본문 바로가기

security/악성코드 유포

지난주 악성코드 유포지 4곳 !!

1. 사이트

큐x텔 : http://www.cxxxtel.com

에x Sw 다운로드 : http://www.exxx.co.kr/cuxxomer/customer_dxxn_search.asp

세x즌 : http://www.cexxxen.com

?? ~> 어디인지 모름.. : http://xx.alimama.xx.cx:300/xx15/15index.htm

리xx타 : http://web.rexxxxxtar.net

2. 유포지 

큐x텔 : http://61.1xx.12.1x3/hxxl/Help.asp

 

에x Sw 다운로드 : http://www.laxxxsxxll.co.kr/laxxxs/ixg/

                          http://www.laxxxsxxll.co.kr/laxxxs/ixg/txt_aboutoxy.jpg
                          http://www.laxxxsxxll.co.kr/laxxxs/ixg/txt_sitemap.jpg ~> 최종파일 다운로드 !!
                          http://www.laxxxsxxll.co.kr/laxxxs/ixg/top_hr.jpg

 세x즌 : http://intra.hyxxon.co.kr/file/rook.html
           http://intra.hyxxon.co.kr/file/cool.html
           http://intra.hyxxon.co.kr/file/i6.htm
           http://intra.hyxxon.co.kr/file/x.jpg
           http://intra.hyxxon.co.kr/file/a.jpg ~> 최종파일 다운로드 !!
           http://intra.hyxxon.co.kr/file/b.jpg
           http://intra.hyxxon.co.kr/file/c.jpg
           http://intra.hyxxon.co.kr/file/d.jpg
           http://intra.hyxxon.co.kr/file/i7.htm ~> 최종파일 다운로드 !!
           http://intra.hyxxon.co.kr/file/AHHS.js
           http://intra.hyxxon.co.kr/file/AHHS2.js
           http://intra.hyxxon.co.kr/file/AHHS3.js
           http://intra.hyxxon.co.kr/file/fop.htm

리xx타 : http://ac.gexxir.cxm/x/time.js ~> time.asp 로 연결될것으로 추정 (최종파일 못찾았음 !! )

 3. 최종파일 : 

Help.asp ~> http://61.1xx.x.9x/cxs/isa.exe ~> 서버 살아있음 !! 

txt_aboutoxy.jpg ~> http://www.sxxf.com/bxxx/imxxes/polo.exe ~> 서버 살아있음 !!

a.jpg , i7.htm ~> http://xxx.hexxna.com/css/hu.exe ~> 서버 살아있음 !!

15.index.htm ~> http://xxx11.0715xx.com:6xx/xia/up15.exe ~> 서버 살아있음 !!

[바이러스 토탈]

샘플량이 꽤 되어서 링크로 대체 합니다 !! 

Help.asp : http://www.virustotal.com/ko/analisis/1d373a0cd0b239795370655695fb7db3138ab1aa1a4cb4df676f72150d82a7b9-1277101796

i6.htm ~> http://www.virustotal.com/ko/analisis/5e10f29441d8fe27ebc12e06df6aaaeb9bc7d082f6acde19de71cdd44baad0ac-1277101817

x.jpg ~> http://www.virustotal.com/ko/analisis/e3a2f0a1976044799adeb826d35b5d5b26c6cc1c66fb02b25f14ba85b23ac0f2-1277101787

a.jpg ~> http://www.virustotal.com/ko/analisis/86fcbe4cd971463770aa802097e1e232877a10c17298311056ea6f386af5c58d-1277102006 

b.jpg ~> http://www.virustotal.com/ko/analisis/d8bd8b21b06a12635c1994f3952eb6b8246253c27a4f08d58ed352f2f94fae89-1277101984

c.jpg ~> http://www.virustotal.com/ko/analisis/26ca85b15ff46165e254d33c0204f702e7712f4f740de9a6838de3d918924c2d-1277101989

d.jpg ~> http://www.virustotal.com/ko/analisis/820c093d8e04e94870365b0bdb38cd84057fe5f97dccabcb80616a95b9f23ca6-1277102161

i7.htm ~> http://www.virustotal.com/ko/analisis/8303fc63ff64628909cf902e6d58259954fd4cbf286a1443f9d5d2b68bfc6121-1277102166

index.html ~> http://www.virustotal.com/ko/analisis/554a6bd39590029a480c8f6a4ffd20425e8f95cb32c0231140f1240c4292d300-1277102297

txt_aboutoxy.jpg ~> http://www.virustotal.com/ko/analisis/ef18b7a8b5195b89e966d6d979cc02f289570aad203a47ff3f5a56810c8ecf0c-1277102214

txt_sitemap.jpg ~> http://www.virustotal.com/ko/analisis/54415ca188be7d87f33b4773f87be307fc5ab89768ced9cbc6638fe9d6892137-1277102264

top_hr.jpg ~> http://www.virustotal.com/ko/analisis/9c151045b4f3bc8944e6bbb454d2cc5b132e5db51ed94f87d19d66a1b73af33e-1277102270

polo.exe ~> http://www.virustotal.com/ko/analisis/f511295c8768ade5cc5b1f5a302bb2ba5f111ee0fc05dad923bc87a236c158ff-1277102401

up15.exe ~> http://www.virustotal.com/ko/analisis/ff2adad0488e1cf8e137d06caee2584233e17e4cf011cc7b2ca4b9fb56dd0542-1277102429

hu.exe ~> http://www.virustotal.com/ko/analisis/6aa26620579987bb02c45c8b846c5cea35b94203fd0a3ca682ae53b88c300bf8-1277102450

[안철수 연구소]
1 up15.exe V3 : Packed/Upack
2 15index.htm V3 : JS/Agent(추가 : 2010.06.22.00)
3 queer-as-folk.html V3 : JS/Redir(추가 : 2010.06.22.00)
4 index.html V3 : JS/Exploit(추가 : 2010.06.22.00)
5 polo.exe V3 : Win-Trojan/Sasfis.6763(추가 : 2010.06.22.00)
6 txt_aboutoxy.jpg V3 : JS/Exploit(추가 : 2010.06.22.00)
7 x.0pg V3 : JS/Exploit(추가 : 2010.06.16.00)
8 i6.0tm V3 : JS/Exploit(추가 : 2010.06.16.00)
9 b.0pg V3 : JS/Exploit(추가 : 2010.06.16.00)
10 i7.0tm V3 : JS/Agent(추가 : 2010.06.15.06)
11 hu.0xe V3 : Win-Trojan/Downloader.95744.T(추가 : 2010.06.14.02)
12 Help.0sp V3 : JS/Downloader(추가 : 2010.04.23.02)
13 txt_sitemap.jpg ~> 진단보류
14 d.0pg ~> 정상
15 top_hr.jpg ~> 정상
16 c.0pg ~> 정상
17 a.0pg ~> 정상