Saturday, March 15, 2008

Malicious sites:

Malicious sites

The following web sites contain Malware payloads:

1. 5yearscontract(dot)com
2. Bulletproofstuff(dot)com
3. Deluxenote(dot)com
4. Digitsdndletters(dot)com
5. Faxmonitoring(dot)com
6. Fklgjslkj(dot)com
7. Itsnotjoke(dot)com
8. Medicasntred(dot)com
9. Mynameisseller(dot)com
10. Polanddreams(dot)com
11. Toneandpulse(dot)com
12. Tredinsa(dot)com
13. Vertuslkj(dot)com
14. Warinmyarms(dot)com

All these sites share the same IP address 58.65.239.114 please make sure not to visit any of the sites as they uses Iframe and java scripts to push malwares on to your system.

Also reported by SecuBox Labs:

Also these sites were involved in the attack:

abc-powers.com -> the site dropped “ieupdater.exe” file
nt-users.com -> the site instructs the infected machine to download various files from the IP 58.65.239.42

58.65.239.42 -> downloads the following file
i5.exe
ldig0031242.exe
alexey.exe

fbceeefbdede.com -> instructs to download files from deborah2.biz
deborah2.biz- > drops “wssl54.exe

The malware does lots of damages to your system downloads zlob,vundo, rogue security applications, changes registry keys, changes host files and does many nasty things.

Please stay away from these sites.

Bharath M N

blog comments powered by Disqus