net / index. php? q = Gay% 20Group% 20Sex% 20Video
celebnudestars. net
xxxporn-tube .com/123/2/FFFFFF/3127/TestCodec/Best
xxxporn-tube. com
brakeextra. com
uporntube-07. com
porntubenew. com
tubeporn08. com
tubeporn09. com
porn-tube09. com
broken-tv .com / broadcast /? d = Namitha_nude
tube-nonstop-sluts videos-.com / xplaymovie. php? id = 20,081
2009-tube-collection .com / XPlay. Php? Id = 20,467
tube-sex-xxx-tube .com / xplays. php? id = 1802
tube-sex-xxx-tube .com / XPlay. php? id = 1760
tube-sex-xxx-tube.com/xplay.php? id = 1819
streamingonlinetube .com / xplaymovie. php? id = 385
streamingonlinetube .com / xplaymovie. php? id = 334
celebnudestars .net / index. php? q = Gay% 20Group% 20Sex% 20Video
celebnudestars. net
xxxporn-tube .com/123/2/FFFFFF/3127/TestCodec/Best
xxxporn-tube. com
brakeextra. com
uporntube-07. com
porntubenew. com
tubeporn08. com
tubeporn09. com
porn-tube09. com
Other topics heavily exploited is the download warez, crack, keygen, etc.., Where far downloading the program desired by the user, which is a malware download. In fact, most of the addresses set forth on this post sharing the same IP address with other registered domains which refer to the software download but still without content such as:
extra operations. com
player-codec. biz
quicktimeupdate. com
shortdownload. com
soft-free-updates. com
spacekeys. net
TurboPlay. net
keyengage. net
mega-player. net
xp-extra. com
So maybe soon we learn of a new wave of spreading malware through these domains.
Related information:
Deception techniques that do not go out of style
Jorge Mieres
0 comentarios:
Post a Comment