Site malicous?

polonus · February 27, 2010, 8:08pm

Hi malware fighters,

Strange indicators to this page: vxchaos.6x.to
Server IP(s):
62.4.83.231
62.93.229.15

=========================
HTTP headers:

GET / HTTP/1.0
Host: vxchaos.6x.to
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Accept-Encoding: gzip
Location Germany

Info on 6x.to
The last time that suspicious code has been found on mentioned site was on 2010-01-04.
Malicious software includes 20 scripting exploits, 6 trojans. Successful infection resulted in an average of 3 new processes on the target machine.

Malicious software has been hosted on 8 domains, e.g. bronx.sk/, mjainfo.mj.funpic.de/, myopera.com/.

1 domain seems to function as a re-direct for spreading maware to visitors of this site, e.g. anhkuloc.byethost13.com/.

This site was hosted on 1 network, including AS8455 (ATOM86).

One site has been infected by this site, e.g. come.vn/.

myopera.com is still infected with
Virus
Threat found: 1

Name of threat: Trojan Horse
Location: hxtp://static03.myopera.com/upic/pool1/iH/jmM/+dyDc5NGqNoZAWAylgA8Fo/2290230_m.jpg

But on 210-02-23 it still had malicious software including 12 trojans, 4 scripting exploits

This site was hosted on 2 network(s) including AS3292 (TDC), AS12552 (IPO),

polonus

system · February 27, 2010, 8:13pm

From page header

<TITLE>VX CHAOS FILE SERVER</TITLE>
<meta name="keywords" content="VX Collection, virii, virus, vir, wurm, viry, viruses, worm, trojan, antivirus, warez, xploits, CHAOS, polymorphic engines, virus sources, security issues, hacking, security exploits, IDS, pen-test, spoofing, blackhat, sploits, logic bombs, worms, virii collections, xploit, AV, appz, anonymous surf, full app, cracks, Azag-thoth, virus writers, vck, 0-day, PolyEngine, EXE Packer, computer infection, Virus Tools, virii, crackz, free web site builder tool, Azathoth, Azag">
<meta name="description" content="Viruses and worms, huge virus collection, antivirus, virii, vx sources, vx mags, ezines, virus writing tutorials, logic bombs, Virus Creation Programs And Construction Kits, window bombs, security exploits, sploits, VCK, Free Warez, FREE Web Site Builder Tools, Web Server Apps, Anti-Virus Scanners, H4x0ring, FREE virus sources including ASM sources, VBS, HTML, C++, Delphi, Visual Basic">

polonus · February 27, 2010, 10:29pm

Hi malware fighters,

What to think of this report?
http://scanner.novirusthanks.org/analysis/743b541725f35e4b55730a9520123144/aW5kZXg=/

polonus

Site malicous?

From page header

Announcements