(The quickest way to register)

Check out our new Mobile App

Forum

  1. User picture
    • NotBuyingIt on Wed 21 Mar 2012
    • 09:15:45 PM UTC

    Qai.jar malware (CVE-2010-1885)

    A well-know spam expert is reporting an aggressively promoted malware exploit which uses multiple sites together. Deceptive web pages planted on dozens of sites load a set of JavaScripts which in turn attempt to load a malicious webpage. Several variations were detected yesterday and today.

    This set of scripts
    hXXp://50.57.29.172/hVg3GFAo/js.js
    hXXp://finantariauto.ro/5ZqETXNE/js.js
    hXXp://ipecturkey.com/E2UNfoGY/js.js
    hXXp://oompa.de/VTwQKwDD/js.js
    attempt to load
    hXXp://209.59.217.193/showthread.php?t=d7ad916d1c0396ff
    that leads to malware at
    hXXp://209.59.217.193/q.php?f=ba33
    hXXp://209.59.217.193/content/Qai.jar

    This set of scripts
    hXXp://216.205.49.67/CD5s3Ne3/js.js
    hXXp://activetours.pttk.pl/Eaz0Mz8g/js.js
    hXXp://copymax.gr/jbbaaFCK/js.js
    hXXp://offvip.com/TtMQy1sw/js.js
    hXXp://solocyberday.com/oDYibUuh/js.js
    attempt to load
    hXXp://slickicus.com/showthread.php?t=8d80b8c3f87a9538
    that leads to malware at
    hXXp://slickicus.com/q.php?f=db757
    hXXp://slickicus.com/content/Qai.jar

    This set of scripts
    hXXp://officefurnituremart.com/sT1SFMyf/js.js
    hXXp://orvosokafrikaert.hu/Bsz1CQg0/js.js
    hXXp://qqprints.com.my/37ErBpvj/js.js
    hXXp://romanjewelers.com/mnbCaEYY/js.js
    hXXp://samx.zzl.org/crF5iYsT/js.js
    attempt to load
    hXXp://slicksphere.com/showthread.php?t=d7ad916d1c0396ff
    but the domain slicksphere.com has been suspended

    Here are some of the deceptive URLs that have been reported earlier today

    hXXp://02f40c1.netsolhost.com/jXh3opQk/index.html
    hXXp://02f40c1.netsolhost.com/pVXky4P3/index.html
    hXXp://184.164.129.5/H0PL9q26/index.html
    hXXp://3eras.com/0X98aHUS/index.html
    hXXp://5seis.com.ar/jXh3opQk/index.html
    hXXp://91.93.110.150/JYjJE2q2/index.html
    hXXp://acriancafeliz.org.br/vyEryYcH/index.html
    hXXp://advanced-web-hosting-solutions.com/H0PL9q26/index.html
    hXXp://advancedcopier.net/tMYwdbsB/index.html
    hXXp://aerospacend.com/0X98aHUS/index.html
    hXXp://autolorentzos.gr/46iU2yx2/index.html
    hXXp://autolorentzos.gr/k4H1CSBf/index.html
    hXXp://autouniversal.ro/tMYwdbsB/index.html
    hXXp://bestdeal.com.vn/H0PL9q26/index.html
    hXXp://binhanphat.vn/pVXky4P3/index.html
    hXXp://chinchunhoo.com/tp3G2sKH/index.html
    hXXp://criadero-duancos.com.ar/jXh3opQk/index.html
    hXXp://dhtics.webou.net/8pe5eCMZ/index.html
    hXXp://dhtics.webou.net/N7hwdmet/index.html
    hXXp://dhtics.webou.net/vyEryYcH/index.html
    hXXp://fundoohairstyles.com/0X98aHUS/index.html
    hXXp://getstrength.com/pVXky4P3/index.html
    hXXp://glamourspa.com.vn/H0PL9q26/index.html
    hXXp://goksen.com.tr/H0PL9q26/index.html
    hXXp://goksen.com.tr/JYjJE2q2/index.html
    hXXp://goksen.com.tr/tp3G2sKH/index.html
    hXXp://hajashaza.hu/JYjJE2q2/index.html
    hXXp://hajashaza.hu/pVXky4P3/index.html
    hXXp://hajashaza.hu/W9x9Xomw/index.html
    hXXp://hellenic-antiaging-academy.gr/k4H1CSBf/index.html
    hXXp://hidroprojekt-consult.hr/W9x9Xomw/index.html
    hXXp://hippocrafts.com/46iU2yx2/index.html
    hXXp://hippocrafts.com/8pe5eCMZ/index.html
    hXXp://hippocrafts.com/svaVeSkm/index.html
    hXXp://hyperbeesmedia.com/svaVeSkm/index.html
    hXXp://ibafo.com.br/LTWJaNR9/index.html
    hXXp://ibafo.com.br/N7hwdmet/index.html
    hXXp://inour.biz/JYjJE2q2/index.html
    hXXp://inour.biz/pVXky4P3/index.html
    hXXp://isravilon1.com/tMYwdbsB/index.html
    hXXp://junglecreativestudio.gr/k4H1CSBf/index.html
    hXXp://jurjev.com/8pe5eCMZ/index.html
    hXXp://koala.unas.cz/N7hwdmet/index.html
    hXXp://kolling.com.my/LTWJaNR9/index.html
    hXXp://kongo.co.hu/N7hwdmet/index.html
    hXXp://kongo.co.hu/svaVeSkm/index.html
    hXXp://kongo.co.hu/tMYwdbsB/index.html
    hXXp://laflcargo.com/vyEryYcH/index.html
    hXXp://laleyurtseven.com/8pe5eCMZ/index.html
    hXXp://laleyurtseven.com/tMYwdbsB/index.html
    hXXp://ledsociety.com/7ik7M03n/index.html
    hXXp://ledsociety.com/tp3G2sKH/index.html
    hXXp://leikar.net/vyEryYcH/index.html
    hXXp://linemenu.com/8pe5eCMZ/index.html
    hXXp://linemenu.com/svaVeSkm/index.html
    hXXp://littlelordspreschool.com/0X98aHUS/index.html
    hXXp://lsquarednetworks.com/7ik7M03n/index.html
    hXXp://lsquarednetworks.com/tp3G2sKH/index.html
    hXXp://mage.ibraggiotti.com/0X98aHUS/index.html
    hXXp://mage.ibraggiotti.com/W9x9Xomw/index.html
    hXXp://magneticlodestone.com/46iU2yx2/index.html
    hXXp://magneticlodestone.com/tMYwdbsB/index.html
    hXXp://maxiesolutions.com/svaVeSkm/index.html
    hXXp://mayerdobrasil.com.br/W9x9Xomw/index.html
    hXXp://mcms.xs2theworld.com/LTWJaNR9/index.html
    hXXp://mcms.xs2theworld.com/vyEryYcH/index.html
    hXXp://metrofincaraiz.com/0X98aHUS/index.html
    hXXp://minds.com.pk/8pe5eCMZ/index.html
    hXXp://mishelart.com/tp3G2sKH/index.html
    hXXp://mixtle.com/tMYwdbsB/index.html
    hXXp://mkultura.lt/7ik7M03n/index.html
    hXXp://musicalchemylab.lh.pl/46iU2yx2/index.html
    hXXp://myghanaonline.com/N7hwdmet/index.html
    hXXp://notebooktamiri.gen.tr/vyEryYcH/index.html
    hXXp://objebi.com/xBu5dukk/index.html
    hXXp://olla-de-felix-buenos-aires.com/Qyuv8XX1/index.html
    hXXp://olla-de-felix-buenos-aires.com/xBu5dukk/index.html
    hXXp://oneblr.com/a65oSoKL/index.html
    hXXp://optimizacija-seo.com/a65oSoKL/index.html
    hXXp://overhill.comicgenesis.com/xBu5dukk/index.html
    hXXp://paperbuzz.net/3BvC2cTf/index.html
    hXXp://party-chat.hu/a65oSoKL/index.html
    hXXp://party-chat.hu/xBu5dukk/index.html
    hXXp://povilasc.ipower.com/tp3G2sKH/index.html
    hXXp://pp.premiumpage.pl/vyEryYcH/index.html
    hXXp://Privatesandbox.com/qVsVjYfe/index.html
    hXXp://prodmovie.com/xBu5dukk/index.html
    hXXp://psytrip.com.br/LTWJaNR9/index.html
    hXXp://public.smartbe.be/0X98aHUS/index.html
    hXXp://rajtr.com/7ik7M03n/index.html
    hXXp://realestatebootcamp.ca/LTWJaNR9/index.html
    hXXp://redencionsofro.com.ar/3BvC2cTf/index.html
    hXXp://revivalgospelministries.org/LTWJaNR9/index.html
    hXXp://riwex.hu/3BvC2cTf/index.html
    hXXp://sarahyong.com/CzEjfCRK/index.html
    hXXp://sereflikochisarzob.org/LTWJaNR9/index.html
    hXXp://sezam.home.pl/CzEjfCRK/index.html
    hXXp://silentstartupwebsite.com/CzEjfCRK/index.html
    hXXp://silentstartupwebsite.com/xBu5dukk/index.html
    hXXp://siranmuftulugu.gov.tr/46iU2yx2/index.html
    hXXp://sisrs.org/tMYwdbsB/index.html
    hXXp://sixdimensions.co.id/xBu5dukk/index.html
    hXXp://softwarepark-galati.ro/xBu5dukk/index.html
    hXXp://swcc.marknetdev.com/LTWJaNR9/index.html
    hXXp://sxs-bwn.org/vyEryYcH/index.html
    hXXp://techleadsolution.com/QnXBRiWS/index.html
    hXXp://tehranmaltbeer.com/30VtVqEf/index.html
    hXXp://tempo-www.defisduchott.com/CzEjfCRK/index.html
    hXXp://themainmall.com/svaVeSkm/index.html
    hXXp://transcamila.com/tMYwdbsB/index.html
    hXXp://upedagogica.edu.bo/N7hwdmet/index.html
    hXXp://www.tesan.com.tr/vyEryYcH/index.html

