(The quickest way to register)

Check out our new Mobile App

Forum

  1. User picture
    • NotBuyingIt on Wed 21 Mar 2012
    • 09:15:45 PM UTC

    Qai.jar malware (CVE-2010-1885)

    A well-know spam expert is reporting an aggressively promoted malware exploit which uses multiple sites together. Deceptive web pages planted on dozens of sites load a set of JavaScripts which in turn attempt to load a malicious webpage. Several variations were detected yesterday and today.

    This set of scripts
    hXXp://50.57.29.172/hVg3GFAo/js.js
    hXXp://finantariauto.ro/5ZqETXNE/js.js
    hXXp://ipecturkey.com/E2UNfoGY/js.js
    hXXp://oompa.de/VTwQKwDD/js.js
    attempt to load
    hXXp://209.59.217.193/showthread.php?t=d7ad916d1c0396ff
    that leads to malware at
    hXXp://209.59.217.193/q.php?f=ba33
    hXXp://209.59.217.193/content/Qai.jar

    This set of scripts
    hXXp://216.205.49.67/CD5s3Ne3/js.js
    hXXp://activetours.pttk.pl/Eaz0Mz8g/js.js
    hXXp://copymax.gr/jbbaaFCK/js.js
    hXXp://offvip.com/TtMQy1sw/js.js
    hXXp://solocyberday.com/oDYibUuh/js.js
    attempt to load
    hXXp://slickicus.com/showthread.php?t=8d80b8c3f87a9538
    that leads to malware at
    hXXp://slickicus.com/q.php?f=db757
    hXXp://slickicus.com/content/Qai.jar

    This set of scripts
    hXXp://officefurnituremart.com/sT1SFMyf/js.js
    hXXp://orvosokafrikaert.hu/Bsz1CQg0/js.js
    hXXp://qqprints.com.my/37ErBpvj/js.js
    hXXp://romanjewelers.com/mnbCaEYY/js.js
    hXXp://samx.zzl.org/crF5iYsT/js.js
    attempt to load
    hXXp://slicksphere.com/showthread.php?t=d7ad916d1c0396ff
    but the domain slicksphere.com has been suspended

