Sponsored by..

Wednesday 3 October 2012

Malware sites to block 3/10/12

These domains and IPs relate to an emerging threat, I don't have a full analysis at the moment but they appear to be malicious. If you have more information then please consider leaving a comment:

Suspect URLs:
[donotclick]e-protections.cc/ping.html
[donotclick]e-statistic.cc/ping.html
[donotclick]e-statistic.su/ping.html
[donotclick]estats.su/ping.html
[donotclick]store-main.su/ping.html
[donotclick]sysmain.cc/ping.html
[donotclick]e-protections.cc/ping.html
[donotclick]e-statistic.cc/ping.html
[donotclick]e-statistic.su/ping.html
[donotclick]estats.su/ping.html
[donotclick]store-main.su/ping.html
[donotclick]sysmain.cc/files/hidden7770777.jpg
[donotclick]sysmain.cc/ping.html



Hosts involved:
23.29.119.138 (Incero LLC, US)
69.85.86.159 (Hostigation, US)
94.102.55.20 (Ecatel, Netherlands)
173.236.53.54 (Singlehop / Nexeon Technologies, US)

Plain list for copy and pasting:
e-protections.cc
e-statistic.cc
e-statistic.su
estats.su
first-service.cc
some-service.com
somesystems.cc
store-main.su
sysmain.cc
www-protection.su
23.29.119.138
69.85.86.159
94.102.55.20
173.236.53.54


References: McAfee and Sophos.

1 comment:

B said...

"It was Troj/Agent-YAE in the end and protection was added last night." Sophos.