Wednesday, August 6, 2008

Malware distributing sites

Malware distributing sites

Zlob Trojan Distributing site:
Site Name: Flwinstrument.com
IP Address: 77.91.231.183

Site Name: Mpegutility.com
IP Address: 85.255.113.236

Trojan-Downloader Distributing sites
Site Name: Pressdownloadtostart.com
IP Address: 91.203.92.53

The Trojan installs the following Malicious BHO

O2 - BHO: Gold Manager - {D26AAB3B-B0DD-456C-A7E5-4DA9565FD6EE} - C:\WINDOWS\system32\goldman.dll

Site Name: Clickruntostartshow.com
IP Address: 91.203.92.53

The Trojan installs the following Malicious BHO

O2 - BHO: IE Optimizer - {BACA5B3B-DD57-4E62-B986-9A5677FBF001} - C:\WINDOWS\system32\iea32.dll

This site belongs to IE-defender family and the BHO is used to push IE-Antivirus which is a well documented rogue security application.

MediaTubeCodec Trojan Distributing site:
Site Name: Megabestsoftnah08.com
IP Address: 78.157.143.250

DNS Changer Trojan Distributing site:

Site Name: Ticketmoon.net
Site Name: Ticketlight.com
Site Name: Red-codec.net
Site Name: Nitrocodec.net

Stay away from all these sites.

Bharath M N

blog comments powered by Disqus