    Here are some of the deceptive URLs that have been reported earlier today

    hXXp://02f40c1.netsolhost.com/jXh3opQk/index.html
    hXXp://02f40c1.netsolhost.com/pVXky4P3/index.html
    hXXp://184.164.129.5/H0PL9q26/index.html
    hXXp://3eras.com/0X98aHUS/index.html
    hXXp://5seis.com.ar/jXh3opQk/index.html
    hXXp://91.93.110.150/JYjJE2q2/index.html
    hXXp://acriancafeliz.org.br/vyEryYcH/index.html
    hXXp://advanced-web-hosting-solutions.com/H0PL9q26/index.html
    hXXp://advancedcopier.net/tMYwdbsB/index.html
    hXXp://aerospacend.com/0X98aHUS/index.html
    hXXp://autolorentzos.gr/46iU2yx2/index.html
    hXXp://autolorentzos.gr/k4H1CSBf/index.html
    hXXp://autouniversal.ro/tMYwdbsB/index.html
    hXXp://bestdeal.com.vn/H0PL9q26/index.html
    hXXp://binhanphat.vn/pVXky4P3/index.html
    hXXp://chinchunhoo.com/tp3G2sKH/index.html
    hXXp://criadero-duancos.com.ar/jXh3opQk/index.html
    hXXp://dhtics.webou.net/8pe5eCMZ/index.html
    hXXp://dhtics.webou.net/N7hwdmet/index.html
    hXXp://dhtics.webou.net/vyEryYcH/index.html
    hXXp://fundoohairstyles.com/0X98aHUS/index.html
    hXXp://getstrength.com/pVXky4P3/index.html
    hXXp://glamourspa.com.vn/H0PL9q26/index.html
    hXXp://goksen.com.tr/H0PL9q26/index.html
    hXXp://goksen.com.tr/JYjJE2q2/index.html
    hXXp://goksen.com.tr/tp3G2sKH/index.html
    hXXp://hajashaza.hu/JYjJE2q2/index.html
    hXXp://hajashaza.hu/pVXky4P3/index.html
    hXXp://hajashaza.hu/W9x9Xomw/index.html
    hXXp://hellenic-antiaging-academy.gr/k4H1CSBf/index.html
    hXXp://hidroprojekt-consult.hr/W9x9Xomw/index.html
    hXXp://hippocrafts.com/46iU2yx2/index.html
    hXXp://hippocrafts.com/8pe5eCMZ/index.html
    hXXp://hippocrafts.com/svaVeSkm/index.html
    hXXp://hyperbeesmedia.com/svaVeSkm/index.html
    hXXp://ibafo.com.br/LTWJaNR9/index.html
    hXXp://ibafo.com.br/N7hwdmet/index.html
    hXXp://inour.biz/JYjJE2q2/index.html
    hXXp://inour.biz/pVXky4P3/index.html
    hXXp://isravilon1.com/tMYwdbsB/index.html
    hXXp://junglecreativestudio.gr/k4H1CSBf/index.html
    hXXp://jurjev.com/8pe5eCMZ/index.html
    hXXp://koala.unas.cz/N7hwdmet/index.html
    hXXp://kolling.com.my/LTWJaNR9/index.html
    hXXp://kongo.co.hu/N7hwdmet/index.html
    hXXp://kongo.co.hu/svaVeSkm/index.html
    hXXp://kongo.co.hu/tMYwdbsB/index.html
    hXXp://laflcargo.com/vyEryYcH/index.html
    hXXp://laleyurtseven.com/8pe5eCMZ/index.html
    hXXp://laleyurtseven.com/tMYwdbsB/index.html
    hXXp://ledsociety.com/7ik7M03n/index.html
    hXXp://ledsociety.com/tp3G2sKH/index.html
    hXXp://leikar.net/vyEryYcH/index.html
    hXXp://linemenu.com/8pe5eCMZ/index.html
    hXXp://linemenu.com/svaVeSkm/index.html
    hXXp://littlelordspreschool.com/0X98aHUS/index.html
    hXXp://lsquarednetworks.com/7ik7M03n/index.html
    hXXp://lsquarednetworks.com/tp3G2sKH/index.html
    hXXp://mage.ibraggiotti.com/0X98aHUS/index.html
    hXXp://mage.ibraggiotti.com/W9x9Xomw/index.html
    hXXp://magneticlodestone.com/46iU2yx2/index.html
    hXXp://magneticlodestone.com/tMYwdbsB/index.html
    hXXp://maxiesolutions.com/svaVeSkm/index.html
    hXXp://mayerdobrasil.com.br/W9x9Xomw/index.html
    hXXp://mcms.xs2theworld.com/LTWJaNR9/index.html
    hXXp://mcms.xs2theworld.com/vyEryYcH/index.html
    hXXp://metrofincaraiz.com/0X98aHUS/index.html
    hXXp://minds.com.pk/8pe5eCMZ/index.html
    hXXp://mishelart.com/tp3G2sKH/index.html
    hXXp://mixtle.com/tMYwdbsB/index.html
    hXXp://mkultura.lt/7ik7M03n/index.html
    hXXp://musicalchemylab.lh.pl/46iU2yx2/index.html
    hXXp://myghanaonline.com/N7hwdmet/index.html
    hXXp://notebooktamiri.gen.tr/vyEryYcH/index.html
    hXXp://objebi.com/xBu5dukk/index.html
    hXXp://olla-de-felix-buenos-aires.com/Qyuv8XX1/index.html
    hXXp://olla-de-felix-buenos-aires.com/xBu5dukk/index.html
    hXXp://oneblr.com/a65oSoKL/index.html
    hXXp://optimizacija-seo.com/a65oSoKL/index.html
    hXXp://overhill.comicgenesis.com/xBu5dukk/index.html
    hXXp://paperbuzz.net/3BvC2cTf/index.html
    hXXp://party-chat.hu/a65oSoKL/index.html
    hXXp://party-chat.hu/xBu5dukk/index.html
    hXXp://povilasc.ipower.com/tp3G2sKH/index.html
    hXXp://pp.premiumpage.pl/vyEryYcH/index.html
    hXXp://Privatesandbox.com/qVsVjYfe/index.html
    hXXp://prodmovie.com/xBu5dukk/index.html
    hXXp://psytrip.com.br/LTWJaNR9/index.html
    hXXp://public.smartbe.be/0X98aHUS/index.html
    hXXp://rajtr.com/7ik7M03n/index.html
    hXXp://realestatebootcamp.ca/LTWJaNR9/index.html
    hXXp://redencionsofro.com.ar/3BvC2cTf/index.html
    hXXp://revivalgospelministries.org/LTWJaNR9/index.html
    hXXp://riwex.hu/3BvC2cTf/index.html
    hXXp://sarahyong.com/CzEjfCRK/index.html
    hXXp://sereflikochisarzob.org/LTWJaNR9/index.html
    hXXp://sezam.home.pl/CzEjfCRK/index.html
    hXXp://silentstartupwebsite.com/CzEjfCRK/index.html
    hXXp://silentstartupwebsite.com/xBu5dukk/index.html
    hXXp://siranmuftulugu.gov.tr/46iU2yx2/index.html
    hXXp://sisrs.org/tMYwdbsB/index.html
    hXXp://sixdimensions.co.id/xBu5dukk/index.html
    hXXp://softwarepark-galati.ro/xBu5dukk/index.html
    hXXp://swcc.marknetdev.com/LTWJaNR9/index.html
    hXXp://sxs-bwn.org/vyEryYcH/index.html
    hXXp://techleadsolution.com/QnXBRiWS/index.html
    hXXp://tehranmaltbeer.com/30VtVqEf/index.html
    hXXp://tempo-www.defisduchott.com/CzEjfCRK/index.html
    hXXp://themainmall.com/svaVeSkm/index.html
    hXXp://transcamila.com/tMYwdbsB/index.html
    hXXp://upedagogica.edu.bo/N7hwdmet/index.html
    hXXp://www.tesan.com.tr/vyEryYcH/index.html