    Some other reported URLs return HTTP 404 ("Not Found") or their domains have been suspended, so I suspect efforts are underway to combat the malware campaign.

     Data that is stored in the cloud may become lost in the fog.

Comments:

  1. User picture
    • MelishaK on Fri 13 Apr 2012
    • 02:16:51 AM UTC

    RE: Pol.jar malware (CVE-2010-0188, CVE-2010-1885)

    Originally posted by: NotBuyingIt
    agrimir.com/7zVC6k3E/index.html
    www.viaimpressa.com.br/AjrXGFpA/index.html
    webdesing.host.org/XeRn2NHf/index.html

    esurveyshop.com/JyLB9cB5/js.js
    honglinhpc.vn/NgLChx6h/js.js
    igtic.com/P8x1UmEB/js.js
    shotbythishya.com/n4FDyRDV/js.js
    training.wdpcommunity.org/WdA8CYb8/js.js
    truecouponing.com/kCBB03A8/js.js

    50.116.4.110/showthread.php?t=73a07bcb51f4be71
    50.116.4.110/showthread.php?t=8d80b8c3f87a9538
    50.116.4.110/showthread.php?t=d7ad916d1c0396ff
    50.116.4.115/showthread.php?t=73a07bcb51f4be71
    50.116.4.115/showthread.php?t=8d80b8c3f87a9538
    50.116.4.115/showthread.php?t=d7ad916d1c0396ff
    64.120.232.102/showthread.php?t=73a07bcb51f4be71
    66.150.214.196/showthread.php?t=d7ad916d1c0396ff

    [Edit: Added more sites (below) 05-Apri-2012 22:40 UTC]

    doraproje.com/oQAJ1oDK/index.html
    kartalmantolama.com/L0oma16u/index.html

    jsec.com.sg/KxTiNvRn/js.js
    locacionesnf.com.ar/nKPp9nNs/js.js
    nortrix.com/Xi3EVwUH/js.js

    50.116.17.145/showthread.php?t=8d80b8c3f87a9538

    The page at truecouponing.com has been removed

  2. User picture
    • NotBuyingIt on Fri 13 Apr 2012
    • 03:23:42 AM UTC

    RE: truecouponing.com

    Cross-reference:

    truecouponing.com, which I mentioned earlier in this thread, is the subject of a new site evaluation at
    http://www.mywot.com/forum/22176-truecouponing-...

    The single URL at that site which I listed now returns HTTP 404 ("Not Found"), as noted in the comment immediately preceding this one.

     Data that is stored in the cloud may become lost in the fog.

  3. User picture
    • NotBuyingIt on Fri 13 Apr 2012
    • 02:23:56 PM UTC

    RE: Klot.jar malware (CVE-2010-0188,CVE-2010-1885,CVE-2012-0507)

    eybo.ro/WTGpk6DV/index.html

    035816f.netsolhost.com/j7P82oPR/js.js
    www.3dhot.org/dLERbRRy/js.js
    atvsofia.com/MuG6m9oV/js.js
    cafeland.vn/vrCGpAsX/js.js
    www.casamemoriamilano.it/h7Ps7db2/js.js
    federaloilindonesia.com/oQvWf7vo/js.js
    flashgameshole.com/b0ZKH2NT/js.js

     Data that is stored in the cloud may become lost in the fog.

  4. User picture
    • NotBuyingIt on Fri 13 Apr 2012
    • 05:26:42 PM UTC

    RE: Klot.jar malware (CVE-2010-0188,CVE-2010-1885,CVE-2012-0507)

    www.abdelghafar.org/AG6VoRWa/index.html
    www.acenergia.it/R0pdb6q7/index.html
    ads.theevolutionagency.com/duZkZg88/index.html
    www.agensport.it/frCDKZFo/index.html
    alcantor-demo.com/hwgNjW8y/index.html
    www.angeloschiavi.it/Rx524y4J/index.html
    www.annabellefashionevents.com/hLZDKHAH/index.html
    babybloomphoto.org/hwgNjW8y/
    bant.gen.tr/MdThHWKd/index.html
    www.beemotion.it/7WheXw96/index.html
    bhatiasonline.org/RDz7rjzb/index.html
    bioidenticalworld.com/a8HJUWCi/index.html
    boxingarena.co.za/hwgNjW8y/index.html
    contentguruji.com/duZkZg88/index.html
    cyberradio.org/RDz7rjzb/index.html
    delhibulksms.in/hwgNjW8y/index.html
    divinaclub.it/MdThHWKd/index.html
    djatila.com/duZkZg88/index.html
    ecoalianza.com/9ikoFMts/index.html
    ednamodular.com/MdThHWKd/index.html
    eleedesigner.com/RDz7rjzb/index.html
    e-news2u.com/hwgNjW8y/index.html
    espectacular1031fm.com/a8HJUWCi/index.html
    flexi-training.ro/9JMMiKE4/index.html
    fortall.com.br/hbjp7UTR/index.html
    fxprint.ro/RDz7rjzb/index.html
    horadegastar.com.br/MdThHWKd/index.html
    iklimodalari.com/FY56KwtK/index.html
    investdominica.com/Fo3zckPk/index.html
    www.ivantoscano.it/5xp7WaVU/index.html
    labrumklimat.com/FAUs4t5F/index.html
    ledz.ro/9ikoFMts/index.html
    mrduke.onlinewebshop.net/xygLkbsu/index.html
    playdjmusic.com.br/Kuup6Na7/index.html

