Funky Live Nude Site Pimping Malware

May 16, 2012 | Author

Our readers reported that they are getting spam that includes the live2naked.com link

The site pretends to offer Free live adult Web Cams and chat, Nude sexy camgirls. Our team inspected the site under the hood and found some malware.

Malware Detected:

  • Trojan Downloaders
  • Rogue Networks
  • Phish/Scam

DNS Traffic:

  • live2naked.com
    208.78.94.10
    AS30502 <– Malicious Network
  • 93.184.220.20

Domain Names Sharing IP: 208.78.94.10   

  • eros-cams.com
  • error.naked.com
  • forgroupon.com
  • guyfreecams.com
  • live.fantasti.cc
  • live2naked.com
  • livefromhome.com
  • naked.com
  • naughtyamericalive.com
  • olderladies.com
  • pillowtalklive.com
  • platinumcamgirls.com
  • www.olderladies.com
  • www.platinumcamgirls.com
  • www.playboylive.com
  • www.seemelive.com
  • static.nk-img.com

Domain Names Sharing IP: 93.184.220.20

  • ww00000dc7w.europages.si
  • www.agencytaobao.com
  • www.bigpeace.com
  • www.breitbart.tv
  • www.chateauversailles.fr
  • www.disneylandparis.de

HTTP Traffic

  • hxxp://www.live2naked.com
  • hxxp://static.nk-img.com/images/siteImages/textImages/common/static/js/jquery.js
  • hxxp://static.nk-img.com/images/siteImages/textImages/common/static/css/master.css
  • hxxp://static.nk-img.com/images/siteImages/textImages/common/static/css/live2naked/wl.css
  • hxxp://static.nk-img.com/images/siteImages/textImages/common/static/js/common/header.js?ver=2

 

Posted in Phishing, Spyware, Survival, Trojan, Web Threats | Tags: , , | No Comments »

Bathroom Vanity Site Pumping Malware

May 14, 2012 | Author

We are getting reports of a funky Bathroom vanity cabinets site that is pumping out malware.

Our team has analyzed the site gobathroomvanitycabinets.com and its hosted on the infamous  (AS21844) THEPLANET malware network.

Malware Found:

  • Trojan JS BlacoleRef
  • Trojan Java RedBrowser
  • TrojanSpy Bancos.DV
  • Spyware
  • Compromised website / Directs to exploits
  • Fake Anti-Virus/Ransomware
  • Hosts found sending virus mails
    Hosts found sending phishing mails
    Hosts found sending mail containing spam images

Suspicious Files Created:

  • C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\VGX1.tmp
  • C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\VGX2.tmp
  • C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\4X23OP2B\comment-reply[1].js
  • C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\4X23OP2B\mp-white-1up[1].css
  • C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\4X23OP2B\show_ads_impl[2].js
  • C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\GPURSX23\Flare[1].png
  • C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\GPURSX23\csl-mp-ebay[1].css
  • C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\GPURSX23\flexscripts[1].js

DNS Traffic:

  • Hosts sharing IP: 50.116.87.14
  • gobathroomvanitycabinets.com
  • greatninjagames.com
  • greatpaintinggames.com
  • greatparkinggames.com
  • greatplayfreeonlinegames.com
  • greatpoolgames.com
  • greatprimarygames.com

Traffic:

  • <a href=’hxxp://gobathroomvanitycabinets.com/where-can-you-find-good-quality-bathroom-vanity-cabinets/’ title=’Where can you
  • find good quality bathroom vanity cabinets?’>Where can you find good quality bathroom vanity cabinets?</a></li>

Reference: MalwareURL

Posted in Scam, Spam, Survival, Trojan, Web Threats | Tags: , , , | No Comments »
« Older Entries
Newer Entries »
MS Categories

Kaspersky Lab E-Store

Which Kaspersky Protection is Right for YOU?

Created by the Survival Crew!

Powered by WordPress and WordPress Theme created with Artisteer.