| View previous topic :: View next topic |
| Author |
Message |
milkman9747
Trooper
Joined: Apr 24, 2007
Posts: 15
Location: USA
|
 Posted: Wed May 09, 2007 10:25 pm Post subject: omega-it.ru |
|
|
I was following this websites "SQUID CACHE" and have obtained hundreds of live virus urls from this cache and all of a sudden its gone, but!
traceroute says
14 198 200 199 81.176.20.4 adc.r-line.ru
Now its possible that the cache is gone but website is up or this is the hosting companys server, I'm not sure
Can someone check to see if they can access
http://www.omega-it.ru/squid/2006Dec28-2006Dec29/siteuser.html
or just
http://www.omega-it.ru/squid/
Start googleing "Squid Analysis Report Generator" followed by .exe or .scr or whatever, You will be AMAZED at what you find.
|
|
| Back to top |
|
 |
tetak
MIRT Team Lead
Premium Member
Joined: Jan 19, 2007
Posts: 5860
|
|
| Back to top |
|
|
milkman9747
Trooper
Joined: Apr 24, 2007
Posts: 15
Location: USA
|
| Posted: Wed May 09, 2007 10:45 pm Post subject: |
|
|
Im going to miss that site, although I HATE malware it was such a valuable "Honey Pot" if you will, of malware links, oh well.
Thanks
|
|
| Back to top |
|
|
supercalilicous
Trooper
Joined: May 22, 2007
Posts: 12
Location: USA
|
| Posted: Sat May 26, 2007 4:35 pm Post subject: |
|
|
WOW this is ALL from omega-it.ru, Wow I feel sorry for that computer network.
We got warezov and zhelatin and nuwar, ircbot, magnoia, and lineage, spys and bankers and a few sdbots. wow jsut from one computer network
http://www.lovemoney88.com/mm/1.exe
http://www.lovemoney88.com/mm/2.exe
http://www.lovemoney88.com/mm/3.exe
http://www.lovemoney88.com/mm/4.exe
http://www.lovemoney88.com/mm/5.exe
http://www.lovemoney88.com/mm/6.exe
http://www.lovemoney88.com/mm/7.exe
http://www.lovemoney88.com/mm/8.exe
http://www.lovemoney88.com/mm/9.exe
http://www.lovemoney88.com/mm/10.exe
http://www.lovemoney88.com/top/top.exe
http://soft.trustincash.com/loader/exe/ticads.exe
http://soft.trustincash.com/loader/exe/tse.exe
http://soft.trustincash.com/loader/exe/b2.exe
http://soft.trustincash.com/loader/exe/u.exe
http://81.29.241.195/part/joke.exe
http://megafastsuperhost.net/loader.exe
http://tyt-menia.net/s32.exe
http://ddl-help.info/readme.exe
http://execucom.co.uk/img/load.exe
http://www.laydy.net/file.exe
http://laydy.net/1/1.exe
http://laydy.net/2/2.exe
http://www.norton-nod32.com/trf/sp_6/file1.exe
http://www.norton-av2007.com/trf/tools/calc.exe
http://www.smalltool.net/new.exe
http://serv263.info/rss/demo.exe
http://a-commando.info/zupastik.exe
http://bahep.info/file.exe
http://coco32.org/o/exp/r/install1.exe
http://208.64.26.150/spm/loader.exe
http://208.64.26.150/spm/2loader.exe
http://208.64.26.150/test1.exe
http://208.64.26.150/spm/4loader.exe
http://205.209.179.15/aff/dir/cent.exe
http://205.209.179.15/aff/dir/pdp.exe
http://70.47.53.19/~soft/bin/iexplore.exe
http://81.95.146.206/windar.exe
http://72.29.67.138/vx0125b.exe
http://70.47.53.19/~soft/bin/ieschedule.exe
http://spywaresoftstop.com/download/sss_setup.exe
http://serv263.info/st.exe
http://laydy.net/3/3.exe
http://laydy.net/4/4.exe
http://laydy.net/5/5.exe
http://81.95.149.235/asm/file.exe
http://coco32.org/tn/axt.exe
http://www.coco32.org/clients/lx001.exe
http://www.coco32.org/clients/137-15.exe
http://s1.rollsystems.info/files/bild.exe
http://coco32.org/tn/axt.exe
http://allddos.biz/sp//b.exe
http://allddos.biz/sp//p.exe
http://hostbiz.info/fgh.exe
http://huyamilka.com/adv/190/win32.exe
http://58.65.232.10/mrkg/l1.exe
http://58.65.232.10/mrkg/l2.exe
http://www.moneyboomtown.com/images/realfoto.exe
http://qazxcdew.by.ru/file.exe
http://miramax-invest.net/ivan/load.exe
http://wert-co.ru/1.exe
http://fotballportal.info/kill/1.exe
http://thekurt.info/load.exe
http://stat1count.net/adv/014/win32.exe
http://bfstats.info/img/avatars/s/123.exe
http://cards.funnystories.ru/adv007.exe
http://cards.funnystories.ru/bot.exe
http://cards.funnystories.ru/img/adv7.exe
http://sun-ww.net/bG9hZGVy/c25hdGNo.exe
http://wow02.w125.west263.cn/mtv/ook.exe
