Resend. Not sure if the last email went through. This site appears to be run by the authors to host their malware. It's been around for a long time now. I track it on and off to see if they add any new exploits. Since it's inception they have refined the code and exploits. I've been looking at it for about 8 months on and off but I think it's been around a lot longer. Google searches reveals very little info. There are about 16 or so exploits up on the site at the moment. Windows media player, quicktime, IE, etc.... I've not looked at all the latest pages yet so I'm not sure which are new or not. Discovery after 4 months for this exe is good but there are still some AV that don't detect it.
hxxp://www.ahack.info hxxp://www.ahack.info/tds/ hxxp://www.ahack.info/forum/index.php hxxp://www.ahack.info/ice/exploits/ hxxp://www.ahack.info/ice/index.php/exploits/ hxxp://www.ahack.info/ice/exe.php < exe I thought it interesting that there was so little on this domain yet it has been up for such a period of time. It is blacklisted by some RBLs though but that may be due other sites hosted on the IP. http://www.robtex.com/rbl/203.202.239.59.html /dean _______________________________________________ botnets@, the public's dumping ground for maliciousness All list and server information are public and available to law enforcement upon request. http://www.whitestar.linuxbox.org/mailman/listinfo/botnets
