(22/01/2010)
hxxxxxxxxxxtp://www.babooa562.com/xp/48/au.htm
(AS30058 FDCSERVERS AS for FDC Servers)
 |
hxxxxxxxxxxtp://www.tsqzsb.cn/xp/13/au.htm
(AS4134 CHINA-TELECOM China Telecom)
 |
hxxxxxxxxxp://www.fsus.cn:85/ss/au.htm
(AS35908 - VPLSNET)
 |
hxxxxxxxxxp://googleie2.23sys23.cn/pz/au.htm
(AS4213 VPLSNET)
 |
hxxxxxxxxxp://www.ms8.cc/MyM/Cache/Tpl/safe.htm?13
(AS38356 TimeNet BeiJing Sincerity)
 |
hxxxxxxxxxp://malegebi251.21sys21.cn/pz/au.htm
(AS4213 VPLSNET)
 |
hxxxxxxxxxp://news.21npc.com/meteor/ver/ver.htm?772
(AS4134 CHINA-TELECOM China Telecom)
 |
(20/01/2010)
Using Google with the information released by McAfee LABS Blog(http://bit.ly/69Pl4g) may be trivial found others.
In this case i’ve found this: hxxxxxxp://xx222.8866.org:2988/dz/ie.html
 |
Wepawet doesn’t detect.
Other URLs implicated in the 1st spreading stage:
hxxxxxxp://xx222.8866.org:2988/dz/what.jpg (shellcode)
hxxxxxxp://xx222.8866.org:2988/dz/Element
hxxxxxxp://xx222.8866.org:2988/dz/sdfasdfasdfafasdfafasdf.GIF
Others hosts:
hxxxxxxxp://tempxxp.3322.org:8277/log.css
hxxxxxxxxxp://201003.8866.org:2988/log/ie.html
hxxxxxxxxp://22cc.8866.org:2988/dz/ie.html
hxxxxxxxxp://201003.6600.org:2988/log/ie.html
hxxxxxxxxtp://201003.8800.org:2988/log/ie.html
(this post is under update)
No comments:
Post a Comment