One to watch in your logs today is jonejonesonley.org which is being used as a phone-home point for malware being spammed out at the moment.jonejonesonley.org is hosted on 85.95.236.155 (Inetmar Internet Hizmetleri, Turkey) and is registered to:
Registrant ID:orgzs46077514499
Registrant Name:Zhong Si
Registrant Organization:Xicheng Co.
Registrant Street1:Huixindongjie 15 2
Registrant Street2:
Registrant Street3:
Registrant City:Beijing
Registrant State/Province:Chaoyang
Registrant Postal Code:101402
Registrant Country:CN
Registrant Phone:+86.1066569215
Registrant Phone Ext.:
Registrant FAX:+86.1066549216
Registrant FAX Ext.:
Registrant Email:zhongguancun@yahoo.com
Also connected is a Java exploit at 217.23.11.108 (Worldstream, Netherlands) so this IP is probably worth blocking as well.
Automated malware analysis is pretty patchy: VirusTotal - Comodo CAMAS - Anubis - ThreatExpert.
Blocklist:
85.95.236.155
217.23.11.108
jonejonesonley.org
3-bogatirja-2012-online.ru
No comments:
Post a Comment