恶意站点：xunqu.com

发布:blast

2 Jan 2010

关于:hxxp://www.xunqu.com/home/data/adtpl/file/com.js解密的日志(全体输出 - 8):

Level 0>hxxp://www.xunqu.com/home/data/adtpl/file/com.js
Level 1>hxxp://skyll2010.3322.org/360/33/index.html
Level 2>hxxp://skyll2010.3322.org/360/33/f.css
Level 2>hxxp://skyll2010.3322.org/360/33/e.jpg
Level 2>hxxp://skyll2010.3322.org/360/33/d.css
Level 2>hxxp://skyll2010.3322.org/360/33/c.jpg
Level 2>hxxp://skyll2010.3322.org/360/33/a.jpg
Level 3>hxxp://cocoexe.8gcc.com/Down/my/33.exe

日志由 Redoce2.0第86次修正版于 2010-1-2 21:41:14 生成。

Tags: 恶意 挂马

1 comments

分类: 病毒分析

浏览:

gov．cn……再次的 (2009-12-18 23:14:49)
Giframe无效 (2009-10-4 18:17:40)
当动态域名成为庇护伞 (2009-8-7 10:34:52)
Adobe 漏洞利用文件: "Cao Chang-Ching The CPP made eight mistang U*****i incident_mm.pdf" (2009-7-30 22:13:24)

Steven 2010-1-10 9:16:05 1
Just an FYI, this one's got a new MITM (same filenames, just a different domain/path). The new domain and path is;

xnfcgx.16824.com.cn:173/360/33/

Domain resides at 204.188.206.11 (AS46844 204.188.192.0/18
SharkTECH Internet Services)
blast 于 2010-1-10 11:03:02 回复
Seems like its owner has regestered many domains, I found another two in the link you've posted :)

my.xingan5.cn:8886/360/33
cocoexe.8gcc.com:8886/360/33

BTW, by searching their site statistics(count.51yes.com/index.aspx?id=507829494) through bing.com, I found that they are likely to spread very early from March 09 but somehow they slowed down their work these days may be the leak of new exploits

回复留言

恶意站点：xunqu.com

Tags: 恶意 挂马

分类: 病毒分析

相关文章:

网站分类

最近发表

最新评论及回复

最近留言

View Stats

恶意站点：xunqu.com

Tags: 恶意 挂马

分类: 病毒分析

相关文章:

网站分类

最近发表

最新评论及回复

最近留言

var sc_project=4924671;var sc_invisible=0;var sc_partition=57;var sc_click_stat=1;var sc_security="56d65c11";<div class="statcounter"><img class="statcounter" src="http://c.statcounter.com/4924671/0/56d65c11/0/"></div>View Stats

Tags: 恶意挂马

View Stats