« previous next »
Pages: [1]   Go Down

Author Topic: Site malicous?  (Read 3381 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33925
  • malware fighter
Site malicous?
« on: February 27, 2010, 09:08:11 PM »
Hi malware fighters,

Strange indicators to this page: vxchaos.6x.to
Server IP(s):
62.4.83.231
62.93.229.15

=========================
HTTP headers:

GET / HTTP/1.0
Host: vxchaos.6x.to
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Accept-Encoding: gzip
Location Germany

Info on 6x.to
The last time that suspicious code has been found on mentioned site was on 2010-01-04.
Malicious software includes 20 scripting exploits, 6 trojans. Successful infection resulted in an average of 3 new processes on the target machine.

Malicious software has been hosted on 8 domains, e.g.  bronx.sk/, mjainfo.mj.funpic.de/, myopera.com/.

1 domain seems to function as a re-direct for spreading maware to visitors of this site, e.g. anhkuloc.byethost13.com/.

This site was hosted on 1 network, including AS8455 (ATOM86).

One site has been infected by this site, e.g. come.vn/.

myopera.com is still infected with
    Virus
Threat found: 1

Name of threat:   Trojan Horse
Location:    hxtp://static03.myopera.com/upic/pool1/iH/jmM/+dyDc5NGqNoZAWAylgA8Fo/2290230_m.jpg

But on 210-02-23 it still had malicious software including 12 trojans, 4 scripting exploits

This site was hosted on 2 network(s) including AS3292 (TDC), AS12552 (IPO),

polonus
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

psw

  • Guest
Re: Site malicous?
« Reply #1 on: February 27, 2010, 09:13:54 PM »
From page header
--
    <TITLE>VX CHAOS FILE SERVER</TITLE>
    <meta name="keywords" content="VX Collection, virii, virus, vir, wurm, viry, viruses, worm, trojan, antivirus, warez, xploits, CHAOS, polymorphic engines, virus sources, security issues, hacking, security exploits, IDS, pen-test, spoofing, blackhat, sploits, logic bombs, worms, virii collections, xploit, AV, appz, anonymous surf, full app, cracks, Azag-thoth, virus writers, vck, 0-day, PolyEngine, EXE Packer, computer infection, Virus Tools, virii, crackz, free web site builder tool, Azathoth, Azag">
    <meta name="description" content="Viruses and worms, huge virus collection, antivirus, virii, vx sources, vx mags, ezines, virus writing tutorials, logic bombs, Virus Creation Programs And Construction Kits, window bombs, security exploits, sploits, VCK, Free Warez, FREE Web Site Builder Tools, Web Server Apps, Anti-Virus Scanners, H4x0ring, FREE virus sources including ASM sources, VBS, HTML, C++, Delphi, Visual Basic">
Logged

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33925
  • malware fighter
Re: Site malicous?
« Reply #2 on: February 27, 2010, 11:29:15 PM »
Hi malware fighters,

What to think of this report?
http://scanner.novirusthanks.org/analysis/743b541725f35e4b55730a9520123144/aW5kZXg=/

polonus
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!
Pages: [1]   Go Up
« previous next »