    7usafinance.com/pjZ2AcPn/js.js
    abroadacademy.com.tr/u82ngwFJ/js.js

    75.98.173.187/showthread.php?t=d7ad916d1c0396ff
    75.98.173.187/data/ap2.php
    {applet/*/ archive="hXXp://75.98.173.187/Klot.jar" code=ya.M }

     Data that is stored in the cloud may become lost in the fog.

  5. User picture
    • A440 on Fri 13 Apr 2012
    • 06:00:39 PM UTC

    RE: OSX Apple Java update

    FYI, not that I use this but there is an update for Apple's Java for 10.6.x (Snow Leopard):

    http://www.macupdate.com/app/mac/33087/apple-java-...

  6. User picture
    • NotBuyingIt on Fri 13 Apr 2012
    • 07:24:54 PM UTC

    RE: OSX Apple Java update

    Originally posted by: A440
    FYI, not that I use this but there is an update for Apple's Java for 10.6.x (Snow Leopard):

    http://www.macupdate.com/app/mac/33087/apple-java-...

    What's New
    Version Update 8:

    This Java security update removes the most common variants of the Flashback malware.

    Requirements
    Intel, Mac OS X 10.6.8 "

    Also, Apple has released a new Java update for Lion

    Java for OS X 2012-003 (v. 1.0)
    This Java security update removes the most common variants of the Flashback malware.

    This update also configures the Java web plug-in to disable the automatic execution of Java applets. Users may re-enable automatic execution of Java applets using the Java Preferences application. If the Java web plug-in detects that no applets have been run for an extended period of time it will again disable Java applets. "

     Data that is stored in the cloud may become lost in the fog.

  7. User picture
    • NotBuyingIt on Fri 13 Apr 2012
    • 07:48:06 PM UTC

    RE: Klot.jar malware (CVE-2010-0188,CVE-2010-1885,CVE-2012-0507)

    aliyilmaz.com/hbjp7UTR/index.html
    ankarayatakimalati.com/RDz7rjzb/index.html
    awbi.org/WTGpk6DV/index.html
    bdcstewards.com/a8HJUWCi/index.html
    bebexarila.com.pt/3g7fZ9XF/index.html
    biosains.mipa.uns.ac.id/9ikoFMts/index.html
    blog-av.com/hwgNjW8y/index.html
    cgstudioonline.com/hwgNjW8y/index.html
    dfs.selfip.com/frCDKZFo/index.html
    easypaisahost.com/a8HJUWCi/index.html
    sozitje-maribor.si/FAUs4t5F/index.html
    vermitrade.co.za/Rx524y4J/index.html

    02c8dac.netsolhost.com/qcy8gdwn/js.js
    buglenews.com/Dy2H7Ym8/js.js
    ccsai.emicrodevsite.com/GwaJ7LVP/js.js
    dcicz.org/QfzdMHp7/js.js
    ebay.in.cytail.in/f91AH1mQ/js.js
    emarketingatuestilo.com/Vysx3S9C/js.js
    extelindia.com/4YdcDLAf/js.js

     Data that is stored in the cloud may become lost in the fog.

  8. User picture
    • MysteryFCM on Fri 13 Apr 2012
    • 08:48:22 PM UTC

    RE: Klot.jar malware (CVE-2010-0188, CVE-2010-1885, CVE-2012-05)

    Just an FYI, at the time of posting this, the following are the only ones still live;

    List of domains/hosts:

    hxxp://02c8dac.netsolhost.com/qcy8gdwn/js.js
    hxxp://75.98.173.187/data/ap2.php
    hxxp://75.98.173.187/showthread.php?t=d7ad916d1c0396ff
    hxxp://7usafinance.com/pjZ2AcPn/js.js
    hxxp://abroadacademy.com.tr/u82ngwFJ/js.js
    hxxp://ads.theevolutionagency.com/duZkZg88/index.html
    hxxp://alcantor-demo.com/hwgNjW8y/index.html
    hxxp://aliyilmaz.com/hbjp7UTR/index.html
    hxxp://ankarayatakimalati.com/RDz7rjzb/index.html
    hxxp://awbi.org/WTGpk6DV/index.html
    hxxp://bebexarila.com.pt/3g7fZ9XF/index.html
    hxxp://bhatiasonline.org/RDz7rjzb/index.html
    hxxp://biosains.mipa.uns.ac.id/9ikoFMts/index.html
    hxxp://blog-av.com/hwgNjW8y/index.html
    hxxp://boxingarena.co.za/hwgNjW8y/index.html
    hxxp://buglenews.com/Dy2H7Ym8/js.js
    hxxp://ccsai.emicrodevsite.com/GwaJ7LVP/js.js
    hxxp://cgstudioonline.com/hwgNjW8y/index.html
    hxxp://cyberradio.org/RDz7rjzb/index.html
    hxxp://dcicz.org/QfzdMHp7/js.js
    hxxp://dfs.selfip.com/frCDKZFo/index.html
    hxxp://divinaclub.it/MdThHWKd/index.html
    hxxp://djatila.com/duZkZg88/index.html
    hxxp://easypaisahost.com/a8HJUWCi/index.html
    hxxp://ebay.in.cytail.in/f91AH1mQ/js.js
    hxxp://ednamodular.com/MdThHWKd/index.html
    hxxp://eleedesigner.com/RDz7rjzb/index.html
    hxxp://emarketingatuestilo.com/Vysx3S9C/js.js
    hxxp://espectacular1031fm.com/a8HJUWCi/index.html
    hxxp://extelindia.com/4YdcDLAf/js.js
    hxxp://flexi-training.ro/9JMMiKE4/index.html
    hxxp://fxprint.ro/RDz7rjzb/index.html
    hxxp://iklimodalari.com/FY56KwtK/index.html
    hxxp://investdominica.com/Fo3zckPk/index.html
    hxxp://labrumklimat.com/FAUs4t5F/index.html
    hxxp://ledz.ro/9ikoFMts/index.html
    hxxp://playdjmusic.com.br/Kuup6Na7/index.html
    hxxp://sozitje-maribor.si/FAUs4t5F/index.html
    hxxp://www.abdelghafar.org/AG6VoRWa/index.html
    hxxp://www.acenergia.it/R0pdb6q7/index.html
    hxxp://www.agensport.it/frCDKZFo/index.html
    hxxp://www.angeloschiavi.it/Rx524y4J/index.html
    hxxp://www.annabellefashionevents.com/hLZDKHAH/index.html
    hxxp://www.beemotion.it/7WheXw96/index.html
    hxxp://www.ivantoscano.it/5xp7WaVU/index.html

