Forum
Comments:
-
- on Wed 26 Dec 2012
- 08:16:13 PM UTC
RE: "Facebook" Malware
Download may have various names
ex:
IamSexyPIC.exe
IamNicePNG.exe
YouNakedBMP.exe- All are the same file
- SHA256: 3b1d12c5a9524f39e1a70fdc691234aacef74d5e2809af244fb2346fe57b0c0e
- and are actually downloaded via:
hXXp://208.131.138.218/imagedl11.php
CentralOps dossier
VT URL scan
- Older versions of these scams looked like this:
- and referenced a download via IP: 185.4.227.76
http://185.4.227.76/imagedl.php
which is now a dead link.
208.131.138.218
List of domains/hosts:
blakvarbera8.makewap.kz
blakvarbera8.makewap.ru
facebook.sm.ua
facebookpic.makewap.kz
facebookpic.makewap.ru
fb.if.ua
fb.pl.ua
fbpics.makewap.kz
fbpics.makewap.ru
funasis.kiev.ua
guidrogwolhand3.makewap.kz
guidrogwolhand3.makewap.ru
hahaha.in.ua
icvecasutt2.makewap.kz
icvecasutt2.makewap.ru
injesnuka4.makewap.kz
justfun.od.ua
muncy.makewap.kz
muncy.makewap.ru
reaves.makewap.kz
rosacosar6.makewap.kz
rosacosar6.makewap.ru
thibodeau.makewap.kz
tropherwiszi3.makewap.kz
wowlol.in.ua
wowlol.sm.ua∞ - and you and I Opto, ergo sum
-
- on Wed 26 Dec 2012
- 08:53:47 PM UTC
RE: "Facebook" Malware
208.131.138.217 / imagedl. phpsee; http://www.urlquery.net/report.php?id=522050
VT
https://www.virustotal.com/url/c1007fc7cd427b818de...
VT downloaded files
https://www.virustotal.com/file/3b1d12c5a9524f39e1...
SHA256: 3b1d12c5a9524f39e1a70fdc691234aacef74d5e2809af244fb2346fe57b0c0e
File name: MeWhoreJPEG.exe
Detection ratio: 13 / 46
Analysis date: 2012-12-26 12:01:46 UTCfestina lente (hurry slowly)
-
- on Wed 26 Dec 2012
- 09:24:29 PM UTC
RE: "Facebook" Malware
xwywh.kjtndsip.com
festina lente (hurry slowly)
-
- on Thu 27 Dec 2012
- 07:01:00 AM UTC
RE: "Facebook" Malware
HTML title tag:
<title>Save the file and run! It is funny :)</title>List of domains/hosts:
krbk.khjvgsg.com
ouvsu.khjvgsg.com
ttzv.kjtndsip.com
ledyjo.steywex.com
ufaqy.net
bhaju.tk
picb.ozyxe.net
sghne.com∞ - and you and I Opto, ergo sum
-
- on Thu 27 Dec 2012
- 04:17:41 PM UTC
RE: "Facebook" Malware
fb.rv.uaVT
https://www.virustotal.com/file/fd3b791b98e4890ea5...
SHA256: fd3b791b98e4890ea51a1eddffca70d03f0070bf554cd5b62d6498c259a93903
File name: IamLolPIC.exe
Detection ratio: 3 / 43
Kaspersky Trojan-Ransom.Win32.Gimemo.avuvfestina lente (hurry slowly)
-
- on Thu 27 Dec 2012
- 04:51:30 PM UTC
RE: "Facebook" Malware
katiecnibeauty.tk
isityou.ks.uafestina lente (hurry slowly)
-
- on Thu 27 Dec 2012
- 05:07:39 PM UTC
RE: "Facebook" Malware
List of domains/hosts:
dimax.com.ua
facebook.dp.ua
facebook.kh.ua
funpics.if.ua
isityou.kiev.ua
isityou.ks.ua
isityou.poltava.ua
itisfunny.pl.ua∞ - and you and I Opto, ergo sum
-
- on Thu 27 Dec 2012
- 05:11:17 PM UTC
RE: "Facebook" Malware
ef5e0.raquellhhfun.tk
raquellhhfun.tksee: http://www.urlquery.net/report.php?id=529738
see: https://www.virustotal.com/file/fd3b791b98e4890ea5...
