New Pack of Malicious sites
Site Name: siiprogram.com
IP Address: 85.255.118.180
Registrar: ESTDOMAINS, INC.
Name Servers:
ns1.siiprogram.com [85.255.118.180]
ns2.siiprogram.com [85.255.118.181]
Site Name: sisperformance.com
IP Address: 85.255.120.110
Registrar: ESTDOMAINS, INC.
Name Servers:
ns1.sisperformance.com [85.255.120.110]
ns2.sisperformance.com [85.255.120.106]
IP Address: 85.255.118.180
Registrar: ESTDOMAINS, INC.
Name Servers:
ns1.siiprogram.com [85.255.118.180]
ns2.siiprogram.com [85.255.118.181]
Site Name: sisperformance.com
IP Address: 85.255.120.110
Registrar: ESTDOMAINS, INC.
Name Servers:
ns1.sisperformance.com [85.255.120.110]
ns2.sisperformance.com [85.255.120.106]
The installers from these two sites were scanned and here are the results:
Virustotal Scan Result: 7/32 (21.88%)
Avast 4.7.1098.0 2008.01.15 Win32:Zlob-AHS
AVG 7.5.0.516 2008.01.15 Downloader.Zlob.RN
BitDefender 7.2 2008.01.15 Trojan.Downloader.Zlob.ABGS
ClamAV 0.91.2 2008.01.15 Trojan.Dropper-2529
DrWeb 4.44.0.09170 2008.01.15 Trojan.Popuper.origin
F-Prot 4.4.2.54 2008.01.14 W32/Zlob.I.gen!Eldorado
Microsoft 1.3109 2008.01.15 TrojanDownloader:Win32/Zlob.gen!AL
Virustotal Scan Result: 7/32 (21.88%)
Avast 4.7.1098.0 2008.01.15 Win32:Zlob-AHS
AVG 7.5.0.516 2008.01.15 Downloader.Zlob.RN
BitDefender 7.2 2008.01.15 Trojan.Downloader.Zlob.ABGS
ClamAV 0.91.2 2008.01.15 Trojan.Dropper-2529
DrWeb 4.44.0.09170 2008.01.15 Trojan.Popuper.origin
F-Prot 4.4.2.54 2008.01.14 W32/Zlob.I.gen!Eldorado
Microsoft 1.3109 2008.01.15 TrojanDownloader:Win32/Zlob.gen!AL
Site Name: websoft-a.com
IP Address: 79.143.178.30
Registrar: ESTDOMAINS, INC.
Name Servers:
ns1.websoft-a.com [79.143.178.30]
ns2.websoft-a.com [79.143.178.30]
The installer from the site was scanned and here are the results:
Virustotal Scan Result: 7/32 (21.88%)
AntiVir 7.6.0.48 2008.01.15 TR/Dldr.Zlob.KA
BitDefender 7.2 2008.01.15 Trojan.Peed.ISW
CAT-QuickHeal 9.00 2008.01.15 (Suspicious) - DNAScan
eSafe 7.0.15.0 2008.01.15 Suspicious File
Ikarus T3.1.1.20 2008.01.15 MalwareScope.Worm.Nuwar-Glowa.1
VBA32 3.12.2.5 2008.01.15 MalwareScope.Worm.Nuwar-Glowa.1
Webwasher-Gateway 6.6.2 2008.01.15 Trojan.Dldr.Zlob.KA
IP Address: 79.143.178.30
Registrar: ESTDOMAINS, INC.
Name Servers:
ns1.websoft-a.com [79.143.178.30]
ns2.websoft-a.com [79.143.178.30]
The installer from the site was scanned and here are the results:
Virustotal Scan Result: 7/32 (21.88%)
AntiVir 7.6.0.48 2008.01.15 TR/Dldr.Zlob.KA
BitDefender 7.2 2008.01.15 Trojan.Peed.ISW
CAT-QuickHeal 9.00 2008.01.15 (Suspicious) - DNAScan
eSafe 7.0.15.0 2008.01.15 Suspicious File
Ikarus T3.1.1.20 2008.01.15 MalwareScope.Worm.Nuwar-Glowa.1
VBA32 3.12.2.5 2008.01.15 MalwareScope.Worm.Nuwar-Glowa.1
Webwasher-Gateway 6.6.2 2008.01.15 Trojan.Dldr.Zlob.KA
Few more sites that are distributing malicious codes:
216.40.219.141
77.91.227.194
77.91.228.186
The installers from these sites were scanned and here are the results:
Virustotal Scan Result: 4/32 (12.5%)
Avast 4.7.1098.0 2008.01.15 Win32:Agent-LTS
AVG 7.5.0.516 2008.01.15 Downloader.Zlob
CAT-QuickHeal 9.00 2008.01.15 Win32.AdWare.Boran.ah
Microsoft 1.3109 2008.01.15 TrojanDownloader:Win32/Zlob.gen!L
216.40.219.141
77.91.227.194
77.91.228.186
The installers from these sites were scanned and here are the results:
Virustotal Scan Result: 4/32 (12.5%)
Avast 4.7.1098.0 2008.01.15 Win32:Agent-LTS
AVG 7.5.0.516 2008.01.15 Downloader.Zlob
CAT-QuickHeal 9.00 2008.01.15 Win32.AdWare.Boran.ah
Microsoft 1.3109 2008.01.15 TrojanDownloader:Win32/Zlob.gen!L
Stay away from these sites…
Bharath M N
Bharath M N