    Regards Steven Burn I.T. Mate / hpHosts it-mate.co.uk / hosts-file.net

  9. User picture
    • NotBuyingIt on Fri 13 Apr 2012
    • 09:36:46 PM UTC

    RE: Klot.jar malware (CVE-2010-0188,CVE-2010-1885,CVE-2012-0507)

    Originally posted by: MysteryFCM
    Just an FYI, at the time of posting this, the following are the only ones still live;
    \

    Thank you for shortening the list of URLs, Steven. Here's a few more that are active

    alriha.net/MdThHWKd/index.html
    arcelikkaracalar.com/9JMMiKE4/index.html
    benri.ran-maru.net/frCDKZFo/index.html
    www.realtimestudios.it/wdQEEQHY/index.html

    [Edit: Added sites (below) 13-April-2012 23:20 UTC]

    benimesnafim.com/hwgNjW8y/index.html
    benri.yakiin.net/9JMMiKE4/index.html
    bronios.com/SgL4VyPU/index.html
    colliur.com/QJFuiphG/index.html
    www.ducondacorse.it/Rx524y4J/index.html
    www.pensarecultura.it/5fiZgmDV/index.html

    delinear.com.br/NM1NqmuR/js.js

     Data that is stored in the cloud may become lost in the fog.

  10. User picture
    • NotBuyingIt on Sat 14 Apr 2012
    • 02:10:43 PM UTC

    RE: Klot.jar malware (CVE-2010-0188,CVE-2010-1885,CVE-2012-0507)

    69.194.194.106/showthread.php?t=4a6d866826776084
    69.194.194.106/data/ap2.php
    {applet/*/ archive=hXXp://69.194.194.106/Klot.jar code=ya.M }{param name=p valu="google" ...

     Data that is stored in the cloud may become lost in the fog.

  11. User picture
    • NotBuyingIt on Sun 15 Apr 2012
    • 02:53:57 PM UTC

    Klot.jar malware (CVE-2010-0188,CVE-2010-1885,CVE-2012-0507)

    buyandsmile.atomclick.co:8080/showthread.php?t=4a6d866826776084
    buyandsmile.atomclick.co:8080/data/ap2.php
    {applet/*/ archive=http://buyandsmile.atomclick.co:8080/Klot.jar code=ya.M } ...
    buyandsmile.atomclick.co:8080/pony/gate.php

    193.106.104.151:8080/showthread.php?t=4a6d866826776084
    193.106.104.151:8080/data/ap2.php
    {applet/*/ archive=hXXp://193.106.104.151:8080/Klot.jar code=sa.M }{param valu="google" ...

     Data that is stored in the cloud may become lost in the fog.

  12. User picture
    • NotBuyingIt on Tue 17 Apr 2012
    • 05:00:04 AM UTC

    RE: Klot.jar malware (CVE-2010-0188,CVE-2010-1885,CVE-2012-0507)

    bcreativenow.net/FayvuGBV/index.html
    createyourownmyspacelayouts.info/acFj9L63/index.html
    dtautospa.com/FayvuGBV/index.html
    kurinjiengg.org/oUURmAZV/index.html

    digitizingascent.com/5BwZRYWs/js.js

    69.194.193.186/showthread.php?t=d7ad916d1c0396ff
    69.194.193.186/data/ap2.php
    {applet/*/ archive=hXXp://69.194.193.186/Klot.jar code=sa.M }{param valu="google" …

     Data that is stored in the cloud may become lost in the fog.

  13. User picture
    • NotBuyingIt on Tue 17 Apr 2012
    • 03:54:39 PM UTC

    RE: Klot.jar malware (CVE-2010-0188,CVE-2010-1885,CVE-2012-0507)

    chicagocashflowproperties.com/3xie1db4/index.html
    kerowebperu.com/8rXGu4kG/index.html
    piyatravels.co.in/BgcYrS3M/index.html
    tokiev.com/8rXGu4kG/index.html

    colorenelsonido.com.ar/qdbXT0bc/js.js
    graficasaojudastadeu.com.br/kWSNT3uh/js.js
    vdsprojectsdemo.com/d0DRqitC/js.js

    173.44.136.197/showthread.php?t=d7ad916d1c0396ff
    173.44.136.197/data/ap2.php
    {applet/*/ archive=hXXp://173.44.136.197/Klot.jar code=sa.M cod=123 }

    [Edit: Added site (below) 17-April-2012 18:10 UTC]

    barkworldexpo.com/8rXGu4kG/index.html

     Data that is stored in the cloud may become lost in the fog.

  14. User picture
    • NotBuyingIt on Tue 17 Apr 2012
    • 11:40:33 PM UTC

    RE: Qai.jar malware (CVE-2010-1885)

    arajoyas.com/oUURmAZV/index.html
    depart.hu/nSsHuMRU/index.html
    dtautospa.com/FayvuGBV/index.html
    divorciosvalencia.es/dB68B0Pt/index.html
    efexglobal.com/rmAoYaTq/index.html
    extremesteel.pro/cmrdfuP6/index.html
    tweetsdiary.com/FayvuGBV/index.html
    vigneshflats.com/kh5DNfE3/index.html

     Data that is stored in the cloud may become lost in the fog.

  15. User picture
    • NotBuyingIt on Thu 19 Apr 2012
    • 03:19:44 AM UTC

    RE: Klot.jar malware (CVE-2010-1885,CVE-2012-0507)

    buy4low.co.il/3xie1db4/index.html
    buyukhirka.com/rmAoYaTq/index.html
    callalou.co.ke/BgcYrS3M/index.html
    cilekoyun.net/acFj9L63/index.html
    dimagnavitaeventos.com.br/EbDsExFw/index.html
    dlestudio.com.br/qmXimKFE/index.html
    privehairsalon.com/BgcYrS3M/index.html

    ikincielesya.tk/3coR4RCm/js.js
    thetestshed.co.uk/1S6KsrQF/js.js

    184.22.115.24/showthread.php?t=d7ad916d1c0396ff
    {applet/*/ archive=hXXp://184.22.115.24/./Klot.jar code=a.J cod=123 }

    electrosa.com/8zvW2XE.exe (See http://www.virustotal.com/file/5b141917fda61b84044... )

    [Edit: Added site (below) 19-April-2012 05:00 UTC]

    marketing-agents.co.uk/qmXimKFE/index.html

     Data that is stored in the cloud may become lost in the fog.

  16. User picture
    • NotBuyingIt on Thu 19 Apr 2012
    • 04:50:27 PM UTC

    RE: Klot.jar malware (CVE-2010-0188,CVE-2010-1885,CVE-2012-0507)

    ritrattostudio.com.br/qmXimKFE/index.html
    r-sms.net/ScHFENs5/index.html
    sensiz.com/5V4QLf3p/index.html
    sportms1.com/kmru2hZh/index.html
    sunna.in/2zADfbBZ/index.html

    kennetic-x.host.org/rH9caJzg/js.js
    kuranihayat.com/Q2pqgrG0/js.js
    ultraslan-uni.org/SHz03Q7Q/js.js

    77.79.7.195/showthread.php?t=d7ad916d1c0396ff
    77.79.7.195/data/ap2.php
    {applet*/ archive=hXXp://77.79.7.195/./Klot.jar code=a.J cod=123 }

    [Edit: added sites (below) 19-April-2012 19:50 UTC]

    ftp.restauracja-winnica.pl/5PRJmhB2/index.html
    sonbaski.com/5ZT9dGjm/index.html
    testboko.getenjoyment.net/5ZT9dGjm/index.html

    creativefields.com.au/urPmKaPu/js.js
    indulge.my/PToY83Me/js.js
    studioredstar.cz/SqNJAQVo/js.js
    theskylinegroup.net/6NwN40X5/js.js

     Data that is stored in the cloud may become lost in the fog.