Detection ratio: 5 / 42festina lente (hurry slowly)
-
- on Thu 27 Dec 2012
- 05:49:47 PM UTC
RE: "Facebook" Malware
kjtndsip.comfestina lente (hurry slowly)
-
- on Thu 27 Dec 2012
- 06:35:43 PM UTC
RE: "Facebook" Malware
List of domains/hosts:
flowpilaform7.makewap.kz
hrdhm.org
fuwygexoh.hrdhm.org
ykviq.hedoiway.com
zvgzn.altoest.com
altoest.com
lutov.hgfd.biz
joqo.hgfd.biz
hgfd.biz
pixunuxani.iuerhgn.net
iuerhgn.net∞ - and you and I Opto, ergo sum
-
- on Thu 03 Jan 2013
- 07:06:59 PM UTC
RE: "Facebook" Malware
ahow.katherineptakitty.tk
katherineptakitty.tkVT
https://www.virustotal.com/file/d9b67c499ce41b6910...
SHA256: d9b67c499ce41b69100ecef2b8e59f7c5f1188bb959901614ffc2e4bf77ac201
File name: YouFunnyBMP.exe
Detection ratio: 3 / 46
Analysis date: 2013-01-03 19:03:43 UTC ( 0 minuti ago )
Kaspersky UDS:DangerousObject.Multi.Genericfestina lente (hurry slowly)
-
- on Thu 03 Jan 2013
- 07:25:01 PM UTC
RE: "Facebook" Malware
mm2n4.lohotstuffamy.tk
lohotstuffamy.tkfestina lente (hurry slowly)
-
- on Thu 03 Jan 2013
- 09:45:09 PM UTC
RE: "Facebook" Malware
krnecs.khjvgsg.com
khjvgsg.com
hedfehis.comhttps://www.virustotal.com/file/d9b67c499ce41b6910...
SHA256: d9b67c499ce41b69100ecef2b8e59f7c5f1188bb959901614ffc2e4bf77ac201
File name: MeNiceJPEG.exe
Detection ratio: 4 / 46
Analysis date: 2013-01-03 21:41:08 UTCfestina lente (hurry slowly)
-
- on Sun 06 Jan 2013
- 06:32:23 AM UTC
RE: "Facebook" Malware
waeght.com
nenser.comMalware download initiates from IP: 208.131.138.217
hXXp://208.131.138.217/imagedl.php∞ - and you and I Opto, ergo sum
-
- on Mon 21 Jan 2013
- 05:09:08 PM UTC
RE: "Facebook" Malware
I have gotten a facebook link from a text message on my cellphone that links to this:
fb.me/1FHn4oKjtlfN6Kn
It appears to be a facebook domain too and, according to scumware.org, points to a clickjack.
hxxp://fb.me/1tyivPmT1 453E0A8A72E03995947F14BFCDF0C751 173.252.100.16 US Generic.JS.Clickjack.1.48DD1223
-
- on Tue 22 Jan 2013
- 04:48:48 AM UTC
RE: "Facebook" Malware
I have gotten a facebook link from a text message on my cellphone that links to this:fb.me/1FHn4oKjtlfN6Kn
It appears to be a facebook domain too and, according to scumware.org, points to a clickjack.
hxxp://fb.me/1tyivPmT1 453E0A8A72E03995947F14BFCDF0C751 173.252.100.16 US Generic.JS.Clickjack.1.48DD1223
Just an FYI, this actually redirects to;
hxxp://www.djkorku.com/karikaturler/fatmagul.html
Regards Steven Burn I.T. Mate / hpHosts it-mate.co.uk / hosts-file.net
-
- on Wed 23 Jan 2013
- 07:44:53 PM UTC
RE: "Facebook" Malware
Just an FYI, this actually redirects to;hxxp://www.djkorku.com/karikaturler/fatmagul.html
Thanks for the information . -
- on Thu 07 Feb 2013
- 03:08:08 PM UTC
RE: "Facebook" Malware
ehostingdirect.com/ bakery. html ? orthodoxsee: http://urlquery.net/report.php?id=953886
91.218.39.245 / imagedl11. php
see: http://urlquery.net/report.php?id=953920Misused shortener url site is
linkee.com
see:
http://urlquery.net/report.php?id=953914VT report
https://www.virustotal.com/file/03f9ed8b9cba5f7cba...
