Author Topic: Bad web host alerted?  (Read 1246 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Bad web host alerted?
« on: August 04, 2013, 03:36:56 PM »
See: http://www.projecthoneypot.org/ip_31.31.196.16
and -> http://urlquery.net/report.php?id=4370127
Gateway malware service as part of RedKit EK campaign, been with us since 2012,

1. Domain rotation – based on time

2. HTML pages rotation, switching based on time too.

3. Domains\web-server involved in apreading malware – victims of previous hacks, that turned into malware spreading hosts

4. MDS clean-up hacked host (at least from added HTML pages and malicious files) at the end of usage.

5. Malware page provide 3(!) different payload, 2 for Java and another for PDF.

Major flaw in this system is non-changed names for malicious files, but since malware domains are hacked, I assume only limited functional available to MDS owners, and that’s require to use static file names. info thanks to Day by Day's author D.L.

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!