  17. User picture
    • NotBuyingIt on Fri 20 Apr 2012
    • 03:42:19 AM UTC

    RE: Klot.jar malware (CVE-2010-0188,CVE-2010-1885,CVE-2012-0507)

    pmautomobili.com/ScHFENs5/index.html
    pogonew.com/WeK0izgr/index.html
    www.screenprinting.net/nDkyqLfZ/index.html

    [Edit: Added site (below) 20-April-2012 06:10 UTC]

    85.25.189.174/showthread.php?t=d7ad916d1c0396ff
    85.25.189.174/data/ap2.php
    {applet/*/ archive=hXXp://85.25.189.174/./Klot.jar code=a.J cod=123 }

     Data that is stored in the cloud may become lost in the fog.

  18. User picture
    • NotBuyingIt on Fri 20 Apr 2012
    • 03:23:49 PM UTC

    RE: Klot.jar malware (CVE-2010-0188,CVE-2010-1885,CVE-2012-0507)

    209.34.241.159/P13cCxmC/index.html
    canoeshop-france.com/XtAjs382/index.html
    crivadron.com/rGgh0R6L/index.html
    maximusgrowthfund.com/Qu8ZeDCr/index.html
    pescavariadagoya.com.ar/Chef9iZ6/index.html
    studentenarchitectuur.be/rZ84USwj/index.html
    thefacesonline.com/WeK0izgr/index.html
    trsanal.com/UBYXoX4z/index.html

    greatnortherncattle.com/m5GMTAfC/js.js
    imamsaid.com/VKpcPHjp/js.js
    mudmesh.com/uCuts1Ye/js.js
    nitinkabra.com/GQkxEZW6/js.js [Update: HTTP 404 "Not Found"]
    sergiorojstaczer.com/NN6H0xqy/js.js
    tpmnetworking.com/HAeQvidR/js.js
    vercom.com.br/cjZGUGXX/js.js [Update: HTTP 403 "Forbidden"]

    [Edit: added sites (below) 20-April-2012 15:40 UTC]

    bratpackers.com/8tDBouj5/index.html
    oteltatilturizm.com/SSdiR6S3/index.html
    toptourpackages.com/PvGjUqQ5/index.html

     Data that is stored in the cloud may become lost in the fog.

  19. User picture
    • NotBuyingIt on Sat 21 Apr 2012
    • 01:56:58 PM UTC

    RE: Klot.jar malware (CVE-2010-0188,CVE-2010-1885,CVE-2012-0507)

    20palc.atwebpages.com/zKUYcLk4/index.html
    sgmelektrik.com.tr/Qu8ZeDCr/index.html

     Data that is stored in the cloud may become lost in the fog.

  20. User picture
    • NotBuyingIt on Sun 22 Apr 2012
    • 05:21:37 PM UTC

    RE: Klot.jar malware (CVE-2010-0188,CVE-2010-1885,CVE-2012-0507)

    bomberosmachachi.gob.ec/3g9ywRgb/index.html

    dattco.com/DdPLYCT3/js.js
    hotelrelaxinnbsw.com/aMDNtXrR/js.js
    www.royalcenter.co/4ba7QsdF/js.js

     Data that is stored in the cloud may become lost in the fog.

  21. User picture
    • NotBuyingIt on Sun 22 Apr 2012
    • 10:30:10 PM UTC

    RE: Klot.jar malware (CVE-2010-0188,CVE-2010-1885,CVE-2012-0507)

    alcopaz.com/6GkXis2t/index.html
    aseforum.ro/N7kkDdho/index.html
    b1group.ca/DcXTY95c/index.html
    baie-des-anges.com/tjUQVqbC/index.html
    beinsync.in/pHbH0hzY/index.html
    cayambeturismo.gob.ec/zHyxgRft/index.html
    devsdelight.net/DcXTY95c/index.html
    doctors.eyes.org/a6qYbbvX/index.html
    www.housecinema.com.ar/6GkXis2t/index.html
    ics.al/M7vrQsUT/index.html
    ioanenciu.ro/JLdSGm4e/index.html
    kathassessoria.com.br/igc6smeH/index.html
    mimosa.by/NRgpjTK6/index.html
    modulusmedia.ca/M7vrQsUT/index.html
    projectfiles.net/pHbH0hzY/index.html
    the-zones.co.za/DcXTY95c/index.html

    anydemo.in/ox8rWBHG/js.js
    Darsshan.com/8n9SXXoy/js.js
    liviu-andrei.info/h7w4JS05/js.js
    radio-albayane.com/zEzmQhFR/js.js

     Data that is stored in the cloud may become lost in the fog.

  22. User picture
    • NotBuyingIt on Mon 23 Apr 2012
    • 03:20:43 PM UTC

    RE: Klot.jar malware (CVE-2010-0188,CVE-2010-1885,CVE-2012-0507)

    gucar.com.tr/0MdsKSnU/index.html

    biomobil.hu/ceAFHo1M/js.js
    click-surf.co.uk/HMKV1gvW/js.js
    jwoodmendical.net/QkV6ab7N/js.js

    199.15.252.136/showthread.php?t=977334ca118fcb8c
    199.15.252.136/data/ap2.php
    {applet/*/ archive=hXXp://199.15.252.136/./Klot.jar code=a.J cod=123 }

    [Edit: added sites (below) 23-April-2012 18:15 UTC]

    accademiadelleopere.it/gAL0BqHz/index.html
    astrotech-sc.com/jCbhdW8C/index.html
    gcc.prosixsoftron.in/aMB8dBws/index.html
    maxclearcrystal.com/jCbhdW8C/index.html
    movefitnessstudio.com/akAYd6dn/index.html
    ftp.uicouestatlantique.com/QCFx4ZBd/index.html
    www.zerostres4x4.com/wPhYk60m/index.html

    adrianaseixas.com.br/rrrL1vUX/js.js
    bulgariadesign.com/935EHeaD/js.js
    cardservice.pl/0pFdNiwU/js.js
    Eskad.ir/0NjeMJeY/js.js
    muzyka-na-wesela.pl/cZjrd9iZ/js.js
    snopek.rodokmen.org/xaEwPso4/js.js

     Data that is stored in the cloud may become lost in the fog.