    Some other reported URLs return HTTP 404 ("Not Found") or their domains have been suspended, so I suspect efforts are underway to combat the malware campaign.

     Data that is stored in the cloud may become lost in the fog.

Comments:

  1. User picture
    • NotBuyingIt on Thu 26 Apr 2012
    • 05:13:16 PM UTC

    RE: Edu.jar malware (CVE-2010-0188, CVE-2010-1885)

    205.251.65.190/showthread.php?t=34c79594e8b8ac0f
    205.251.65.190/data/ap2.php
    {applet/*/ archive="hXXp://205.251.65.190/Edu.jar" code="wa.J" }

    [Edit: Added sites (below) 26-April-2012 18:00 UTC]

    astv.com.tr/xhz8yMEu/index.html
    cctvrumah.hostlaju.com/AzbqStLG/index.html
    ft000267.ferozo.com/n7xkK0cJ/index.html
    unilimo.co.za/HbusWmxz/index.html

    ada-internet.com/DNWgQg9k/js.js
    giupban24h.com/v3NcYEV4/js.js
    judikatura-online.cz/9Gmb43oC/js.js
    valedamidia.com.br/DwgbXz3h/js.js
    zadar.hr/aAyhw3ey/js.js

     Data that is stored in the cloud may become lost in the fog.

  2. User picture
    • NotBuyingIt on Fri 27 Apr 2012
    • 02:06:11 AM UTC

    RE: Edu.jar malware (CVE-2010-0188, CVE-2010-1885)

    cnpaci.com/15QXsxK4/index.html
    hickoryhammockbaptist.org/dtVkoeZZ/index.html
    vermontcrm.co.za/bUWoa32T/index.html

     Data that is stored in the cloud may become lost in the fog.

  3. User picture
    • NotBuyingIt on Fri 27 Apr 2012
    • 03:56:48 PM UTC

    RE: Edu.jar malware(CVE-2010-0188, CVE-2010-1885, CVE-2012-0507)

    galerija.positiva.si/ENEo5mvQ/index.html
    rederequinte.com.br/vFRGk5L2/index.html

    arvialsa.com/ZuUsSDhK/js.js
    aseagro.com.ar/9rtZTaZC/js.js
    www.studiobarsotti.it/xRhnpayH/js.js
    calgarydownsizing.ca/j2hT75zY/js.js
    ultrastore.it/Y3Kd5oKb/js.js
    webprof.ro/cTwURcBr/js.js

    74.91.114.83/showthread.php?t=d7ad916d1c0396ff
    74.91.114.83/data/ap2.php
    {applet/*/ archive="hXXp://74.91.114.83/Edu.jar" code="wa.J" }

    [Edit: Added sites (below) 27-April-2012 16:15 UTC]

    norta.be/9Avu4pN0/index.html

    bzenia.cz/RFpGDctv/js.js
    careermonk.co.in/UH2ZDFLX/js.js
    customdrawing.eu/CSjAG5ry/js.js
    jcmautomatizacion.com.ar/sEiuj5V9/js.js
    lkstattoo.com/s0i2XfDj/js.js
    loex.es/VVso1UoH/js.js
    merahputihthefilm.com/CDKqqkws/js.js
    satilikarsabursa.net/U3N91Zxm/js.js
    seslimuzik.com/GqYedX08/js.js

     Data that is stored in the cloud may become lost in the fog.

  4. User picture
    • NotBuyingIt on Fri 27 Apr 2012
    • 06:03:29 PM UTC

    RE: malware (CVE-2010-0188, CVE-2010-1885)

    77.79.9.54/showthread.php?t=d7ad916d1c0396ff
    77.79.9.54/data/ap2.php

     Data that is stored in the cloud may become lost in the fog.

