CastleCops® Caca college

Need help? Click here to register for free! Absolutely zero advertisements on this site!

	Donation/Premium

	Donations. Become Premium Today!

	Security Central

	· Home · PIRT/Fried Phish · MIRT · SIRT · Deutsch · Wiki · Newsletter · O16/ActiveX · CLSID List · Contest2007 · Downloads · Feedback (send) · Forums · HijackThis · Hijacktrend · LSPs · My Downloads · O18 · O20 · O21 · O22 · O23 · O9 · Premium · Private Messages · Proxomitron · Reviews · Search · StartupList · Stories Archive · Submit News · WsIRT · Your Account · Acceptable Use Policy

Forum FAQ

Usergroups

Profile

Select FavForums

Caca college

All -> FavForums -> Web Malware Links

[del.icio.us!] [digg it!] [reddit!]

View previous topic :: View next topic

Author

Message

downie

PIRT Handler

Joined: May 19, 2006
Posts: 3983

Posted: Sun Apr 06, 2008 8:13 pm Post subject: Caca college

hxxp://collegeofcomplexpm.com/ calls Iframe from hxxp://figace.info/spl1/index.php?'+Math.round(Math.random()*122202)+'533a8' which servers up an obfuscated Adodb exploit I think _________________ "For evil to triumph utterly, it is only necessary that good men do nothing."

downie

PIRT Handler

Joined: May 19, 2006
Posts: 3983

Posted: Sun Apr 06, 2008 9:09 pm Post subject:

Also hxxp://collegeofcomplexpm.com/index.php (previous was index.html) calls code from hxxp://orentraff.cn/in.cgi?5 _________________ "For evil to triumph utterly, it is only necessary that good men do nothing."

tetak

MIRT Team Lead
Premium Member

Joined: Jan 19, 2007
Posts: 5879

Posted: Sat Apr 12, 2008 2:24 pm Post subject:

The site hosting the malware appears to be down. _________________ Got Windows XP? Help protect your PC from malware with Microsofts anti-spyware program Windows Defender. Download it for free from http://www.microsoft.com/athome/security/spyware/software/default.mspx

downie

PIRT Handler

Joined: May 19, 2006
Posts: 3983

Posted: Sun Apr 20, 2008 8:27 pm Post subject:

hxxp://collegeofcomplexpm.com/start.php Still active. _________________ "For evil to triumph utterly, it is only necessary that good men do nothing."

solcroft

MIRT Hunter

Joined: Apr 01, 2007
Posts: 188

Posted: Tue Apr 22, 2008 6:07 am Post subject:

downie wrote:

hxxp://collegeofcomplexpm.com/start.php
Still active.

Chock-full of Viagra ads, but I couldn't find any scripts/iframes on that page.

tetak

MIRT Team Lead
Premium Member

Joined: Jan 19, 2007
Posts: 5879

Posted: Tue Apr 22, 2008 9:32 am Post subject:

I've added the malware to the malware listserv. /p1081287-MD5_59f01076f638870d574e3c15eaa60d86.html _________________ Got Windows XP? Help protect your PC from malware with Microsofts anti-spyware program Windows Defender. Download it for free from http://www.microsoft.com/athome/security/spyware/software/default.mspx

downie

PIRT Handler

Joined: May 19, 2006
Posts: 3983

Posted: Wed Apr 23, 2008 4:38 pm Post subject:

start.php is gone, still malware in the homepage I reckon. _________________ "For evil to triumph utterly, it is only necessary that good men do nothing."

	All -> FavForums -> Web Malware Links	All times are GMT
Page 1 of 1

You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You cannot download files in this forum


	2002-2008 � Computer Cops LLC dba CastleCops®. All rights reserved. Acceptable Use Policy. Use signifies your agreement. 244ppm 0.389s (0.072s) Making cybercriminals unhappy since 2002*