tech support 9

  • Subscribe to our RSS feed.
  • Twitter
  • StumbleUpon
  • Reddit
  • Facebook
  • Digg

Tuesday, 28 May 2013

Something (a bit) evil on 158.255.212.96 and 158.255.212.97

Posted on 04:15 by Unknown


The IPs 158.255.212.96 and 158.255.212.97 (EDIS GmbH, Austria) are hosting malware used in injection attacks (see this example for fussball-gsv.de). These two examples report a TDS URL pattern which is resistant to automated analysis. The domains appear to be part of a traffic exchanger system (never a good idea), but they have been used to distribute malware.

The following sites are hosted on
Email ThisBlogThis!Share to XShare to FacebookShare to Pinterest
Posted in Austria, Malware, Viruses | No comments
Newer Post Older Post Home

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Popular Posts

  • Registered Express Corporation (RGTX) pump and dump spam
    It's taken me a few days to get around to this due to moving house, but here's a new pump-and-dump spam run promoting a stock Regist...
  • "CEO Portal Statements & Notices Event" spam / report_{DIGIT[12]}.exe
    This fake Wells Fargo email has a malicious attachment: Date:      Fri, 16 Aug 2013 09:51:17 -0500 [10:51:17 EDT]From:      Wells Fargo Even...
  • ACH file ID "999.107" has been processed successfully spam / www.fiscdp.com.airfare-ticketscheap.com
    This fake FISC ACH spam leads to malware on www.fiscdp.com.airfare-ticketscheap.com: Date:      Tue, 10 Sep 2013 17:05:49 +0530 [07:35:49 ED...
  • USPS spam / Label_ZFRLOADD5PGGZ0Z_USPS.zip
    This fake USPS spam has a malicious attachment: Date:      Tue, 15 Oct 2013 09:36:02 -0500 [10:36:02 EDT]From:      USPS Express Services [s...
  • StumbleUpon spam / drugstorepillstablets.ru
    This fake StumbleUpon spam is something new, it leads to a fake pharma site on drugstorepillstablets.ru: Date:      Mon, 4 Feb 2013 01:01:46...
  • "Support Center" spam / phticker.com
    Not malware this time, but this fake "Support Center" spam leads to a fake pharma site at phticker.com: Date:      Mon, 11 Feb 201...
  • inukjob.com fake job offer (also ineurojob.com and hollandsjob.com)
    This fake job offer from inukjob.com involves illegal money laundering, and it also seems that the scammers want to use your identity for ...
  • Dealerbid.co.uk "Quotation.zip" spam with malicious VBS script
    The website dealerbid.co.uk has been compromised and their servers hacked in order to send spam to their customer list. Something similar ha...
  • Fake Staples spam leads to malware on tootle.us
    This fake Staples spam leads to malware on a site called tootle.us: Date:      Wed, 2 Oct 2013 08:40:11 -0500 [09:40:11 EDT]From:      suppo...
  • Laughable advanced fee fraud scam promises $2.5
    Two-and-a-half bucks? I think I'll pass. From:     Mr Anthony Freed [johnewele12@cantv.net]Reply-to:     dhlcorriadeliveryservice@live.c...

