Sunday, May 13, 2007

Malware and botnets - Mothers day gifts

I know some of you are going to be with your mothers, probably cleaning her machine - so here are some goodies we found today:

Botnets:
Binary MD5: 3080b0606515aa38db1a3af75716efa6, C&C: 209.250.235.167:6667:MLGHGB
Binary MD5: 45526b7d30508392e2e20043b69188f2, C&C: net.m4ghr3b.net:4163
Binary MD5: f48552a408cf6ded55ee30c397f734c4, C&C: 212.65.12.14:43901
Binary MD5: d3a82e42a46023f0e55f40aa574d9828, C&C: hasky.prout.be:3267:StoufrIla
Binary MD5: 61d72d11c836a1b4dc5c8efe26f5840f, C&C: lindigt.ma.cx:6666
Binary MD5: f1fac5c328ad3e34599fede64be0c735, C&C: irc.xdcx.customers.managedweb.org:6667
The following is a list of live links to real viruses. We have added spaces to help protect accidental clicks.

I don't suggest you visit these links unless you know what you're doing.

Malware:
WARNING LIVE MALWARE LINKS!
http:// www.intelligence-tech.com/ mstskmgr .exe - Trojan.Proxy.Ranky.E
http:// qq.520sf.org/ 51/8xz .exe - QQPass.PWS
http:// www.utilidadescominternet.com/ certificater .exe - Trojan.Spy.Banbra.HP"
http:// www.motorsports360.com/Server%20 Editor%20v12/Tools/rBot .exe - Backdoor.Rbot.AP
http:// manzanaroja.com/ windows/virus .exe - Win32.Sober.Y@mm
http:// www.zendurl.com/ sour1 /rBot .exe - Win32.RBot
http:// www.spiritoconlascure.it /cupomFIAT .exe - Trojan.Spy.Banker.CIZ
http:// www.18dmm.com/down 1/1 .exe (thru 10.exe) - Trojan/Password Stealers
http:// www.18dmm.com/down 2/1 .exe (thru 8.exe) - Trojan/Password Stealers
http:// dl.free.fr/g6Tw1Dp4/ festa .mpg - Trojan.Spy.MSN.2
http:// dimbeibe.tripod.com/root/ instalado .jpg - Generic.Banker.Delf.1B783291
http:// www.club8.tw/ server .exe - Generic.PWStealer.40D24CB2
http:// www.novasdofuxico.smtp.ru /noticias-rbd .exe - Generic.Banker.OT.0DD44580
http:// srng05.srng.net/9899/toolbar/ adsetup110002 .exe - AdWare.Win32.ShopNav.b
http:// www.bloggg.land.ru/ lis .EXE - Generic.Banker.OT.ED528E36
http:// nnew-adult.info/traffic/all/ load/file_2 .exe - Trojan.Proxy.Xorpix.AJ
http:// nnew-adult.info/traffic/all/ load/file_4 .exe - Trojan-PSW.Win32.LdPinch.bex
http:// nnew-adult.info/traffic/all/ load/file_5 .exe - Generic.Malware.Yddld!!.9BD5C499
http:// www.webpaginas.xpg.com.br/ flavio .jpg - Generic.Banker.Delf.64C4C894
http:// hot50babes.com/ do/adv_1 .exe - BehavesLike:Trojan.ShellOject
http:// www.1778.cc/dl/ keyba .exe - Trojan.PWS.Onlinegames.EF
http:// www.h2gods.com/ id252 .exe - "Generic.Malware.G!SKI!!FLMWX!!Bg.92F70079
WARNING LIVE MALWARE LINKS!

posted by Nicholas at 13:44