holpo
1
The source of -http://greengrowth.ggsddup.com/cgi-bin/Trpq8.c/404javascript.js has a link to this DsNextGen site with a randomly generated cookie callback.
holpo
3
Hi Donovansrb10,
Always like your unconventional way of presenting the inner workings of the malware there.
Also look here: http://www.malware-control.com/statics-pages/4d84bd418da17f01298df489c251464f.php
and here:
http://www.virustotal.com/file-scan/report.html?id=f0902bbeaf0c111081c627f7b361df94b165685ef710beb02409d8d67911c4eb-1324082213
A fraud/scam site We have 6 complaints about 208.73.210.29
Is 208.73.210.29 misbehaving, e.g. engaging in SPAM, brute-force, DOS attack, phishing, or other fraud? Command and control server for the msomsysdm malware. 208.73.210.85
See for what’s out there: -http://www.malwaregroup.com/ipaddresses/details/208.73.210.85
Live malware URLs there:
-http://greengrowth.ggsddup.com/cgi-bin/Owpq4.cgi
-http://greengrowth.ggsddup.com/cgi-bin/Trpq8.c (as given in the above posting)
-http://greengrowth.ggsddup.com/httpdocs/mm/ComputerName:00-00-00-00-00-00/Cmwhite
web site: -http://greengrowth.ggsddup.com
status: Site infected with malware
web trust: Not Blacklisted
Malware found on javascript file:
-http://greengrowth.ggsddup.com/404javascript.js
Malware found in the URL:
-http://greengrowth.ggsddup.com
Malware found in the URL:
-http://greengrowth.ggsddup.com/404testpage4525d2fdc
polonus