  5. User picture
    • NotBuyingIt on Fri 27 Apr 2012
    • 08:04:32 PM UTC

    RE: Edu.jar malware(CVE-2010-0188, CVE-2010-1885, CVE-2012-0507)

    dogadankapiniza.com/ESoR13Qt/index.html

    fvdproducciones.com/RjkyjNmn/js.js [HTTP 404, "Not Found"]

    46.228.205.119/showthread.php?t=d7ad916d1c0396ff
    46.228.205.119/data/ap2.php
    {applet/*/ archive='http://46.228.205.119/Edu.jar' code="wa.J" }

     Data that is stored in the cloud may become lost in the fog.

  6. User picture
    • NotBuyingIt on Sat 28 Apr 2012
    • 12:16:31 AM UTC

    RE: Edu.jar malware(CVE-2010-0188, CVE-2010-1885, CVE-2012-0507)

    globeemlak.com.tr/WK6L9Muk/index.html
    lokenathbaba.org/CkcqezKH/index.html
    masajkoltugu.com.tr/QeFqnVsr/index.html
    www.me-and-friends.net/cqYvRFmm/index.html

     Data that is stored in the cloud may become lost in the fog.

  7. User picture
    • NotBuyingIt on Sat 28 Apr 2012
    • 12:00:52 PM UTC

    RE: Edu.jar malware(CVE-2010-0188, CVE-2010-1885, CVE-2012-0507)

    lakshmiparthasarathyathreya.com/b4iwwwvm/index.html
    materawaste.com.au/5iHqGqb6/index.html

    [Edit: Added site (below) 28-April-2012 14:00 UTC]

    appstreet.co.za/hN04irhZ/index.html

    [Edit: Added sites (below) 28-April-2012 16:30 UTC]

    asociacioncannabicabuenosaires.org/3UXvwRUh/index.html
    mistermatos.com/SkPrsz0R/index.html
    stratageme.com/5fQZ3Zk7/index.html

    etermdp.org.ar/fhcoUNRR/js.js
    informasi4u.com/cTADKcbm/js.js
    namiki.com.br/jUNsb6m7/js.js
    sorinbasca.ro/HFs4fQkB/js.js

    46.228.205.119/showthread.php?t=4a6d866826776084
    46.228.205.119/showthread.php?t=34c79594e8b8ac0f
    46.228.205.119/showthread.php?t=9d77a9163cda8dbe

     Data that is stored in the cloud may become lost in the fog.

  8. User picture
    • NotBuyingIt on Sat 28 Apr 2012
    • 10:00:25 PM UTC

    RE: malware (CVE-2010-0188, CVE-2010-1885)

    184.154.76.244/showthread.php?t=4a6d866826776084
    184.154.76.244/data/ap2.php

     Data that is stored in the cloud may become lost in the fog.

  9. User picture
    • NotBuyingIt on Sun 29 Apr 2012
    • 12:10:16 AM UTC

    RE: Edu.jar malware(CVE-2010-0188, CVE-2010-1885, CVE-2012-0507)

    91.121.84.204:8080/showthread.php?t=34c79594e8b8ac0f
    91.121.84.204:8080/data/ap2.php
    {applet/*/ code="hXXp://91.121.84.204/wa.J" archive="Edu.jar"}

    Note: The reverse DNS for 91.121.84.204 on the OVH network is ks27412.kimsufi.com which will also serve malware. However, I have not seen any reports that the following URLs are literally being used by the the botnet.

    ks27412.kimsufi.com:8080/showthread.php?t=34c79594e8b8ac0f
    ks27412.kimsufi.com:8080/data/ap2.php
    {applet/*/ code="hXXp://ks27412.kimsufi.com/wa.J" archive="Edu.jar"}

     Data that is stored in the cloud may become lost in the fog.

  10. User picture
    • NotBuyingIt on Sun 29 Apr 2012
    • 02:38:34 PM UTC

    RE: Edu.jar malware(CVE-2010-0188, CVE-2010-1885, CVE-2012-0507)

    aue-jarry.com/jakN748S/index.html

    91.121.84.204/pony/gate.php

    91.121.93.178:8080/showthread.php?t=34c79594e8b8ac0f
    91.121.93.178:8080/data/ap2.php
    {applet/*/ code="hXXp://91.121.93.178/wa.J" archive="Edu.jar"}

    Note: The reverse DNS for 91.121.93.178 on the OVH network is ks353312.kimsufi.com which will also serve malware. However, I have not seen any reports that the following URLs are literally being used by the the botnet.

    ks353312.kimsufi.com:8080/showthread.php?t=34c79594e8b8ac0f
    ks353312.kimsufi.com:8080/data/ap2.php
    {applet/*/ code="hXXp://ks353312.kimsufi.com/wa.J" archive="Edu.jar"}

     Data that is stored in the cloud may become lost in the fog.