  23. User picture
    • NotBuyingIt on Mon 23 Apr 2012
    • 07:10:49 PM UTC

    RE: Klot.jar malware (CVE-2010-0188,CVE-2010-1885,CVE-2012-0507)

    cev.be/akAYd6dn/index.html
    gonetwork.info/6iRda08Z/index.html
    techvocal.com/FLYN2F3P/index.html

    google-seo-top.com/6AG2WWQU/js.js [HTTP 404 "Not Found"]
    pamedo.at/PYPwU74n/js.js
    rotarywp.org/uAdLn1N3/js.js [HTTP 403 "Forbidden"]
    startravelsindia.com/sgGtcJ2T/js.js [HTTP 404 "Not Found"]

    204.45.250.53/showthread.php?t=4a6d866826776084
    204.45.250.53/data/ap2.php
    {applet/*/ archive=hXXp://204.45.250.53/./Klot.jar code=a.J cod=123 }

    [Edit: added sites (below) 23-April-2012 20:15 UTC]

    carekraft.ro/P13cCxmC/index.html
    funtur.ro/0MdsKSnU/index.html

    [Edit: added site (below) 23-April-2012 22:10 UTC]

    lacigale.gr/pVDkSFCc/index.html

     Data that is stored in the cloud may become lost in the fog.

  24. User picture
    • NotBuyingIt on Tue 24 Apr 2012
    • 03:09:01 AM UTC

    RE: Klot.jar malware (CVE-2010-0188,CVE-2010-1885,CVE-2012-0507)

    pixran.com/8tDBouj5/index.html

    felipesantiago.es/akAYd6dn/index.html
    fundacion-selkirk.org/aMB8dBws/index.html
    lesalonduvoyageencar.com/3AH8s1p4/index.html
    modenafinefoods.com/akAYd6dn/index.html

    [Edit: added sites (below) 23-April-2012 UTC 04:00 UTC]

    www.kangaxx.com/3yEpB53z/index.html
    serraikizimi.gr/akAYd6dn/index.html

     Data that is stored in the cloud may become lost in the fog.

  25. User picture
    • NotBuyingIt on Tue 24 Apr 2012
    • 06:07:15 PM UTC

    RE: Klot.jar malware (CVE-2010-0188,CVE-2010-1885,CVE-2012-0507)

    emrahsoft.com/0MdsKSnU/index.html
    enoetna.comune.santavenerina.ct.it/G1ZqK8e1/index.html
    firstlinewellness.wsisrdev.com/1QzWjbbh/index.html
    flavourartexpress.biz/RBJT9vtu/index.html
    ranchmagazine.com/4yWVRAH4/index.html
    ravlontex.com/uJg2y7fJ/index.html

    anadolujetwap.coodii.com/hrLgRHsJ/js.js
    ftp.certifiedfolder.com/BtUHDQRY/js.js
    cosad.org/troWg0MB/js.js
    falco48.altervista.org/0Kj8sF5v/js.js [HTTP 403 "Forbidden"]
    fleetoffreedom.com/WEeuQHsH/js.js
    maisonesquive.fr/yQqJfaoT/js.js
    santoromichele.it/acg5csdZ/js.js [HTTP 404 "Not Found"]
    sushiminto.com/zPXs6eBz/js.js
    ftp.vitis.com.br/4A7mav0a/js.js

    188.165.65.221/showthread.php?t=73a07bcb51f4be71
    188.165.65.221/data/ap2.php
    {applet/*/ archive=hXXp://188.165.65.221/./Klot.jar code=a.J cod=123 }

    208.117.43.8/showthread.php?t=d7ad916d1c0396ff
    208.117.43.8/data/ap2.php

    [Edit: added sites (below) 24-April-2012 18:45 UTC]

    k-buildsystem.hu/rKejBfwv/index.html
    traveldoctor.net/FLYN2F3P/index.html

    www.aafaq.ca/sxuvf5jV/js.js
    cosad.org/troWg0MB/js.js
    lsdkft.hu/bC1BxCbJ/js.js
    maisonesquive.fr/yQqJfaoT/js.js
    pamedo.at/PYPwU74n/js.js
    yasonrafilm.com/ZAsUDjH1/js.js

     Data that is stored in the cloud may become lost in the fog.

  26. User picture
    • NotBuyingIt on Tue 24 Apr 2012
    • 07:46:38 PM UTC

    RE: malware (CVE-2010-0188,CVE-2010-1885)

    barbuscia.eu/P2W89naK/index.html
    domainedelapuannerie.rd-h.com/hUhzqsfa/index.html
    montlacvert.qc.ca/GxRcY5dY/index.html

    endo.de.mypubxtreme.ro/k00oHWdX/js.js
    www.gardesa.fr/t4EyxYSS/js.js
    leofoto.it/t8kprRSB/js.js
    www.unmdggame.com/ofSuWB2F/js.js

    72.46.137.57/showthread.php?t=34c79594e8b8ac0f
    72.46.137.57/data/ap2.php

     Data that is stored in the cloud may become lost in the fog.

  27. User picture
    • MarkGiles on Tue 24 Apr 2012
    • 10:49:24 PM UTC

    RE: Qai.jar malware (CVE-2010-1885)

    A list of 469 domain names detected in spam since April 2. These all match the URL format

    domain name + / + 8 alpha-numeric mixed case characters + / + index.html
    for example: cursosdeprogramacao.com.br/zh6jPwn1/index.html

    List of domains/hosts:

