What malware is here on this Banner Market site under construction!

unknown_html flagged to-day at MX-VW. → https://www.virustotal.com/nl/url/8c0b3e11d371cddd9db2c9d91e4720cfa942d75bca10516bccf7d130bc755217/analysis/

Found via malekal →
htxp://moneymakerclick.com/vigrx/adv/index2.php?adv_id=21

<Referer1_IP>192.243.127.219</Referer1_IP>
htxp://ads.zazazizoo.com/ads/aff2.php
<Referer2_IP>80.77.81.44</Referer2_IP>

Here found beingn: http://zulu.zscaler.com/submission/show/0da8a1423cfad3ac1790554e7539e062-1387118604
Earlier found to be suspicious here: http://zulu.zscaler.com/submission/show/0da8a1423cfad3ac1790554e7539e062-1386863023

polonus

Just the URL is suspicious. Wouldn’t ever go on that site for the life of me

Another one flagged, but why?
See: http://209.9.239.101/?report=431569e41fec2db269ed3cad8113005fd5ec7662 *
IDS alert for ETPRO WEB_CLIENT Microsoft Internet Explorer remote code execution via option element here:
http://urlquery.net/report.php?id=8396102
BitDefender flags as malicious.
See for vulnerability of Prototype JavaScript framework, version 1.7 *
http://www.cvedetails.com/cve/CVE-2008-7220/

pol

This website injected an Exploit-Generic into Internet Explorer: hxxp://ads.zazazizoo.com/ads/aff2.php (Screenshot)

Virustotal analysis of the javascript file from this link: hxxp://www.broedersgezondheidswinkel.nl/media/js/55b783a98f039fe7c7ac9ad51b2d4922.js

https://www.virustotal.com/de/file/9eb079a637507443ba0a2c41439abe70ee81de6928e86f0d5e53c29eecbcc62c/analysis/1387121079/ 0/48

Hi Steven Winderlich,

Thanks for checking this for all of us.
Also missed here and reported: http://app.webinspector.com/public/reports/18916672
& http://app.webinspector.com/public/reports/18910275?cache=true

pol

By the way, the first URL is blocked by Avast. So we are protected.

The Javascript file wants to Remote Control the svchost.exe via OLE.

Hello,

ads.zazazizoo.com = fake ads company to spread malvertising.
you can get them, for example on x3xtube.com (porn website).

Hi Malekal_morte,

Thanks for explaining the malvertising connection here.
The kraken Virus Tracker Classification for that domain is

ads dot zazazizoo dot com,88.214.225.178,Criminals,

(where “criminals” will denote nothing more than that malcode is up and active)

polonus