// #MalwareMustDie!! @unixfreaxjp ~]$ date // Sat Aug 3 02:13:55 JST 2013 // // The list of the currently UP and ALIVE Zeus Zbot trojan, // Dropped by Malvertisement of Password Stealer(PWS) Trojan Win32/fareit // Via #SPAM // Note: Many other URLS spotted in reversing the payload, but - // we do not post the URL that can not be POC'ed ALIVE in this list. ------------------------------------------------------------------------------------------- DOWNLOAD URL POC by URLQUERY (Snapped ALIVE!! by MMD) CN ------------------------------------------------------------------------------------------- h00p://www.giftedintuitive.com/kQYjoPqY.exe http://urlquery.net/report.php?id=4226237 US h00p://ftp.jason-tooling.com/nhdx.exe http://urlquery.net/report.php?id=4226246 US h00p://paulalfrey.com/guBwFA.exe http://urlquery.net/report.php?id=4226249 US h00p://bremertondisciples.org/p6AERteJ.exe http://urlquery.net/report.php?id=4226293 US h00p://proactionpt.com/7dPmE3P.exe http://urlquery.net/report.php?id=4226295 US h00p://ruffledpaper.com/N7SvZ.exe http://urlquery.net/report.php?id=4226294 US h00p://www.energiereise-namaste.de/EggT.exe http://urlquery.net/report.php?id=4226312 DE h00p://www.labycar.com/Zi6L.exe http://urlquery.net/report.php?id=4226311 IT h00p://208.112.50.5/c38QVmd.exe http://urlquery.net/report.php?id=4226314 US h00p://s148231503.onlinehome.us/y3R.exe http://urlquery.net/report.php?id=4226318 US h00p://microconvergent.com/0nE8JSm.exe http://urlquery.net/report.php?id=4226333 US h00p://ca-merchant.com/tnBj.exe http://urlquery.net/report.php?id=4226334 US h00p://www.mbbd.it/ALmx.exe http://urlquery.net/report.php?id=4227741 IT h00p://fanpageserver.info/qtJ.exe http://urlquery.net/report.php?id=4227765 US h00p://icewebhosts.com/vcGv9E.exe http://urlquery.net/report.php?id=4227789 US h00p://legodendart.com/f2kr.exe http://urlquery.net/report.php?id=4227824 US h00p://horizon.okcareertech.org/1k7Yvm.exe http://urlquery.net/report.php?id=4227855 US h00p://marinapanagiotidou.gr/qntUYid.exe http://urlquery.net/report.php?id=4227869 US h00p://www.sch.ac.cy/DH8xSJxy.exe http://urlquery.net/report.php?id=4227891 CYPRUS h00p://ftp.petrasolutions.com/REXLa9.exe http://urlquery.net/report.php?id=4257417 US h00p://magic-crystal.ch/0ijiK8Y.exe http://urlquery.net/report.php?id=4257421 SWISS h00p://chartomresidence.com/j7qtsL.exe http://urlquery.net/report.php?id=4257734 US h00p://ftp.evolplay.org/bzfBGWP.exe http://urlquery.net/report.php?id=4319543 FR h00p://www.giftedintuitive.com/kQYjoPqY.exe http://urlquery.net/report.php?id=4319547 US h00p://esmallboxes.com/hc53.exe http://urlquery.net/report.php?id=4323339 US h00p://stratinaki.gr/KK37.exe http://urlquery.net/report.php?id=4329290 US h00p://innerharmonynutrition.com/e2PhGTiC.exe http://urlquery.net/report.php?id=4329392 US h00p://elearning-ss11-neu.fham.de/ecbUL7vg.exe http://urlquery.net/report.php?id=4329417 DE h00p://www.sch.ac.cy/DH8xSJxy.exe http://urlquery.net/report.php?id=4329427 CYPRUS --- #MalwareMustDie! malwaremustdie.org, NPO, We were established by the people, belong to the people, we serve people..