  11. User picture
    • NotBuyingIt on Mon 30 Apr 2012
    • 03:47:24 AM UTC

    RE: Edu.jar malware(CVE-2010-0188, CVE-2010-1885, CVE-2012-0507)

    lawguide.in/iCNJ07gr/index.html
    ftp.maxicardbeneficios.com.br/hZwc5odg/index.html

     Data that is stored in the cloud may become lost in the fog.

  12. User picture
    • NotBuyingIt on Mon 30 Apr 2012
    • 12:44:52 PM UTC

    RE: Edu.jar malware(CVE-2010-0188, CVE-2010-1885, CVE-2012-0507)

    74.91.120.210/showthread.php?t=4a6d866826776084
    74.91.120.210/data/ap2.php
    {applet/*/ code="hXXp://74.91.120.210/la.J" archive="Edu.jar"}

     Data that is stored in the cloud may become lost in the fog.

  13. User picture
    • NotBuyingIt on Mon 30 Apr 2012
    • 05:50:37 PM UTC

    RE: Edu.jar malware(CVE-2010-0188, CVE-2010-1885, CVE-2012-0507)

    elektromart.kutmb.coop/jRb9t3LH/index.html

    franconanni.it/GDLpnZoD/js.js
    imamjome.ir/wDtLUQBZ/js.js
    www.shoei-printing.net/byYnB1zg/js.js

    69.194.194.251/showthread.php?t=d7ad916d1c0396ff
    69.194.194.251/data/ap2.php
    {applet/*/ archive='Edu.jar' code="la.J" }

    [Edit: Added note (below) 30-April-2012 18:10 UTC]

    Note: hypodermicgaming.net is a site, hosted on IP 69.194.194.251, which will also serve malware. However, I have not seen any reports that the following URLs are literally being used by the the botnet.
    hypodermicgaming.net/showthread.php?t=d7ad916d1c0396ff
    hypodermicgaming.net/data/ap2.php
    {applet/*/ archive='hXXp://hypodermicgaming.net/Edu.jar' code="la.J" }

     Data that is stored in the cloud may become lost in the fog.

  14. User picture
    • NotBuyingIt on Mon 30 Apr 2012
    • 09:34:30 PM UTC

    RE: Edu.jar malware(CVE-2010-0188, CVE-2010-1885, CVE-2012-0507)

    dkhns.ath.cx/WwW9Wz6Z/index.html
    gangbangteam.ro/a1V58gTs/index.html
    gulpinarfidan.com/Kh5bFeQr/index.html
    maintainatweb.dk/9Avu4pN0/index.html
    montanatravel.ro/ywM8LSoL/index.html
    rnrdesignassociates.com/WHLDAfbw/index.html
    start24.hk/fArd6jdd/index.html

    bertestiidejos.info/QgCVZxk3/js.js
    rhd.cl/sydFdihB/js.js

     Data that is stored in the cloud may become lost in the fog.

  15. User picture
    • NotBuyingIt on Tue 01 May 2012
    • 03:14:18 PM UTC

    RE: Edu.jar malware(CVE-2010-0188, CVE-2010-1885, CVE-2012-0507)

    dealaddict.ch/UcL29wrU/index.html
    depilee.com/Lskx0Bew/index.html
    disenomantis.com.ar/v14G9itw/index.html
    dpsdurgapur.com/N2rhmW5i/index.html
    enfoquescreativos.com/gj1W42Ee/index.html
    gevezefm.net/s6McvwpB/index.html
    hitechsystems.org.in/BzJoVeo0/index.html
    ftp.neez.com.br/NdHgm0gT/index.html
    njsksansthan.com/r1kVYAfU/index.html
    ftp.pousadaesmeralda.com.br
    punial.com/UAtkgmot/index.html

    womaametw3.com/CWTKosSw/js.js

    72.46.140.14/showthread.php?t=9d77a9163cda8dbe
    72.46.140.14/data/ap2.php
    {applet/*/ code="http://72.46.140.14/la.J" archive="Edu.jar"}

     Data that is stored in the cloud may become lost in the fog.

  16. User picture
    • NotBuyingIt on Tue 01 May 2012
    • 09:18:07 PM UTC

    RE: Edu.jar malware(CVE-2010-0188, CVE-2010-1885, CVE-2012-0507)

    come2india.net/a5d8mW54/index.html
    gpureappliances.com/Lskx0Bew/index.html
    gunubirlikturlar.ws/BSg1hNCZ/index.html
    gvaudio.gr/Ta3t1wMy/index.html
    hydlive.com/kc8TU1uK/index.html
    linhaturismo.com.br/3bd9EzpP/index.html
    macielmarine.com/iCNJ07gr/index.html
    raji.ir/6qyohWCG/index.html
    sbhfood.com/NYXbTu3w/index.html
    smallloansonline.info/CCZkjhM2/index.html

    www.blueholeexpedition.com/vPi99GFN/js.js
    huestech.com/34a1kqtC/js.js
    uglyd.com/xTnfi7mG/js.js

    216.119.142.252/showthread.php?t=9d77a9163cda8dbe
    216.119.142.252/data/ap2.php
    {applet/*/ code="hXXp://216.119.142.252/la.J" archive="Edu.jar"}

     Data that is stored in the cloud may become lost in the fog.