SHA256: 03f9ed8b9cba5f7cbab5b34171c8ec477d2f7797a47d61b7e13b365ab1411fb6
Detection ratio: 7 / 46
Analysis date: 2013-02-07 15:03:03 UTC
Kaspersky Trojan-Dropper.Win32.Dorifel.zgjfestina lente (hurry slowly)
-
- on Fri 08 Feb 2013
- 03:30:57 AM UTC
RE: "Facebook" Malware
mountebank.name/ load / dlimage4. php? jyvavosee:
http://urlquery.net/report.php?id=957819
see:
https://www.virustotal.com/file/beeae93ac2415ee588...
SHA256: beeae93ac2415ee588cfde86f5020ae434fd35bc34a0bbaab5ee8cb5034624b9
File name: IamNakedPIC.exe
Detection ratio: 3 / 46
TrojanSpy.Banker.nrz
Analysis date: 2013-02-08 03:17:52 UTCfestina lente (hurry slowly)
-
- on Sun 17 Feb 2013
- 09:33:42 PM UTC
RE: "Facebook" Malware
wdtzcwfn.forgather.eu/ image. html ? townsman = gbor
forgather.eu/ image. html ? townsman = gborsee: http://www.urlquery.net/report.php?id=1025902
see: http://www.urlquery.net/report.php?id=1025944VT
https://www.virustotal.com/en/file/f0846a85d2fec13...
SHA256: f0846a85d2fec1318fd385c13229971c61e75dba4540b78d5da577c16d86a6d1
Detection ratio: 3 / 46
Analysis date: 2013-02-17 21:31:19 UTCTrojan-Dropper.Win32.Dorifel.zqz [Kaspersky]
festina lente (hurry slowly)
-
- on Mon 18 Feb 2013
- 12:13:10 AM UTC
RE: "Facebook" Malware
188.190.99.252 / image. html ? townsman= gbor
see:
http://www.urlquery.net/report.php?id=1027124VT
https://www.virustotal.com/en/file/f0846a85d2fec13...
SHA256: f0846a85d2fec1318fd385c13229971c61e75dba4540b78d5da577c16d86a6d1
Detection ratio: 5 / 46
Analysis date: 2013-02-18 00:11:26 UTCfestina lente (hurry slowly)
-
- on Mon 18 Feb 2013
- 12:49:32 AM UTC
RE: "Facebook" Malware
List of domains/hosts:
kyied.groundsheet.info / image. html?gbec=zrkt
groundsheet.info / image. html?gbec=zrkt
dptfrcu.coalmine.biz / image .html?92bf=jnhx
coalmine.biz/ image. html?92bf=jnhx
rwftndl.ok.pl.ua/ load / dlimage4. php
me.od.ua/ load / dlimage4. php
mournful.scabious.name/ load/ dlimage4. php?kepqd
scabious.name/ load / dlimage4. php?kepqd
incommensurable.olin.org.uk/ image. html?f3b32see: http://www.urlquery.net/report.php?id=1027354
see: http://www.urlquery.net/report.php?id=1027374
see: http://www.urlquery.net/report.php?id=1027400
see: http://www.urlquery.net/report.php?id=1027439
see: http://www.urlquery.net/report.php?id=1027461
see: http://www.urlquery.net/report.php?id=1027468festina lente (hurry slowly)
-
- on Mon 18 Feb 2013
- 01:11:07 AM UTC
RE: "Facebook" Malware
ujbpoh.rooftree.eu/ image. html?townsman=gbor
rooftree.eu/ image. html?townsman=gborsee: http://www.urlquery.net/report.php?id=1027546
see: http://www.urlquery.net/report.php?id=1027552festina lente (hurry slowly)
-
- on Mon 18 Feb 2013
- 03:57:51 AM UTC
RE: "Facebook" Malware
oiktht.decencies.name / load / dlimage4. php
decencies.name / load / dlimage4. phpsee: http://www.urlquery.net/report.php?id=1028487
see: http://www.urlquery.net/report.php?id=1028518VT
https://www.virustotal.com/en/file/f0846a85d2fec13...
