The Latest in IT Security

May/2012 Malware Analysis

08
Jun
2012

Last month ( May / 2012), we were able to identify 94,866 compromised (hacked) sites by our scanners. Those were the top infections per distribution type (iframes and conditional redirections – compare to April):

Conditional (often htaccess) redirections:

[# of sites compromised] [malware url]
1222 http://kogirlsnotcryz.ru:8080/forum/showthread.php?page=beb2436a164c6222
994 http://opimmerialtv.ru:8080/forum/showthread.php?page=beb2436a164c6222
991 http://rec-creations.com/adv.php
870 http://melaf.ru/jtrepj?7
594 http://minkof.sellclassics.com/
531 http://ineed.co.nz/adverts/media.php
463 http://spbfotomontag.ru:8080/forum/showthread.php?page=beb2436a164c6222
384 http://rolyjyl.ru/count30.php
364 http://beonce-preez.ru/infinity?8
347 http://rolyjyl.ru/count30.php
345 http://tradeincas.ru/siga?7
327 http://mikapola.ru/yeot?7
312 http://styxving.ru/evos?7
312 http://commenttwitt.ru/g4hs?5
308 http://kogirlsnotcryz.ru:8080/forum/showthread.php?page=beb2436a164c6222
295 http://mygooglemy.com
279 http://colce-adem.ru/infinity?8
271 http://get-sany.ru/sunreal?9
257 http://rec-creations.com/adv.php
251 http://pasla-setatg.ru/qrfoa?8
224 http://song-moll.ru/sher?3
223 http://onmouseout-change.ru/vis/index.php
220 http://may-preez.ru/infinity?8
214 http://2domeinold.ru/in.cgi?19
213 http://drbolivar.com/stats.php
211 http://styx-ving.ru/evos?7
208 http://crowgerber.ru/edintef?2
206 http://maybeonce.ru/infinity?8
201 http://freezday.ru/sunreal?9
201 http://beonce.ru/infinity?8

Malicious iframes:

[# of sites compromised] [malware url]

1357 http://lowresolutionit.in/in.cgi?6
379 http://smuss.net/redirect.php
344 http://rolyjyl.ru/count30.php
296 http://directmarketing32businessexchange.in/in.cgi?55764
276 http://sluxxqqgykewolmoli.in/in.cgi?default
225 http://2domeinold.ru/in.cgi?19
185 http://google-adsens.com/in.cgi?2
175 http://direct9.in/in.cgi?55764
156 http://www0apps-myups.com/main.php?page=bbf13438dcde29a9
153 http://bigdeal777.com/gate.php?f=981287
152 http://31.184.242.81/link.php
139 http://rec-creations.com/adv.php
134 http://rycgoka.ru/count1.php
133 http://directmarketing32linearsale.in/in.cgi?55764
123 http://csepros.com
110 http://bizzqw.ru/in.cgi?19
108 http://ineed.co.nz/adverts/media.php
103 http://gocgleapps.com/api?in=864
95 http://htpcapital.com/main.php?page=98d3bf6d08596d13
76 http://directmarketing40linearsale.in/in.cgi?55764
75 http://tdska.sauna-ess.ru/go.php?sid=7
75 http://64.34.202.180/scrp.php
73 http://startcooking.com/public/files/jquery.php
66 http://www.thesea.org/media.php
66 http://karenbrowntx.com
58 http://sytratesthj.co.cc/1/go.php?sid=13′
57 http://uwlex90.in/
54 http://directmarketing40wardsale.in/in.cgi?55764
50 http://www.kw.ee/paypal.php?curr=USD
49 http://techcasfh.in/in.cgi?19

You can scan your site on sitecheck if you are worried it is currently infected or experiencing issues: http://sitecheck.sucuri.net

Leave a reply


Categories

MONDAY, JULY 22, 2019
WHITE PAPERS

Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...

Featured

Archives

Latest Comments

Social Networks