Comments on: Google Code Project Abused by Spammers http://blogs.mcafee.com/mcafee-labs/google-code-project-abused-by-spammers Tue, 29 Nov 2011 07:51:20 +0000 hourly 1 http://wordpress.org/?v=3.3.1 By: carey http://blogs.mcafee.com/mcafee-labs/google-code-project-abused-by-spammers/comment-page-1#comment-21227 carey Wed, 28 Jan 2009 13:10:01 +0000 http://www.labs.com/research/blog/?p=779#comment-21227 Do a search for Hunt's Point within Google video, and then click on the hit entitled, Hunts Point Pimps And Hookers @ kooldvd.com page redirects, foisting fake Flash installer upon. Reverse traces to Latvia.IP Address: 94.247.2.34 Location: RIGA (56.944N, 24.117E) Network: 94-RIPE domain: zlkon.lv admin-c: 86617-LUMII tech-c: 86617-LUMII nserver: ns1.zlkon.lv nserver: ns2.zlkon.lv changed: dns-reg@nic.lv 20081121 source: LUMII person: address: none phone: +371 26330593 e-mail: arkadzi.daniyelian@zlkon.lv nic-hdl: 86617-LUMII source: LUMII File Info Description Report Generated 25.1.2009 at 0.32.30 (GMT 1) Time for scan: 31 seconds Filename: FlashPlayer.v3.181.exe File size: 110 KB MD5 Hash: D3EE381464C72DA4671C1B8F15A8281B SHA1 Hash: B48EA7824B3DFC130FBF200BE7AB5D1D7ED96484 CRC32: 3376619150 Application Type: Executable (EXE) 32bit Packer detected: Nullsoft PiMP Stub [Nullsoft PiMP SFX] * Self-Extract Archive: Nothing found Binder Detector: Nothing found ASCII Strings: View Detection Rate: 3 on 24 (12,5 %) Antivirus Sig Version Result a-squared 25/01/2009 Nothing found! Avira AntiVir 7.1.1.173 Nothing found! Avast 090124-0 NSIS:Fasec [Trj] AVG 270.10.7/1893 Nothing found! BitDefender 25/01/2009 Nothing found! ClamAV 25/01/2009 Nothing found! Comodo 944 Nothing found! Dr.Web 25/01/2009 Nothing found! Ewido 25/01/2009 Nothing found! F-PROT 6 20090124 Nothing found! G DATA 19.2579 Packed.Win32.Tdss.a A IkarusT3 24/01/2009 Nothing found! Kaspersky 25/01/2009 Packed.Win32.Tdss.a McAfee 17/01/2009 Nothing found! MHR (Malware Hash Registry) 25/01/2009 Nothing found! NOD32 v3 3796 Nothing found! Norman 2009/01/23 Nothing found! Panda 21/01/2009 Nothing found! QuickHeal 24 January, 2009 Nothing found! Solo Antivirus 25/01/2009 Nothing found! Sophos 25/01/2009 Nothing found! TrendMicro 791(579100) Nothing found! VBA32 25/01/2009 Nothing found! VirusBuster 10.100.37 Nothing found! Trojan.DNSChanger.Gen is a generic class of trojans that reconfigure DNS (Domain Name Server) settings on compromised machines in order to ensure that all network requests from those PCs are directed to servers and networks controlled by malicious parties, who can then inject malicious content into otherwise legitimate web pages or even redirect requests for standard web sites to bogus, malicious web sites. Do a search for Hunt’s Point within Google video,
and then click on the hit entitled,
Hunts Point Pimps And Hookers @ kooldvd.com
page redirects, foisting fake Flash installer upon.
Reverse traces to Latvia.IP Address: 94.247.2.34
Location: RIGA (56.944N, 24.117E)
Network: 94-RIPE
domain: zlkon.lv
admin-c: 86617-LUMII
tech-c: 86617-LUMII
nserver: ns1.zlkon.lv
nserver: ns2.zlkon.lv
changed: dns-regatnicdotlv 20081121
source: LUMII

person:
address: none
phone: +371 26330593
e-mail: arkadzidotdaniyelianatzlkondotlv
nic-hdl: 86617-LUMII
source: LUMII

