New Set Of Malicious Sites
Zlob Trojan Distributing Sites
Site Name: Swfutility.com
IP Address: 85.255.118.179
Site Name: Flwcoupler.com
IP Address: 85.255.120.107
The installers from these sites were scanned and here are the results:
VirusTotal Scan Result: 10/32 (31.25%)
AntiVir 7.6.0.85 2008.04.16 TR/Crypt.CFI.Gen
AVG 7.5.0.516 2008.04.16 Downloader.Zlob
ClamAV 0.92.1 2008.04.16 Trojan.Zlob-3762
eSafe 7.0.15.0 2008.04.16 suspicious Trojan/Worm
Ikarus T3.1.1.26 2008.04.16 Trojan-Downloader.Win32.Zlob.abw
Microsoft 1.3408 2008.04.14 TrojanDownloader:Win32/Zlob.gen!AW
Prevx1 V2 2008.04.16 Trojan.Zlob
Symantec 10 2008.04.16 Trojan.Zlob
VBA32 3.12.6.4 2008.04.16 suspected of Downloader.Zlob.3
Webwasher-Gateway 6.6.2 2008.04.16 Trojan.Crypt.CFI.Gen
Site Name: Swfutility.com
IP Address: 85.255.118.179
Site Name: Flwcoupler.com
IP Address: 85.255.120.107
The installers from these sites were scanned and here are the results:
VirusTotal Scan Result: 10/32 (31.25%)
AntiVir 7.6.0.85 2008.04.16 TR/Crypt.CFI.Gen
AVG 7.5.0.516 2008.04.16 Downloader.Zlob
ClamAV 0.92.1 2008.04.16 Trojan.Zlob-3762
eSafe 7.0.15.0 2008.04.16 suspicious Trojan/Worm
Ikarus T3.1.1.26 2008.04.16 Trojan-Downloader.Win32.Zlob.abw
Microsoft 1.3408 2008.04.14 TrojanDownloader:Win32/Zlob.gen!AW
Prevx1 V2 2008.04.16 Trojan.Zlob
Symantec 10 2008.04.16 Trojan.Zlob
VBA32 3.12.6.4 2008.04.16 suspected of Downloader.Zlob.3
Webwasher-Gateway 6.6.2 2008.04.16 Trojan.Crypt.CFI.Gen
DNS Changer Trojan Distributing Site
Site Name: Blackticket.netIP Address: 64.28.184.166
More than 80% of the scanners on VirusTotal flag the installer from this site as malicious.
XPAntiVirus Rogue pushing site
Site Name: WinAntiVirusPro.net
IP Address: 77.91.225.234
All the above mentioned sites registrant is ESTDOMAINS, INC. Stay away from these malicious sites.
Bharath M N