    21stcenturysurvey.co.uk
    40store.com
    aceite.baurubkt.com.br
    acessototalinformatica.com.br
    adpro.com.vn
    aeima.gr
    agapesaudeeestetica.com.br
    alecarneiro.com.ar
    algumasviagens.com.br
    alltimegift.com
    aluguelciroimoveis.com.br
    alumbradocatamarca.com.ar
    amex.net.pl
    amuseink.co.za
    anamariafitness.com.br
    andreaska.altervista.org
    anticabottegadu.altervista.org
    antichi.altervista.org
    areaftp.azzurraceramica.it
    areiaana.com.br
    arielhomes.co.il
    arquigeo.com.ar
    arteestofaria.com.br
    ata.mehmetakif.edu.tr
    atiladagtekin.com
    audio.peristaltika.com
    autoglasschangers.ca
    barroso.mg.gov.br
    bdeclinic.com.br
    beckervideo.com.br
    bedstodayonline.co.uk
    bermudapoliceservice.bm
    beyceli.com.tr
    bibidibobidibooo.altervista.org
    biseles.com.ar
    bjra.com.my
    blessingtour.com.br
    blog.hablemosdetodo.es
    bmsevero.com.br
    boehmundkuhn.bplaced.net
    boidamanta.com.br
    bolichesbares.com.ar
    bomberosmachachi.gob.ec
    borbis.home.pl
    boutiquecoisasdemulher.com.br
    brasilseminovos.com.br
    budiridwin.web.id
    camboatas.com.br
    camboriucombateapedofilia.com.br
    carmauto.com.br
    casadacriancadobrasil.org.br
    casadastelhasnet.com.br
    casadopisoindustrial.com.br
    casamentosnanet.com.br
    catalystplus.com.au
    catrakilis.co.za
    cayambeturismo.gob.ec
    celikaydahiliticaret.com.tr
    celtichearttattoo.co.uk
    centreforsportsmedicine.co.za
    cfcbarravelha.com.br
    cfcsouzaitajai.com.br
    challancin.fr
    chayanam.pcriot.com
    chennaiinteractive.com
    chocolatta.com.ar
    ciaasaford.com.br
    clubcoloneventos.com.ar
    clubunescomodena.it
    cobra.zimcom.net
    coisetamuchastegui.com.ar
    competitions.pdp.gr
    comprasemrivera.com.br
    comunidadcristiana.com.pe
    congres.eska.fr
    consinteko.com.br
    contabilidadesuprema.com.br
    corsiedilizia.topschool.it
    countrypoint.temppublish.com
    cpseu.com
    creecuador.com.ec
    cristianemafraimoveis.com.br
    cristianimbiancature.com
    crsf.com.ec
    culturalbridges.co.uk
    cursosdeprogramacao.com.br
    d1167661.dotsterhost.com
    decoragyn.com.br
    dedetizadoraalexandrelopes.com.br
    demideli.com
    demo.syndicationradio.com
    dev.hawaiitobaccocontrol.org
    develop.vardebueskytter.dk
    dhostrow.opalnet.pl
    diasporastore.altervista.org
    differenzaseguros.com.br
    digitalkarikatur.com
    dinlesevgilifm.com.nu
    discern.com.tw
    dismarlub.com.br
    dlsnoba.org.ar
    doctors.eyes.org
    download.d2t.de
    drde.fr
    drywalltec.com.pe
    dtcobaglung.gov.np
    dusup.ae
    easytogetcash.zzl.org
    ebanodecor.com.br
    ekran.com.ba
    elcioreuter.com.br
    elegant2.dev50.com
    elettroprogettitoscana.it
    eliteworldhotel.com.tr
    elmasguzellik.com
    emmegrafica.altervista.org
    emporiojanial.com.br
    encoder.com.tr
    esteticanovaphase.com.br
    estovale.com.br
    estyloviagens.com.br
    eurobrasilviagens.com.br
    euroquest.it
    excitinggirl.eu
    extremix.com.ar
    ezoom.com.br
    faberhost.web.id
    fablabbudapest.zzl.org
    falco34.altervista.org
    falcopc.altervista.org
    farostecnologia.com.br
    ferruhyildirim.com
    festaseventosratimbum.com.br
    filcdesign.home.pl
    filesabout.aboutisrael.co.il
    findingaloan.co.uk
    fingertips.gr
    firedvd.co.uk
    floresdejardim.com.br
    forum.serwisprawa.pl
    fotonica2010.it
    fotovalle.altervista.org
    freeimvucredits.altervista.org
    frpersonalstudio.com.br
    ftp.autocap.ind.br
    ftp.bazingaup.hd1.com.br
    ftp.blabben.com
    ftp.ciadovoo.com.br
    ftp.clickhost.com
    ftp.clickmodelagency.com.br
    ftp.dalcoa.com
    ftp.djkad.com
    ftp.dressrail.com
    ftp.fabiosampa.com.br
    ftp.fastframes.com
    ftp.firoxboy.com
    ftp.halsat.sk
    ftp.isa.org.au
    ftp.kbsports.sk
    ftp.latinoreporterdigital.org
    ftp.margheritaerbe.altervista.org
    ftp.motoron.saab900.hu
    ftp.nan.altervista.org
    ftp.nimos.org
    ftp.pentacromia.altervista.org
    ftp.pentacromia2.altervista.org
    ftp.pontocomsistemas.com
    ftp.printcosmo.com
    ftp.propiedadsegura.com
    ftp.sociosofredor.com.br
    ftp.sunshinejewelry.com
    ftp.tvcameralivre.com.br
    ftp.ultranetxxi.com
    ftp.viajesquetzal.com
    ftp.victoriashop.net
    ftpciroeandrea.altervista.org
    g8design.com.ar
    gabrielemartufi.altervista.org
    galleryshoponline.co.za
    gamarubber.com
    gastroseventos.com.br
    getaway.com.br
    gokhanturan.zzl.org
    goldomus.nuvola365.it
    graficaartemix.com.br
    graficacid.com.ar
    graficapontocor.com.br
    graficasalli.com.br
    grupooperadores.com.br
    grupozemaria.com.br
    gruppocinofilomonzese.it
    gucar.com.tr
    guessar.com.br
    gunabaticollege.edu.bd
    h1938354.stratoserver.net
    handicapdeportes.com.ar
    handymann.ee
    happyfamily.1do1.pl
    happystuff.com.au
    haskellcosmeticos.com.br
    hebertville.qc.ca
    helppc.in.ua
    helppcweb.it
    hercprops.hosting5.idnet.net
    heregospel.com.br
    hidrobombinhas.com.br
    holistic.client.jp
    hollogy.tarhely.biz
    hotelpousadafeliz.com.br
    hotelsingoa.org.in
    hotelsofnewdelhi.co.in
    housecinema.com.ar
    hsmgroup.com.br
    hunt.sneakerfiles.com
    ibage.tempsite.ws
    icoloridellavita.altervista.org
    ictshop.it
    impactovisualcordoba.com.mx
    imt.com.pk
    inline.gr
    innovahome.com.br
    ipsi.com.br
    irc.vaynet.net
    ischiaferien.de
    ithinkds.com
    itnetworks.com.au
    iworld.com.np
    jaeletronica.com.br
    jatintassc.com.br
    javor.com.br
    jdoc.juuntos.org
    jesustellama.com.ar
    jjcale.co.za
    jornalcnn.com.br
    juliansturdy.co.uk
    kangaxx.com
    kanizsabutorszalon.hu
    karume.mistysky.net
    kathassessoria.com.br
    kayma.com.br
    kelejas.hostpro.lt
    kelejas.us.lt
    kerastase.nohup.it
    kharismacargo.com.br
    khomsan.99k.org
    kidspc.com.mx
    kitjurutan.com.br
    kkkogaming.altervista.org
    klimek.dogosystem.pl
    knap.in.rs
    kuanaikhong.com
    kva.com.br
    kwfamilylaw.com
    lacasadivalentina.nurunadv.com
    lamerlegno.altervista.org
    lapeninsula.com.ar
    launch.kei.pl
    lavanderiatingimento.com.br
    learningconversations.co.za
    ledmodels.com.br
    left.thinkpunk.net
    leopoint.net
    letiziarostagno.altervista.org
    lifenow.org.uk
    ligchoppgermania.com.br
    likehiro.com.ar
    liliyot.co.il
    linealaser.com.ar
    linguagemc.com.br
    linux.nextbestfest.com
    livrarianativus.com.br
    llevotunombre.com.ar
    lojaarainha.com.br
    lojainconfidencia.com.br
    lorischerubinidesign.it
    lscontrol.com.br
    m1b.altervista.org
    macasdemassagem.com.br
    macielcarburadores.com.br
    mahabaleshwarhotels.org.in
    mahood.co.za
    maipu.citricox.net
    manjia.altervista.org
    manutdfans.co.za
    mapaviagens.com.br
    marcin.dogosystem.pl
    marian.cm.upt.ro
    marmorariapoliartes.com.br
    mashigiene.com.ar
    mashimaloid.nobody.jp
    masterbit.lh.pl
    mastertel.altervista.org
    matchless.edu.pk
    maxxi.co.th
    mayhems.co.uk
    maypijamas.com.br
    mbvminerals.co.za
    mccanndigital.com.co
    medicinaambiental.net
    megamaxx.com.my
    meicudine.altervista.org
    mestraimoveis.com.br
    metearici.com.tr
    michael.iticdigital.org
    microvet.net
    milanclubangri.altervista.org
    ml.ergocentric.com
    mobilbotanik.com.tr
    mocarski.csh.pl
    modelfashion.com.mx
    modugno60.altervista.org
    modulusmedia.ca
    moodle21.itch2.org
    moodlife.com.br
    mooreengraving.comcastbiz.net
    mtxgames.com.br
    mundomueblesdigital.com.ar
    myarabicdj.com
    nagyadam.eu.pn
    nandosfranchise.co.za
    naruto.nixiweb.com
    nattokuincom.sakura.ne.jp
    ndagencia.com.ar
    ndzilofire.co.za
    nelker.home.pl
    nelsonirrigation.com.au
    nfe.kodilar.com.br
    novafocus.com.br
    nuovaaccademia.altervista.org
    nutroaster.com.au
    objetoimport.com.br
    ofb.com.br
    oglasi.medianewsonline.com
    ohodownloads.com
    okutanpetrol.com.tr
    oliveira4x4.com.br
    omenterprisespune.co.in
    ondaoestefm.com.br
    onedayonead.com
    onlinezigma.co.in
    oranjet.it
    ozawa.com.br
    ozbaydekorasyon.com
    pasarmobil.co.id
    pastaegrill.com.br
    pekropka.kei.pl
    pellegrinioscarv.com.ar
    perfectpixelsphotography.co.za
    perfumsjb.zxq.net
    phatconcepts.co.za
    phisalia.com.br
    pianco.com.br
    piedranegra.com.uy
    plascombritadores.com.br
    plowhearth.com
    poosgsdsewif.az.pl
    popscibrasil.com.br
    powers.ciao.jp
    prluigi.altervista.org
    propositos.com.br
    publiquedigital.com.br
    quefollon.com
    quickpdf.50webs.com
    radiogloriaadeus.com.br
    radioiguatemi.com.br
    ramosfolheados.com.br
    ramunas.myartsonline.com
    raplus.nobody.jp
    rebakgone.co.za
    redman.com.br
    rietabh.ac.in
    romans.com.vn
    rossifederico.it
    s311616227.onlinehome.fr
    s383231562.onlinehome.fr
    s399270837.websitehome.co.uk
    s399633250.mialojamiento.es
    sairamueller.com.au
    samakcorretordeimoveis.com.br
    samuelepicchi.altervista.org
    sanbenedettoprebiotics.it
    sartoriarusso.altervista.org
    sasc1.co.za
    scequipamentos.com.br
    scoalapelinie.biz.nf
    scoalapelinie.host.org
    scrondnews24.altervista.org
    sdlceku.co.in
    sdsgames.com
    searsoutletcenter.99k.org
    segakwengassociates.co.za
    sergioakira.com.br
    settimoldes.com.br
    shanashop.1gb.ru
    skill.ee
    sliz.home.pl
    smarty.smsplay.cz
    somostigreros.com.ve
    sondakikahaberleri.org
    soneraydinaydin.com.tr
    soundsoflight.com.au
    spectra.se
    splithouseclimatizacao.com.br
    srilankanet.bplaced.de
    srisaravanafin.co.in
    stevebiko.org.br
    stifte.bplaced.net
    stmsi.org.ar
    structurelandscapes.com
    summaconsultores.co.cr
    tcvfiles.zemoga.com
    tectotal.com.ec
    telefilmeshd.6te.net
    terracoffee.com.ar
    test.ilkserver.com
    thaklong1.ac.th
    the4temples.altervista.org
    thesteeldetailingcompany.co.uk
    thewimwian.com
    todimoreno.com.br
    togostores.com
    tomdev.blym.org.uk
    tome1234.webd.pl
    topseoz.co.uk
    toqueperfeitogesso.com.br
    triangletrust.co.za
    twins.99k.org
    twins2.99k.org
    ugms.com.pk
    ultraluz.com.br
    unilogica.com.br
    univercityvt.altervista.org
    urbannex.co.za
    vajuco12.o2switch.net
    vanguarda.art.br
    vantagetax.co.uk
    vas.nazwa.pl
    vehivavy.to.mg
    veresuhkur.eu
    vetart.com.br
    vibro.co.za
    vilhil.com.mk
    villageestates.org.uk
    vrm.uk.com
    vsv.kiev.ua
    vwmultimidia.com.br
    walterguerra.art.br
    wbhost.com.br
    weddingeventi.com
    wellkids.com.au
    wificomputacion.com.ar
    winedeskwaterfront.co.za
    winnerlab.com.br
    wiseit.com.my
    wl22www838.webland.ch
    wl32www1024.webland.ch
    wl8www492.webland.ch
    wolumen.home.pl
    wongtemen.awardspace.us
    worldlegno.altervista.org
    worldwidefitness.co.in
    wp10635274.wp271.webpack.hosteurope.de
    xmweb.6te.net
    xraytunnel.zxq.net
    ycww06180.zxq.net
    yildizliguven.com.tr
    zapproducoes.com.br
    zerostres4x4.com
    zillertal.bplaced.net

