Hi malware fighters,
How to do this: first take a name connected to malcode: Bondarenko Dmitriy Vladimirovich
Then seek on an accompanying malware list: http://malc0de.com/database/index.php?search=29106&ASN=on
Then we start looking what malware is there on Volgahost:
Example: bronwynjamrok*com/4/exe.exe
Threat Name: Trojan Horse
Location: hxtp://bronwynjamrok.com/4/tmp/des.jar
Threat Name: Trojan.Pidief.I
Location: htxp://bronwynjamrok.com/4/tmp/libtiff.pdf
So we dug up a dangerous site, my dear malware fighters, and the reason why not to go there in the browser:
2010-07-15 02:34:16 (GMT 1)
Website bronwynjamrok.com
Domain Hash 248a85940996f880dee7e48ae7dce52e
IP Address 91.213.174.220 [SCAN]
IP Hostname -
IP Country RU (Russian Federation)
AS Number 29106
AS Name VOLGAHOST-AS PE Bondarenko Dmitriy Vladimirov…
Detections 4 / 17 (24 %)
Status DANGEROUS
So what is on there? 2 trojan horses to start with:
Threat Name: Trojan Horse
Location: hxtp://bronwynjamrok.com/4/tmp/des.jar
Threat Name: Trojan.Pidief.I
Location: htxp://bronwynjamrok.com/4/tmp/libtiff.pdf
The last time Google visited the site there were 55 trojans found there:
the last time suspicious content was found on this site was on 2010-07-17.
Malicious software includes 55 trojans.
This site was hosted on 1 network including AS29106 (VOLGAHOST),
and site has hosted malicious software over the past 90 days. It infected 24 domains, including d2messageboard.com/, freenyc.net/, rippin-kitten.com/.
Reason injected malicious code added…for example on rippin-kitten.com there is the following malware:
Threat Name: MSIE ADODB.Stream Object File Installation Weakness
Location: htxp://www.rippin-kitten.com/2010/06/16/sons-of-anarchy-cast-news-emmy-hopefuls-kurt-sutter-puts-zito-in-his-place/
Threat Name: Direct link to MSIE ADODB.Stream Object File Installation Weakness
Location: htxp://www.rippin-kitten.com/
This malware with us since 2008: http://news.cnet.com/8301-1009_3-10218666-83.html
polonus