  17. User picture
    • NotBuyingIt on Wed 02 May 2012
    • 02:57:52 AM UTC

    RE: malware (CVE-2010-0188, CVE-2010-1885)

    organickitchen.com.my/T4RTv7ep/index.html
    www.quiaporepublic.com/5XbdQ38N/index.html

    37.157.250.22/showthread.php?t=9d77a9163cda8dbe
    37.157.250.22/data/ap2.php

     Data that is stored in the cloud may become lost in the fog.

  18. User picture
    • NotBuyingIt on Wed 02 May 2012
    • 01:21:38 PM UTC

    RE: Edu.jar malware(CVE-2010-0188, CVE-2010-1885, CVE-2012-0507)

    gecenym.org.ar/6NoCvgHC/js.js
    huszplusz.ce-romania.com/mydtxVGz/js.js
    jozan.com.br/10SAkaJX/js.js

    64.111.24.189/showthread.php?t=9d77a9163cda8dbe

     Data that is stored in the cloud may become lost in the fog.

  19. User picture
    • NotBuyingIt on Wed 02 May 2012
    • 02:18:26 PM UTC

    RE: Edu.jar malware(CVE-2010-0188, CVE-2010-1885, CVE-2012-0507)

    colbysailfish.com/j7pik53L/index.html
    ecomnetwork.vn/1sRJa445/index.html
    edtt.co.in/eNoXoEE5/index.html
    goodradio.com.ar/Xk3T14kU/index.html
    land-plan.co.jp/kc8ChVBP/index.html
    mirchimodels.com/tnudYSLS/index.html
    selectindustries.com.au/1oWRjxAg/index.html
    shaarc.co.in/p70R57dL/index.html
    ftp.studioevidencia.com.br/tXC7iG8W/index.html
    tonin.com.br/j7pik53L/index.html
    treiaviajes.com.ar/pM7Qa0yv/index.html
    unitedcargoltd.com/6bu8Yr3e/index.html
    www.zignanifotografia.com.br/eNoXoEE5/index.html

    frutosnaturales.com.ar/XMsaQg1V/js.js
    klusplus.be/B7v8LjTf/js.js
    ospszopienice.pl/QWHoi1p0/js.js
    stireadegiurgiu.ro/t3f5tgCk/js.js

    64.111.24.189/showthread.php?t=4a6d866826776084

     Data that is stored in the cloud may become lost in the fog.

  20. User picture
    • NotBuyingIt on Wed 02 May 2012
    • 05:17:18 PM UTC

    RE: Edu.jar malware(CVE-2010-0188, CVE-2010-1885, CVE-2012-0507)

    www.actoons.com/82UZ1jTV/index.html
    www.biber-mag.de/qN2DrApL/index.html
    www.centrotticoleonardi.it/2oPHpHrQ/index.html
    consorciozero.com/nA5SBi7V/index.html
    copaamapar.com.br/S4hkUrDE/index.html
    daedalusa.com.ar/KkGNarxA/index.html
    demo1.trafficezone.com/jbHdv0xV/index.html
    designerrugsevolve.com.au/1ND3qAXe/index.html
    dhandiagems.com/RdKzcWJw/index.html
    dogothaison.net/fq5xJEmn/index.html
    faculdadepaulista.edu.br/jbHdv0xV/index.html
    fish-n-loaves.com/p70R57dL/index.html
    forouade.com.ar/pgckDN0n/index.html
    futureaccess.co.in/87LSpCxj/index.html
    gazy.eu/2bogYoyS/index.html
    haironlinesite.com/2oPHpHrQ/index.html
    happydreamsevent.ro/XUjBLrsY/index.html
    www.jainbridegrooms.com/2oPHpHrQ/index.html
    jardindefrance.com.tr/pM7Qa0yv/index.html
    jogjakartrack.com/0GV2NqfG/index.html
    kiapersia.com/EUo4bG9e/index.html
    kucaimaca.com/2oPHpHrQ/index.html
    lanwhale.com/jbHdv0xV/index.html
    layoutexpress.home.pl/0Q5eS2QQ/index.html
    leukerbad.be/nEm67w4b/index.html
    meeinc.in/S4hkUrDE/index.html
    mondriangallery.com/L1b2V2qp/index.html
    ftp.nachtuulen.com/UoXiPjHz/index.html
    niatel.com.ba/v6bNGBF8/index.html
    orlporadna.cz/svMUHr9c/index.html
    petruviajes.com/hwYh2AN4/index.html
    prenocistehanka.com.ba/h0KUTzs2/index.html
    prospettopotenza.com/yFdDBL2r/index.html
    radiopatos.com.br/87LSpCxj/index.html
    scoalaerbiceni.ro/2oPHpHrQ/index.html
    sukhem.com/XUjBLrsY/index.html
    thomasjanssens.be/c8fzRD3c/index.html
    walls2windows.com/0GV2NqfG/index.html
    wojtek.1do1.pl/UoXiPjHz/index.html

