Jump to content

Malwarebytes

Infected Codecs - Google Groups

Started by Jaxryley, Sep 13 2008 12:11 AM

2 replies to this topic

#1
Jaxryley
Posted 13 September 2008 - 12:11 AM

    Forum Deity

  • Malware Hunters
  • PipPipPipPipPipPip
  • 6,718 posts
  • Gender:Male
  • Location:West Aussie
  • Interests:Gardening and computers.
Went to the link in the article twice (and not for a perve) :unsure:

Two different codecs were offered for download which are infected.
Virus Total Codec 1

Virus Total Codec 2

Blog Article

Quote

Spammers have begun using Google Groups as a platform for malware distribution. Here's how it works:

1. The spammer sets up a new group, usually with a random-looking group name.
2. The spammer posts messages to the group from a variety of gmail accounts, including a rich set of keywords that people are likely to search for (things like "Palin", "John McCain", etc.).
3. The spammer includes a link in each posting to a web site that publishes malware.
4. An unsuspecting Internet user who searches Google Groups for one of the common keywords (e.g. "John McCain"), stumble upon the spammers' postings.
5. The user clicks on the malware link, downloads the malware, and his or her machine becomes infected.

The following link was discovered through a simple Google Groups search - warning, this page contains a dangerous link:
hxxp://groups.google.com/group/4OVAt4m/web/warning-spyware-detected-click-here-virus?hl=en
Can't access the upload net atm?

Quote

Firefox can't find the server at uploads.malwarebytes.org.

#2
Marty111
Posted 28 November 2008 - 08:01 AM

    New Member

  • Members
  • Pip
  • 10 posts
  • Gender:Male
  • Location:United kingdom
  • Interests:computers,games,ipod,ps3,tv
even more:
hxxp://groups.google.com/group/rec.food.cooking/msg/b6befe559ab95856
links to:
hxxxp://best-xxxportal.com/teens/xmovie.php?id=20448
which offers free porn videos ( with an added virus for good mesure) which link to:
hxxp://downloadfiles-citadel.com/LtVidMicroCodecVer.4.20448.exe
which is detected by norton as fake codec

whois info:

Domain name: best-xxxportal.com

Name servers:
ns1.best-xxxportal.com
ns2.best-xxxportal.com

Registrar: Regtime Ltd.
Creation date: 2008-11-20
Expiration date: 2009-11-20

Registrant:
Georgij Markov
Email: KarenLeishman@gmail.com
Organization: Private person
Address: ul. Pushkina 3, 5
City: Moskva
State: Moskva
ZIP: 194146
Country: RU
Phone: +7.4953264794
Administrative Contact:
Georgij Markov
Email: KarenLeishman@gmail.com
Organization: Private person
Address: ul. Pushkina 3, 5
City: Moskva
State: Moskva
ZIP: 194146
Country: RU
Phone: +7.4953264794
Technical Contact:
Georgij Markov
Email: KarenLeishman@gmail.com
Organization: Private person
Address: ul. Pushkina 3, 5
City: Moskva
State: Moskva
ZIP: 194146
Country: RU
Phone: +7.4953264794
Billing Contact:
Georgij Markov
Email: KarenLeishman@gmail.com
Organization: Private person
Address: ul. Pushkina 3, 5
City: Moskva
State: Moskva
ZIP: 194146
Country: RU
Phone: +7.4953264794
regtime is russian there website is: http://www.webnames.ru/

hope you find this useful ( ill post more fake codec information as i find it :huh: )
Helping take rogue sites down since 2004

#3
Marty111
Posted 28 November 2008 - 08:14 AM

    New Member

  • Members
  • Pip
  • 10 posts
  • Gender:Male
  • Location:United kingdom
  • Interests:computers,games,ipod,ps3,tv
also if you just go to hxxp://best-xxxportal.com/ there is a normal site which contains working videos ( porn videos)
called tube8 with a logo refering to tube8.com :huh: which is wierd. ( the link might contain viruses i cant tell as norton has blocked a previous attempt so if you visit the site i would recommend doing it in a sandbox to be on the safe side)
Helping take rogue sites down since 2004
Back to Newest Rogue Threats · Next Unread Topic →


1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. Malwarebytes Forum
  2. Research Center
  3. Newest Rogue Threats

Products

About

Partners

Follow Us