http://baserionkerjans.com/dlksr32.exe
http://baserionkerjans.com/m.2.16.exe
http://baserionkerjans.com/sysmwbt.exe
http://baserionkerjans.com/asr.exe
http://baserionkerjans.com/crslc.exe
http://baserionkerjans.com/KB070517sk.exe
http://baserionkerjans.com/fdd32.exe
http://slil.ru/24353191/919567585/Instal.exe
http://xuyhadesunkadwi.com/fdd32.exe
http://xuyhadesunkadwi.com/asr.exe
http://xuyhadesunkadwi.com/KB070517sk.exe
http://xuyhadesunkadwi.com/c.8.0.exe
http://xuyhadesunkadwi.com/m.2.16.exe
http://xuyhadesunkadwi.com/crslc.exe
http://xuyhadesunkadwi.com/sysmwbt.exe
http://xuyhadesunkadwi.com/dlksr32.exe
http://yuvideo.org/UD2.exe
http://counter-forever.cn/sp_pack/counter/Dropper.exe
http://81.95.148.188/20509.exe
http://zjabutkcjdctv.biz/d1.exe
http://zjabutkcjdctv.biz/d2.exe
http://zjabutkcjdctv.biz/d3.exe
http://www.skytrip.org/p/p.exe
http://216.255.180.6/2497.exe
http://hack-off.info/sb/sferhtemp.exe
http://81.95.149.235/cmddd/216.exe
http://81.95.149.235/cmddd/mail.exe
http://75.126.226.224/aff/dir/alt.exe
http://75.126.226.224/aff/dir/pee.exe
http://inspekt.biz/update.exe
http://inspekt.biz/svchostes.exe
http://ak.ipv1.info/s3.0.exe
http://falop5fas.com/0.exe
http://boln7be8.com/0.exe
http://nower5re9.com/0.exe
http://a-commando.info/ll.exe
http://75.126.21.162/aff/dir/sams.exe
http://zjabutkcjdctv.biz/d4.exe
http://agressor.info/hello.exe
http://hertunjinkdesinl.com/rs34sk.exe
http://hertunjinkdesinl.com/gdf32.exe
http://baserionkerjans.com/gdf32.exe
http://baserionkerjans.com/rs34sk.exe
http://baserionkerjans.com/mdt.exe
http://hertunjinkdesinl.com/dlksr32.exe
http://hertunjinkdesinl.com/m.2.16.exe
http://hertunjinkdesinl.com/sysmwbt.exe
http://hertunjinkdesinl.com/asr.exe
http://hertunjinkdesinl.com/mdt.exe
http://hertunjinkdesinl.com/crslc.exe
http://hertunjinkdesinl.com/KB070517sk.exe
http://hertunjinkdesinl.com/fdd32.exe
http://hertunjinkdesinl.com/c.8.0.exe
http://xuyhadesunkadwi.com/gdf32.exe
http://xuyhadesunkadwi.com/rs34sk.exe
http://xuyhadesunkadwi.com/mdt.exe
http://81.95.149.235/cmddd/215.exe
http://www.ctv163.com/admin/qq.exe
http://baserionkerjans.com/csrcss.exe
http://hertunjinkdesinl.com/csrcss.exe
http://xuyhadesunkadwi.com/csrcss.exe
http://falop5fas.com/1.exe
http://boln7be8.com/1.exe
http://nower5re9.com/1.exe
http://opaga.com/d/f/system.exe
http://www.tbporno.com/soft/tbporno_2.58.exe
http://xuyhadesunkadwi.com/svchcc32.exe
http://baserionkerjans.com/svchcc32.exe
http://hertunjinkdesinl.com/svchcc32.exe
http://81.176.20.4/1.exe
http://216.255.189.214/aff/dir/sony.exe
http://66.148.74.35/aff/dir/sony.exe
http://66.148.74.7/aff/dir/sony.exe
http://66.148.74.35/aff/dir/pdp.exe
http://85.249.23.43/1.exe
http://teryunkasewion.com/skl32.exe
http://2005-search.com/go.exe
http://www.ctv163.com/heixia/q.exe
http://72.20.4.126/dload.exe
http://72.20.4.126/5.exe
http://a-commando.info/zzz.exe
http://www.lightsgb.net/inst.exe
http://www.newoldway.info/winhp32cln.exe
http://81.95.149.235/loads/load2.exe
MOD EDIT
PLEASE USE A TECHNIQUE THAT IS EASY TO REVERSE WHEN CRIPPLING A LINK
|
|
| Back to top |
|
|
tacktick
MIRT Hunter
Premium Member
Joined: May 19, 2007
Posts: 624
Location: USA
|
| Posted: Sat May 26, 2007 11:01 pm Post subject: |
|
|
| milkman9747 wrote: | Im going to miss that site, although I HATE malware it was such a valuable "Honey Pot" if you will, of malware links, oh well.
Thanks |
It is up and working.
Its a little time consuming combing through it and finding malware among
the legitimate stuff, but I have already found 1 new backdoor that has
only a couple heuristic detections.
The way to use it is go here:
hxxp://www.omega-it.ru/squid/
Then pick an entry, then on the top of that page click "Downloads"
Then you can do searches on that page for 'exe' or whatever.
For malware hunters and experts only ofcourse.
_________________
Analyzing, reporting and removing Malware. Fight the Scourge!
|
|
| Back to top |
|
|
|
|
Forum FAQ
Search
Usergroups
Profile
Login to check your private messages
Login
