Mac Malware’s ESTDOMAINS connection

July 13th, 2009

Our Honeypots show some new domains pretty much every day involved in spreading the Jahlav OS X Trojan.

One domain, freegroupvideo.us is pushing the fake codec:

Take a guess about where this site is hosted, and about its registrar:

Ukraine, ESTDOMAINS

The malware itself is hosted on different domains:

Here is a list of such domains from the IP 213.163.66.241:

aaronsam.com

examplefooter.com

exxamster.com

hdenabled.com

healsearcher.com

operasnower.com

prefixxer.com

stormydeals.com

valerxxxa.com

videoatech.info

weelshow.com

yescrome.com

Jerome Segura

This entry was posted on Monday, July 13th, 2009 at 9:26 am and is filed under Uncategorized. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Comments:

(0) comments
|
Add your comments