There are quite a few of these, it is a pretty big campaign. Im pretty sure these active sites were compromised, however I haven't done analysis on the binaries yet.
Live drops: LIVE: http://faunarium.net/e-card.exe MD5: 706b12f636f2dc52ae32f26ad33a9b10 http://www.virustotal.com/analisis/50bf6f61971f349a5de651aa5515607f LIVE: http://turismoaq.it/e-card.exe MD5: 914f787560174ca42dedac998462afb4 http://www.virustotal.com/analisis/dc2eaffa46195d448518165cd247cead Down: http://63.167.82.161/e-card.exe 404/Error Pages: http://emilimport.com/e-card.exe 404/Error Pages: http://freaky-minds.de/e-card.exe 404/Error Pages: http://kkvtombeek.be/e-card.exe 404/Error Pages: http://leschevaliersdemines.be/e-card.exe 404/Error Pages: http://riccoboniholding.com/e-card.exe 404/Error Pages: http://www.mylady.st/e-card.exe James Pleger e: [EMAIL PROTECTED] On Wed, Aug 27, 2008 at 6:02 PM, Gadi Evron <[EMAIL PROTECTED]> wrote: > Another bogus "greeting card" spamming a malware URL (again, one I've seen > for a few days now and still live): > > h ttp://u gm-records.de/e-card.exe > > Detection wise...Someone already sent it to VT: > > http://www.virustotal.com/analisis/50bf6f61971f349a5de651aa5515607f > > As usual, several days later detection is minimal. > > Gadi. > _______________________________________________ > To report a botnet PRIVATELY please email: [EMAIL PROTECTED] > All list and server information are public and available to law enforcement > upon request. > http://www.whitestar.linuxbox.org/mailman/listinfo/botnets > _______________________________________________ To report a botnet PRIVATELY please email: [EMAIL PROTECTED] All list and server information are public and available to law enforcement upon request. http://www.whitestar.linuxbox.org/mailman/listinfo/botnets