Just being reported - malware site: hostd.xyz,144.76.82.116,kara.ns.cloudflare.com,Parked/expired,
On host.xyz: http://www.securityweek.com/cybercriminals-abuse-new-tlds-phishing-malware-attacks
Malicious binairies are added to downloads on a RBN tor exit-node.
Published on Hackforums - http://support.clean-mx.de/clean-mx/viruses.php?sort=firstseen%20desc&review=141.101.126.117
Alive long live malware long OVERDUE! → Trojan.KillAV
See: https://www.virustotal.com/nl/file/29cbd9d9bc6571d15d6a2b29dd2532fe6c7fb81d255778deb40f64dc79502bf5/analysis/

polonus

Good Catch Polonus

pol

False positive

First submission 2012-12-10 11:07:08 UTC ( 2 years, 2 months ago )

Publisher Code Laboratories Product CL-Eye Platform Driver for PS3Eye Original name CL-Eye-Driver-5.3.0.0341.exe Internal name CL-Eye Driver Setup File version 5.3.0.0341 Description CL-Eye Platform Driver Setup Signature verification Signed file, verified signature Signing date 10:57 AM 12/6/2012 Signers [+] Code Laboratories [+] VeriSign Class 3 Code Signing 2010 CA [+] VeriSign Counter signers [+] Symantec Time Stamping Services Signer - G3 [+] VeriSign Time Stamping Services CA [+] Thawte Timestamping CA

Hi Pondus,

As I said the malicious binairies are being added on a tor exit node - the original downloads may be however pristine.
Expired webdomains easily can be abused for such purposes.

polonus