Sounds like it might be ok to post phish's that contain malicious
payloads here. I will keep that in mind as I have gotten a lot of
XP and other uSoft "update" emails lately.
Thanks again Gadi!
--
Steve
Equal bytes for women.
On Wed, 27 Aug 2008, Gadi Evron wrote:
To report a botnet PRIVATELY please email: [EMAIL PROTECTED]
----------
Live malware URL. Wachovia "phish" page (not really):
h ttp://c
ommercial.wachovia.online.financial.service.doexte.updatesessiondqvciirbte9vjbq.configlogin.viewcontent.moerde.com/verify.html?/Secure/rnalid/OSL.htm?LOB=3712470458&refer=qVciirbTe9Vjbqe
...trying to con victims into d/l'ing:
h ttp://c
ommercial.wachovia.online.financial.service.doexte.updatesessiondqvciirbte9vjbq.configlogin.viewcontent.moerde.com/WachoviaDigicertx_509.exe
...which is, itself, a binary downloader that snags:
h ttp://s pacestormsinc.com/cb_4.exe
It's one of those bogus "to improve security of your online transactions with
us you need to install new certificates"
As to AV detection... cb4.exe already submitted to VT by someone else, so
that's easy:
http://www.virustotal.com/analisis/26917950a0987fc0a10505bb90032439
And the .EXE from the website:
http://www.virustotal.com/analisis/a5cd05390c94eee03b8fb78feb7ddf42
VERY spotty detection.. what else is new.
Gadi.
_______________________________________________
To report a botnet PRIVATELY please email: [EMAIL PROTECTED]
All list and server information are public and available to law enforcement
upon request.
http://www.whitestar.linuxbox.org/mailman/listinfo/botnets
_______________________________________________
botnets@, the public's dumping ground for maliciousness
All list and server information are public and available to law enforcement
upon request.
http://www.whitestar.linuxbox.org/mailman/listinfo/botnets