File Info Description
Report Generated 25.1.2009 at 0.32.30 (GMT 1)
Time for scan: 31 seconds
Filename: FlashPlayer.v3.181.exe
File size: 110 KB
MD5 Hash: D3EE381464C72DA4671C1B8F15A8281B
SHA1 Hash: B48EA7824B3DFC130FBF200BE7AB5D1D7ED96484
CRC32: 3376619150
Application Type: Executable (EXE) 32bit
Packer detected: Nullsoft PiMP Stub [Nullsoft PiMP SFX] *
Self-Extract Archive: Nothing found
Binder Detector: Nothing found
ASCII Strings: View
Detection Rate: 3 on 24 (12,5 %)

Antivirus Sig Version Result
a-squared 25/01/2009 Nothing found!
Avira AntiVir 7.1.1.173 Nothing found!
Avast 090124-0 NSIS:Fasec [Trj]
AVG 270.10.7/1893 Nothing found!
BitDefender 25/01/2009 Nothing found!
ClamAV 25/01/2009 Nothing found!
Comodo 944 Nothing found!
Dr.Web 25/01/2009 Nothing found!
Ewido 25/01/2009 Nothing found!
F-PROT 6 20090124 Nothing found!
G DATA 19.2579 Packed.Win32.Tdss.a A
IkarusT3 24/01/2009 Nothing found!
Kaspersky 25/01/2009 Packed.Win32.Tdss.a
McAfee 17/01/2009 Nothing found!
MHR (Malware Hash Registry) 25/01/2009 Nothing found!
NOD32 v3 3796 Nothing found!
Norman 2009/01/23 Nothing found!
Panda 21/01/2009 Nothing found!
QuickHeal 24 January, 2009 Nothing found!
Solo Antivirus 25/01/2009 Nothing found!
Sophos 25/01/2009 Nothing found!
TrendMicro 791(579100) Nothing found!
VBA32 25/01/2009 Nothing found!
VirusBuster 10.100.37 Nothing found!

Trojan.DNSChanger.Gen is a generic class of trojans that reconfigure DNS
(Domain Name Server) settings on compromised machines in order to ensure
that all network requests from those PCs are directed to servers and
networks controlled by malicious parties, who can then inject malicious
content into otherwise legitimate web pages or even redirect requests for
standard web sites to bogus, malicious web sites.

]]> By: McAfee:Google開發者網站被用來散佈惡意軟體 http://blogs.mcafee.com/mcafee-labs/google-code-project-abused-by-spammers/comment-page-1#comment-21224 McAfee:Google開發者網站被用來散佈惡意軟體 Thu, 15 Jan 2009 05:00:45 +0000 http://www.labs.com/research/blog/?p=779#comment-21224 [...] McAfee Avert Labs安全研究主任Dave Marcus指出,Google Code是為程式設計師代管開發計畫和程式碼的網站。除了合法的程式之外,還有引導使用者下載遺缺編碼的假影音連結。但這些程式碼竟是偷取密碼和金融個資的木馬軟體。 [...] [...] McAfee Avert Labs安全研究主任Dave Marcus指出,Google Code是為程式設計師代管開發計畫和程式碼的網站。除了合法的程式之外,還有引導使用者下載遺缺編碼的假影音連結。但這些程式碼竟是偷取密碼和金融個資的木馬軟體。 [...]

]]> By: SHAN http://blogs.mcafee.com/mcafee-labs/google-code-project-abused-by-spammers/comment-page-1#comment-21218 SHAN Sun, 11 Jan 2009 09:58:38 +0000 http://www.labs.com/research/blog/?p=779#comment-21218 Thanks for the infor but can u tell me if the antivirus softwares can block such web sites Thanks for the infor but can u tell me if the antivirus softwares can block such web sites

]]>