SHA256: f0846a85d2fec1318fd385c13229971c61e75dba4540b78d5da577c16d86a6d1
File name: IamLolBMP-facebook.com
Detection ratio: 8 / 46
Analysis date: 2013-02-18 03:39:49 UTCTrojan-Dropper.Win32.Dorifel.zqz [Kaspersky]
festina lente (hurry slowly)
-
- on Mon 18 Feb 2013
- 12:52:12 PM UTC
RE: "Facebook" Malware
my pc has been infected by this malware
i am recieving unlimited email errors through my antivirus containing sexually graphic content
i have tried every possible way to get this out but nothing happened
plz help -
- on Mon 18 Feb 2013
- 06:20:29 PM UTC
RE: "Facebook" Malware
my pc has been infected by this malware
i am recieving unlimited email errors through my antivirus containing sexually graphic content
i have tried every possible way to get this out but nothing happened
plz helpWelcome
those sites serve a different kind of malware everyday in order to circumvent antivirus software.According to the latest detections they were serving a variant of Trojan-Ransom.Win32.Dorifel
please read http://blog.emsisoft.com/2012/08/09/dorifel-crypto...
downloadhttp://tmp.emsisoft.com/fw/decrypt_dorifel.zipunpack and run it.
Then download Emsisoft Emergency Kit (freeware and stand alone)
http://www.emsisoft.com/en/software/eek/
and MalwareBytes' Antimalware free
http://www.malwarebytes.org/products/malwarebytes_...
Run a full scan with those anti-malware software.
Also clean your browser cache and temp files with CCleaner (slim or portable)
http://www.piriform.com/ccleaner/buildsFor further help please ask
http://www.computerhope.com/forum/index.php?board=...
or
http://www.bleepingcomputer.com/forums/f/103/am-i-...
Thanksfestina lente (hurry slowly)
-
- on Tue 19 Feb 2013
- 04:31:32 AM UTC
RE: "Facebook" Malware
Welcome
those sites serve a different kind of malware everyday in order to circumvent antivirus software.According to the latest detections they were serving a variant of Trojan-Ransom.Win32.Dorifel
please read http://blog.emsisoft.com/2012/08/09/dorifel-crypto...
downloadhttp://tmp.emsisoft.com/fw/decrypt_dorifel.zipunpack and run it.
Then download Emsisoft Emergency Kit (freeware and stand alone)
http://www.emsisoft.com/en/software/eek/
and MalwareBytes' Antimalware free
http://www.malwarebytes.org/products/malwarebytes_...
Run a full scan with those anti-malware software.
Also clean your browser cache and temp files with CCleaner (slim or portable)
http://www.piriform.com/ccleaner/buildsFor further help please ask
http://www.computerhope.com/forum/index.php?board=...
or
http://www.bleepingcomputer.com/forums/f/103/am-i-...
ThanksThanks alot!! it realy worked out for me.
my pc was infected by three severe malwares
but everything has stopped now -
- on Tue 19 Feb 2013
- 05:35:15 AM UTC
RE: "Facebook" Malware
@Divyanshu!!
Glad I could help.
/
List of domains/hosts:
attitudinise.com/ image.html?townsman=gbor
borshcht.net
burnouse.com
clubbable.us
checkrail.net
claimcrazy.ussee:
http://www.urlquery.net/report.php?id=1039015
http://www.urlquery.net/report.php?id=1039039
http://www.urlquery.net/report.php?id=1039067
http://www.urlquery.net/report.php?id=1038944
http://www.urlquery.net/report.php?id=1039000VT
https://www.virustotal.com/en/file/5f4b3667ad2189e...
