Thursday, July 17, 2008

Malware distributing sites

Malware distributing sites

Zlob Trojan Distributing site:

Site Name: Movieexternal.com
IP Address: 77.91.231.201

Site Name: Licensingvideo.com
IP Address: 85.255.120.107

DNS Changer Trojan Distributing site:

Site Name: Uinticket.com
IP Address: 64.28.184.181

Site Name: Uinticket.net
IP Address: 64.28.184.182

Trojan-Downloader Distributing sites

Site Name: Veryhodownload.com
IP Address: 58.65.238.34

The Trojan installs the following Malicious BHO

O2 - BHO: BHO.Filter - {4AD3A71E-8ED4-40F5-9A81-69245BDCBB75} - C:\WINDOWS\system32\inte_f.dll

These sites belongs to IE-defender family and the BHO is used to push IE-Antivirus which is a well documented rogue security application. Currently the trojan is distributing IE-Antivirus 3.3

Following are the new sites that the rogue security application is using for its dirty work:

Site Name: Ie-antivirus-order.com
IP Address: 89.149.208.179

Site Name: Getieantivirus.com
IP Address: 58.65.238.34
Ref: Getieantivirus. com/ie-av.exe

MediaTubeCodec Trojan Distributing site:

Site Name: Maxibestsoft.com
IP Address: 91.203.70.18

Stay away from all these sites.

Bharath M N

blog comments powered by Disqus