    Recent redirection scripts

    List of domains/hosts:

    aafaq.ca/sxuvf5jV/js.js
    endo.de.mypubxtreme.ro/k00oHWdX/js.js
    gardesa.fr/t4EyxYSS/js.js
    lsdkft.hu/bC1BxCbJ/js.js
    unmdggame.com/ofSuWB2F/js.js
    yasonrafilm.com/ZAsUDjH1/js.js
  28. User picture
    • NotBuyingIt on Wed 25 Apr 2012
    • 05:59:27 AM UTC

    RE: Klot.jar malware (CVE-2010-0188,CVE-2010-1885,CVE-2012-0507)

    The current redirection targets of some of the URLs listed above by MarkGiles and me include

    216.119.142.235/showthread.php?t=34c79594e8b8ac0
    216.119.142.235/data/ap2.php
    {applet/*/ archive=hXXp://216.119.142.235/./Klot.jar code=a.J cod=123 }

     Data that is stored in the cloud may become lost in the fog.

  29. User picture
    • NotBuyingIt on Thu 26 Apr 2012
    • 01:23:05 AM UTC

    RE: Edu.jar malware (CVE-2010-0188,CVE-2010-1885,CVE-2012-0507)

    75.98.172.153/showthread.php?t=34c79594e8b8ac0f
    75.98.172.153/data/ap2.php
    {applet/*/ code="hXXp://75.98.172.153/a.J" archive=Edu.jar }

     Data that is stored in the cloud may become lost in the fog.

  30. User picture
    • NotBuyingIt on Thu 26 Apr 2012
    • 01:53:04 PM UTC

    RE: Edu.jar malware (CVE-2010-0188,CVE-2010-1885,CVE-2012-0507)

    budgetink.ca/2SDKW4zJ/index.html
    www.investincumbria.co.uk/4yWVRAH4/index.html

    57ripple.com/EZrFJFf8/js.js
    banquet.co.il/sY2jQo2K/js.js

    96.47.0.186/showthread.php?t=4a6d866826776084
    96.47.0.186/data/ap2.php
    {applet/*/ archive='hXXp://96.47.0.186/Edu.jar' code="wa.J" }
    www.skill.ee/4Jw.exe (see analysis: http://www.virustotal.com/file/7c6e178c957551688f4... )

    [Edit: Added sites (below) 26-April-2012 15:20 UTC]

    eurosan.gr/8qjXpfKN/index.html
    futil.ro/qUefzMsu/index.html

    bansalmoney.com/FVoDMmLh/js.js
    carbondelsur.com/EgN4ngcq/js.js
    euamomeugigaset.com.br/wtBff85o/js.js
    goussios.gr/KLxP9MzD/js.js

     Data that is stored in the cloud may become lost in the fog.