Just wanted to update the list on some malware domains, I just got the pleasure of researching and a custom piece of malware which wasn't detected by a lot of the AV engines ( no shock there) but GFI's Sandbox definitely showed everything this piece of malware did and what it touched.
Here are the domains you probably want to block: (this was a Zbot variant) eurodecor.co.in aptelectricsltd.co.uk bigayenigundem.com (where the malware sample came from) hakunamatatadg.it aloucakbileti.com (This is the dropping domain that was re-targeting users towards the others) the actual file was hXXP:// aloucakbileti.com/ponychin/gate.php Man Malware analysis can be fun, now all I need to do is get to Lenny Zeltser course from SANS on reverse engineering malware. Z Edward Ziots CISSP, Security +, Network + Security Engineer Lifespan Organization [email protected] ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