     Data that is stored in the cloud may become lost in the fog.

  21. User picture
    • NotBuyingIt on Wed 02 May 2012
    • 06:27:24 PM UTC

    RE: Edu.jar malware (CVE-2010-0188,CVE-2010-1885,CVE-2012-0507)

    www.landjjewellers.ie/1ND3qAXe/index.html
    mlm.home.pl/etNQnKbh/index.html

    ejdermutfak.com/p6Simj8X/js.js
    gaborikenergy.sk/QS9724hH/js.js
    kavalloor.com/ZAvZ02yN/js.js
    mylight.com.tr/4LfZJjye/js.js
    silviaappel.com/LwfJaab0/js.js

    74.91.118.249/showthread.php?t=d7ad916d1c0396ff
    74.91.118.249/data/ap2.php
    {applet/*/ code="hXXp://74.91.118.249/la.J" archive="Edu.jar"}
    74.91.118.249/showthread.php?t=4a6d866826776084

     Data that is stored in the cloud may become lost in the fog.

  22. User picture
    • NotBuyingIt on Wed 02 May 2012
    • 06:50:39 PM UTC

    RE: Edu.jar malware (CVE-2010-0188,CVE-2010-1885,CVE-2012-0507)

    asantrade.com/oLd0wBqV/index.html
    www.primotest.altervista.org/h0KUTzs2/index.html

    cografyasin.com/hDW2exkR/js.js
    dichvuthanhlapdoanhnghiep.com.vn/QFgZH3bH/js.js
    jn000151.ferozo.com/S5Bhj8Hb/js.js

     Data that is stored in the cloud may become lost in the fog.

  23. User picture
    • NotBuyingIt on Wed 02 May 2012
    • 10:47:37 PM UTC

    RE: malware (CVE-2010-0188, CVE-2010-1885)

    client.romonline.web.id/n2R22bbi/index.html
    dhandiagems.com/2bogYoyS/index.html
    edtt.co.in/3hJk6Nhd/index.html
    www.gurjeetsbagga.com/jJe5qJyc/index.html
    innovacreative.biz/w2VVmrKg/index.html
    juegodeldiccionario.com/mNqwE6xB/index.html
    www.pirepillan.com.ar/U1Uj92mA/index.html
    premiumkonta.hostit.pl/SK2M2zgV/index.html

    www.biannti.com/yCVmcwP4/js.js
    paradiso-umrahdanhaji.co.id/pHBJppoX/js.js
    yahyagunsur.k12.tr/UQ0dhn9U/js.js

     Data that is stored in the cloud may become lost in the fog.

  24. User picture
    • NotBuyingIt on Thu 03 May 2012
    • 02:56:26 AM UTC

    RE: malware (CVE-2010-0188, CVE-2010-1885)

    monliveshow.info/etNQnKbh/index.html
    niatel.com.ba/tnudYSLS/index.html
    rsons.in/NdHgm0gT/index.html
    ftp.zakladame-firmu.sk/dcTVbRAJ/index.html

     Data that is stored in the cloud may become lost in the fog.

  25. User picture
    • NotBuyingIt on Thu 03 May 2012
    • 04:10:20 PM UTC

    RE: Edu.jar malware (CVE-2012-0507

    aussibangla.org.au/8rnd8N3f/js.js
    www.emporiumsolutions.com/xubeX5cY/js.js
    noyznet.net/9gVxVi6e/js.js
    www.paydayloanlivetransfers.com/ryzN0yvW/js.js
    rodriguezchevalier.com.ar/xctCu9JX/js.js
    vsccatalog.com/0eBPGmZs/js.js

    74.91.121.237/showthread.php?t=4a6d866826776084
    {applet/*/ archive="hXXp://74.91.121.237/Edu.jar" code="la.J"}

     Data that is stored in the cloud may become lost in the fog.

