Sources of Badness – ZlKon – Round 2
It’s my first day back on the job and I decided to do a little hunting to see what this notorious hosting provider has been up to while I was gone. Unsurprisingly, we saw a large number of attacks from this hosting company. They all appear to be fake anti virus related.
Given the age of some of these events, I won’t be investigating any in detail but I will keep my eyes peeled for more.
94.247.2.245
3/26/2009 files.ms-load-av.com /exe/setup_200002.exe
94.247.2.53
4/15/2009 megavipsite.cn /installing/av/167.exe
94.247.2.84
2/12/2009 files.msas2009-download.com /test/setup_200002.exe
94.247.3.151
3/25/2009 freewebhostguide.com /index.php
94.247.3.40
4/24/2009 antivirusquickscanv2.com /download/Install_2004.exe
94.247.2.195
3/26/2009 94.247.2.195 /news/
94.247.3.151
3/19/2009 zzzz.hostindianet.com /load.php
94.247.2.215
3/27/2009 yourwebexamine.com /installer_70127.exe
94.247.3.3
3/12/2009 securityscandirect.com /download.php
94.247.2.22
4/7/2009 xviewworldmy2.com /software/8a568adb2c/12205/1/Setup.exe
tengo todos esos mismos bichos, el nod en tiempo real los detecta y elimina pero vuelven a aparecer. Hay alguna relacion con la carpeta Windows/Temp.
Creé un acceso directo a esta carpeta, y cada vez que lo ejecuto todos esos bichos vuelven a crearse. El escaneo manual del nod no encuentra nada en c:
How do I get rid of this annoying install_2004.exe popup?
Terry