Koobface Worm on the rise again
In the past few days, I’ve seen a fair number of Koobface worms being spread.
My Russian is a little rusty, so I hope it does not say something offensive 
This is what our HoneyPots have recorded since July 1st:
www.bnmq.com;82.19.199.223/pid=30937/setup.exe;7/6/2009 11:52:51 AM;7/6/2009 11:52:51 AM
www.bnmq.com;90.8.115.225/pid=30937/setup.exe;7/6/2009 11:52:51 AM;7/6/2009 11:52:51 AM
wpills.info;62.42.136.234/pid=30937/setup.exe;7/6/2009 10:40:20 AM;7/6/2009 10:40:20 AM
of-best.ru/18;69.253.126.166/pid=30937/setup.exe;7/6/2009 2:52:16 AM;7/6/2009 2:52:16 AM
of-tube.ru/analnij;89.117.93.205/pid=30937/setup.exe;7/6/2009 2:03:01 AM;7/6/2009 2:03:01 AM
wpills.info;95.52.12.5/pid=30937/setup.exe;7/5/2009 12:11:51 PM;7/5/2009 12:11:51 PM
www.wpills.info;86.120.67.34/pid=30937/setup.exe;7/5/2009 12:11:51 PM;7/5/2009 12:11:51 PM
webshoulder.com;83.255.102.213/pid=30937/setup.exe;7/5/2009 10:59:27 AM;7/5/2009 10:59:27 AM
freese-x.net;64.252.251.203/pid=11640/type=videxp/setup.exe;7/5/2009 8:14:10 AM;7/5/2009 8:14:10 AM
www.bnmq.com;24.10.185.103/pid=30937/setup.exe;7/4/2009 11:54:59 AM;7/4/2009 11:54:59 AM
www.bnmq.com;86.63.248.5/pid=30937/setup.exe;7/4/2009 11:54:59 AM;7/4/2009 11:54:59 AM
wpills.info;82.234.15.92/pid=30937/setup.exe;7/4/2009 10:42:34 AM;7/4/2009 10:42:34 AM
tubemov.com;67.206.207.29/pid=11640/type=videxp/setup.exe;7/3/2009 10:47:25 PM;7/3/2009 10:47:25 PM
freese-x.net;76.254.150.45/pid=11640/type=videxp/setup.exe;7/3/2009 5:12:42 PM;7/3/2009 5:12:42 PM
wpills.info;98.238.203.81/pid=30937/setup.exe;7/3/2009 11:38:13 AM;7/3/2009 11:38:13 AM
www.wpills.info;76.204.18.251/pid=30937/setup.exe;7/3/2009 11:38:13 AM;7/3/2009 11:38:13 AM
tubemov.com;60.49.118.173/pid=11640/type=videxp/setup.exe;7/1/2009 10:49:50 PM;7/1/2009 10:49:50 PM
If you study those links in depth, you will find even more malware.
Virus Total Detection
Jerome Segura
Malware ID: b054ff88fdd28d41a27af2e8ee919b73.zip
Comments:
|
|