Categories

  • .SU
  • 1&1
  • 419
  • ADP
  • Advanced Fee Fraud
  • Advertising
  • Adware
  • AICPA
  • Amazon
  • Amerika
  • Android
  • Anti-Virus Software
  • AOL
  • Apple
  • Aruba
  • Australia
  • Austria
  • BBB
  • Black Hat
  • Blackhole
  • Blogging
  • Botnet
  • Brazil
  • Bulgaria
  • Canada
  • Chile
  • China
  • CNN
  • Colombia
  • CookieBomb
  • Crime
  • CyberBunker
  • Data Breach
  • DHL
  • DOC
  • Domains
  • Dynamic DNS
  • eBay
  • Edis
  • eFax
  • Egypt
  • Emailmovers Ltd
  • Endurance International Group
  • Estonia
  • Evil Network
  • EXE-in-ZIP
  • Facebook
  • Fail
  • Fake Pharma
  • False Positive
  • FedEx
  • Finland
  • France
  • Gandi
  • Germany
  • GHOSTnet
  • GoDaddy
  • Google
  • Greece
  • Hacked sites
  • Hetzner
  • HMRC
  • Hosting
  • Hungary
  • India
  • Injection Attacks
  • Intergenia
  • INTUIT
  • Iran
  • IRS
  • Israel
  • Italy
  • Japan
  • Job Offer Scams
  • Joe Job
  • Jolly Works Hosting
  • Kelihos
  • Kenya
  • Korea
  • Latvia
  • Law
  • Leaseweb
  • LinkedIn
  • Linode
  • Lithuania
  • Lithunia
  • logol.ru
  • Macintosh
  • Magnitude
  • Malware
  • Mea Culpa
  • Microsoft
  • Moldova
  • Money Mule
  • Mongolia
  • NACHA
  • NATO
  • Netherlands
  • Neutrino
  • Nuclear Fallout Enterprises
  • OVH
  • Pakistan
  • Patches
  • PayPal
  • Philippines
  • Phishing
  • Phishtank
  • Phones
  • Pinterest
  • Pizza
  • Poland
  • Politics
  • Porn
  • PPI
  • Printer Spam
  • Privacy
  • Pump and Dump
  • Retro
  • Romania
  • RU:8080
  • Russia
  • Sally Gaskell
  • Scam
  • Scams
  • Senegal
  • Serbia
  • Serverius
  • Sidharth Shah
  • Simply Transit
  • Singapore
  • Slicehost
  • SMS
  • South Africa
  • Spain
  • Spam
  • Stupidity
  • Sweden
  • Sweet Orange
  • Switzerland
  • Syria
  • Taiwan
  • Telepests
  • Thailand
  • TheFirst-RU
  • ThreeScripts
  • Tor
  • Turkey
  • UAE
  • UK2.NET
  • Ukraine
  • UPS
  • US Airways
  • USPS
  • VBScript
  • Virgin Media
  • Viruses
  • Waledac
  • Weather
  • Xeex
  • Yahoo
  • YouTube
  • Zbot
  • Zeus

Blog Archive

  • ▼  2013 (500)
    • ►  November (29)
    • ►  October (37)
    • ►  September (46)
    • ►  August (44)
    • ►  July (62)
    • ►  June (42)
    • ▼  May (39)
      • Medfos sites to block 31/5/13
      • NewEgg.com spam / 174.140.171.233
      • ADP spam / 4rentconnecticut.com and 174.140.171.233
      • Al Rowaad Advocates - scumbag, spammy lawyers
      • Amazon.com 55 inch TV spam / ozonatorz.com
      • University of Illinois CS department compromised
      • Malware sites to block 29/5/13
      • 55-Inch TV Amazon.com spam / federal-credit-union.com
      • Something (a bit) evil on 158.255.212.96 and 158.2...
      • fab.com spam
      • Citibank spam / Statement 57-27-05-2013.zip
      • Chase "Incoming Wire Transfer" spam / incoming_wir...
      • prospectdirect.org (Emailmovers Ltd) spam
      • Delivery_Information_ID-000512430489234.zip
      • Something evil on 50.116.28.24
      • Newegg.com spam / balckanweb.com
      • "Referral link" spam / rockingworldds.net and pari...
      • Wells Fargo and Citi spam / SecureMessage.zip and ...
      • Walmart.com spam / virgin-altantic.net
      • Walmart.com spam / bestunallowable.com
      • HMRC spam / VAT Returns Repot 517794350.doc
      • "Invoice Copy" spam / invoice copy.zip
      • ADP spam / outlookexpres.net
      • Something evil on 184.95.51.123
      • Facebook spam / otophone.net
      • Something evil on 94.242.198.16
      • Bank of America spam / RECEIPT428-586.doc
      • "Confidential - Secure Message from AMEX" spam / S...
      • Something evil on 188.241.86.33
      • Something evil on 151.248.123.170, Part IV
      • Experiment: There may be confidential content in y...
      • Citibank spam / Statement ID 64775-4985.doc
      • Amazon.com spam / ehrap.net
      • Something evil on 151.248.123.170, Part III
      • Wanted: Seer. To work on Ă…land.. wherever that is.
      • Something evil on 173.255.200.91
      • A look at the wonderful, weird world of retro phones
      • LinkedIn spam / guessworkcontentprotect.biz
      • "Your Wire Transfer 07532312 canceled" spam / Rece...
    • ►  April (67)
    • ►  March (67)
    • ►  February (60)
    • ►  January (7)
Powered by Blogger.

About Me

Unknown
View my complete profile