Steve Pirk
Thu, 28 Aug 2008 04:24:47 -0700
Sounds like it might be ok to post phish's that contain malicious payloads here. I will keep that in mind as I have gotten a lot of XP and other uSoft "update" emails lately. Thanks again Gadi! -- Steve Equal bytes for women. On Wed, 27 Aug 2008, Gadi Evron wrote:
To report a botnet PRIVATELY please email: [EMAIL PROTECTED] ---------- Live malware URL. Wachovia "phish" page (not really):h ttp://c ommercial.wachovia.online.financial.service.doexte.updatesessiondqvciirbte9vjbq.configlogin.viewcontent.moerde.com/verify.html?/Secure/rnalid/OSL.htm?LOB=3712470458&refer=qVciirbTe9Vjbqe...trying to con victims into d/l'ing:h ttp://c ommercial.wachovia.online.financial.service.doexte.updatesessiondqvciirbte9vjbq.configlogin.viewcontent.moerde.com/WachoviaDigicertx_509.exe...which is, itself, a binary downloader that snags: h ttp://s pacestormsinc.com/cb_4.exeIt's one of those bogus "to improve security of your online transactions with us you need to install new certificates"As to AV detection... cb4.exe already submitted to VT by someone else, so that's easy:http://www.virustotal.com/analisis/26917950a0987fc0a10505bb90032439 And the .EXE from the website: http://www.virustotal.com/analisis/a5cd05390c94eee03b8fb78feb7ddf42 VERY spotty detection.. what else is new. Gadi. _______________________________________________ To report a botnet PRIVATELY please email: [EMAIL PROTECTED]All list and server information are public and available to law enforcement upon request.http://www.whitestar.linuxbox.org/mailman/listinfo/botnets
_______________________________________________ botnets@, the public's dumping ground for maliciousness All list and server information are public and available to law enforcement upon request. http://www.whitestar.linuxbox.org/mailman/listinfo/botnets