  26. User picture
    • NotBuyingIt on Thu 03 May 2012
    • 05:03:43 PM UTC

    RE: Edu.jar malware (CVE-2012-0507)

    www.airporttorontolimotaxi.com/XfLGYnfd/index.html
    www.bluehills.com.ar/KeVsBHyc/index.html
    ftp.brisar.com.br/8tPFgxKj/index.html
    calzadolaluz.com/MW2qY3cf/index.html
    www.combatgym.net/UyKtY1RL/index.html
    www.corinthianstone.com/r2ZABLzn/index.html
    cvgrab.com/LDvSoPtF/index.html
    www.debtliveleadnetwork.com/ABsPbdG8/index.html
    elcorillove.com/4Tt3UQqf/index.html
    esgotou.com/XfLGYnfd/index.html
    gudegbukris.com/U4PTakFv/index.html
    jtfcloud.achitech.net/VFjdbdtu/index.html
    kang-adit.co.cc/dQUpK10L/index.html
    merrecaurbana.com.br/YoULwyjC/index.html
    mllc.com.br/eA9XC0h3/index.html
    www.morkozmetik.com/Bz7N4rgh/index.html
    mtheuzin.zxq.net/fWE0Jzao/index.html
    ngambiawar.com/Bz7N4rgh/index.html
    petrealtors.com/TMokFTC2/index.html
    www.postkarten-galerie.de/MW2qY3cf/index.html
    rochel.intercyd.es/0iJvPKRC/index.html
    salonvisage.pl/UyKtY1RL/index.html
    sandbox.webstart.gr/0fWVnB4m/index.html
    selfnesshirek.hu/32tjphyp/index.html
    simplyone01.com/f1uP1QhE/index.html
    skinnysinn.com/UyKtY1RL/index.html
    stcc.in/Bz7N4rgh/index.html
    todoprovidencia.cl/CYxAZEgc/index.html
    tinhoctvd.zxq.net/BbHB0SyP/index.html
    tvexposer.com/jRb9t3LH/index.html
    tresriosconsultimobiliaria.com.br/T2p5gVLE/index.html
    wim.yesseo.com/U4PTakFv/index.html
    yoquierobrasil.com/4Tg5Ycbf/index.html

    66.150.164.54/showthread.php?t=4a6d866826776084
    {applet/*/ archive="hXXp://66.150.164.54/Edu.jar" code="la.B"}

     Data that is stored in the cloud may become lost in the fog.

  27. User picture
    • NotBuyingIt on Thu 03 May 2012
    • 08:32:46 PM UTC

    RE: Edu.jar malware (CVE-2012-0507)

    bc-distribuidora.com/vYnnB3wr/index.html
    bondimovel.com.br/fWE0Jzao/index.html
    bputengineers.com/CPrf3bNA/index.html
    estudio-colombo.com/KeVsBHyc/index.html
    kdd.com.my/CPrf3bNA/index.html

    174.140.165.212/showthread.php?t=d7ad916d1c0396ff
    174.140.165.212/showthread.php?t=9d77a9163cda8dbe
    174.140.165.212/showthread.php?t=4a6d866826776084
    174.140.165.212/showthread.php?t=34c79594e8b8ac0f
    174.140.165.212/data/ap2.php
    {applet/*/ archive="hXXp://174.140.165.212/Edu.jar" code="la.B"}

     Data that is stored in the cloud may become lost in the fog.

  28. User picture
    • NotBuyingIt on Fri 04 May 2012
    • 02:10:21 AM UTC

    RE: Edu.jar malware (CVE-2012-0507)

    www.debtsettlementleadnetwork.com/r2ZABLzn/index.html
    pedroferreiradesign.com/Pp4tpJBT/index.html
    spicytracking.com.br/3gEQBSXB/index.html

     Data that is stored in the cloud may become lost in the fog.

  29. User picture
    • NotBuyingIt on Fri 04 May 2012
    • 03:34:05 AM UTC

    RE: Edu.jar malware (CVE-2012-0507)

    artyklis.info.pl/Trtnx4VK/index.html

    69.194.192.221/showthread.php?t=4a6d866826776084
    69.194.192.221/data/ap2.php
    {applet/*/ archive="hXXp://69.194.192.221/Edu.jar" code="la.B"}

     Data that is stored in the cloud may become lost in the fog.

  30. User picture
    • NotBuyingIt on Fri 04 May 2012
    • 11:57:06 AM UTC

    RE:Edu.jar malware (CVE-2010-0188, CVE-2012-0507)

    184.154.220.226/showthread.php?t=4a6d866826776084
    184.154.220.226/data/ap2.php
    {applet/*/ archive="hXXp://184.154.220.226/Edu.jar" code="a.A"}

     Data that is stored in the cloud may become lost in the fog.