SHA256: 5f4b3667ad2189eb4ed709da68ef368e6b9a7c5945c24b32f4d11f75c30fbd01
Detection ratio: 2 / 45
Analysis date: 2013-02-19 04:50:18 UTCKaspersky UDS:DangerousObject.Multi.Generic
McAfee-GW-Edition Heuristic.LooksLike.Win32.Suspicious.Cfestina lente (hurry slowly)
-
- on Tue 19 Feb 2013
- 06:41:50 PM UTC
RE: "Facebook" Malware
rjnorris.co.uk/ decrease. htmlsee:
http://www.urlquery.net/report.php?id=1043297VT
https://www.virustotal.com/en/file/07b573dbd7bd2a4...
SHA256: 07b573dbd7bd2a42f9edab6c356c1cd42030e3b9f54b5989b687e621582ba08e
File name: YouBitchTIFF-fb.com
Detection ratio: 4 / 44
Analysis date: 2013-02-19 18:29:01 UTCUDS:DangerousObject.Multi.Generic [Kaspersky]
festina lente (hurry slowly)
-
- on Thu 21 Feb 2013
- 02:21:11 AM UTC
RE: "Facebook" Malware
velarize.com / image.html?townsman=gbor
sulfuret.com
shirtwaister.com
ruination.info
roodscreen.net
proconsul.biz
politicalize.net
ploughman.info
pestiferous.infohttp://www.urlquery.net/report.php?id=1055855
http://www.urlquery.net/report.php?id=1055869
http://www.urlquery.net/report.php?id=1055882
http://www.urlquery.net/report.php?id=1055888
http://www.urlquery.net/report.php?id=1055907
http://www.urlquery.net/report.php?id=1055917
http://www.urlquery.net/report.php?id=1055960
http://www.urlquery.net/report.php?id=1055967
http://www.urlquery.net/report.php?id=1055990VT
https://www.virustotal.com/en/file/e8ed85d2b285316...
SHA256: e8ed85d2b2853167689c8b3463143a98288c870dac36031a9af779e2f5994cc7
File name: YouFunnyGIF-facebook.com
Detection ratio: 15 / 46
Analysis date: 2013-02-21 01:51:10 UTC ( 0 minutes ago )Malwarebytes Trojan.Agent
festina lente (hurry slowly)
"Facebook" Malware
Those malicious sites are currently spreading on facebook through shortened URLs.
Sites prompt to download infected *exe files with random names
melaniedpich.tk
facebook.sm.ua
facebookimg.makewap.kz
facebookimg.makewap.ru
see: http://www.urlquery.net/report.php?id=517894
see: http://www.urlquery.net/report.php?id=519398
see: http://www.urlquery.net/report.php?id=519492
see: http://www.urlquery.net/report.php?id=519542
208.131.138.218
see: http://www.urlquery.net/report.php?id=517905
VT reports
https://www.virustotal.com/file/3b1d12c5a9524f39e1...
SHA256: 3b1d12c5a9524f39e1a70fdc691234aacef74d5e2809af244fb2346fe57b0c0e
File name: YouWhorePNG.exe
Detection ratio: 11 / 46
Analysis date: 2012-12-26 18:19:45 UTC
https://www.virustotal.com/file/3b1d12c5a9524f39e1...
SHA256: 3b1d12c5a9524f39e1a70fdc691234aacef74d5e2809af244fb2346fe57b0c0e
File name: IamNicePNG.exe
Detection ratio: 11 / 46
Analysis date: 2012-12-26 18:34:05 UTC
AntiVir TR/Rogue.KD.817490
BitDefender Trojan.Generic.KD.817490
Kaspersky Trojan.Win32.Scarsi.pek
Malwarebytes Trojan.Agent
Malwr.com report
http://malwr.com/analysis/6c8ae037126dfa8beb04a352...
festina lente (hurry slowly)