Malware Authors Take Note Of temerc.com [Dec 3]

Information for use and guidelines of all forums. PLEASE READ HERE FIRST.

Moderators: Admin Team, Moderators

User avatar
TeMerc
Site Admin
Site Admin
Posts: 15995
Joined: Fri Jan 28, 2005 5:16 pm
Area Of Expertise: Security
experience: I know the functions, OS settings, registry tweaks and more
PC time: What else is there in life?
Location: PHX, AZ
Contact:

Malware Authors Take Note Of temerc.com [Dec 3]

Postby TeMerc » Wed Oct 22, 2008 3:15 pm

It seems there is a Zlob variant running around which, as described by Trend Micro, looks for evidence that users has visited certain sites and if the user has, the trojan deletes itself.

Guess who made the list? :mrgreen:
This Trojan also checks if the user has visited the following Web sites, which are mostly adult-themed sites:
    adultchamber.com
    adultwebmasterinfo.com
    advertstats.com
    armadaboard.com
    askdamagex.com
    awm.name
    bbs.mediumpimpin.com
    benedelman.org
    bigboynetwork.com
    boards.xbiz.com
    castlecops.com
    charliechoice.com
    crutop.nu
    dndialog.com
    domaintalk.ru
    domenforum.net
    earnforum.com
    extremebullshit.com
    foogie.com
    forum.adultinter.com
    forum.hostobzor.ru
    forum.kaspersky.com
    forum.krawl.com
    forum.ru-board.com
    forum.searchengines.ru
    forum.securitycadets.com
    gabrielharrison.co.uk
    gallerytrafficservice.com
    gaymarketforum.com
    gaytraffic.nl
    gaywebmasterchat.com
    germesia.com
    gfy.com
    gofuckyourself
    greenguyandjim.com
    jahewi.nl
    jmbsoft.com
    klikforum.com
    krawl.biz
    lavasoftsupport.com
    login.advertstats.com
    luxuru.com
    master-x.com
    nastraforum.com
    netadmin.ws
    netpond.com
    peppersboard.com
    pereroboard.com
    pornresource.com
    pornstarkings.com
    promoforum.ru
    rusawm.com
    ruwebmaster.com
    securitygarden.blogspot.com
    seochase.com
    techmonkeys.co.uk
    temerc.com
    tgpalliance.com
    thinkreel.com
    umaxforum.com
    v7n.com
    videosboard.com
    videoscash.com
    webhostingtalk.ru
    webmastersarea.com
    webtown.info
    x-forum.info
    ynotbob.com
    ynotmasters.com
It terminates itself if it finds a match.
Thanks to Corrine @ Security Garden for the heads up. She's also on the list. Sites bolded above are ones I know to be security related

Not sure why they would include other pr0n sites on that list. Maybe these sites list rogue webmasters who post about them and their connections to malware. There is at least one that I know of and actually visit to check for nasties occasionally.
Image

User avatar
TeMerc
Site Admin
Site Admin
Posts: 15995
Joined: Fri Jan 28, 2005 5:16 pm
Area Of Expertise: Security
experience: I know the functions, OS settings, registry tweaks and more
PC time: What else is there in life?
Location: PHX, AZ
Contact:

Re: They Like Me, They Really Like Me...But Is That A Good Thing

Postby TeMerc » Tue Dec 02, 2008 11:06 pm

Steven found another infection which redirects users away from temerc.com as well as hphosts and a whole slew of other security sites.

I've bolded the ones I know of.
Win32/FakeAlert.DS
Date Published:
4 Nov 2008

Last Updated:
4 Nov 2008
Threat Assessment
Overall Risk: Low
Wild: Low
Destructiveness: Medium
Pervasiveness: None Characteristics
Type : Trojan

Category : Win32

Also known as: Trojan.Chost (Symantec), Rootkit.Win32.Clbd.kf (Kaspersky), Mal/EncPk-CZ (Sophos)


Blocks Websites
Win32/FakeAlert.DS monitors internet activity and blocks access to the following domains, many of which are security related:
    247fixes.com
    abuse.com
    abuse.net
    acens.net
    agnitum.com
    ahbl.org
    andymanchesta.com
    antiphishing.org
    antispywareoffensief.nl

    arcabit.com
    armor2net.com
    atribune.org
    atwola.com
    auditmypc.com
    aumha.org
    avast
    avg.com
    avira.com

    avp.ch
    avp.com
    avp.ru
    bdbrandprotect.com
    besttechie.net
    beyondlogic.org
    bfccomputers.com
    bitdefender

    bl.csma.biz
    bleepingcomputer.com
    bluemedicine.be
    boardreader.com
    castlecops.com
    cert.br
    clean-mx.de
    comodo.com
    corpwatch.org
    cpsr.org
    cyberlawenforcement.org
    cybertechhelp.com
    d-a-l.com
    dellcommunity.com
    diamondcs
    download.microsoft.com
    drweb
    dr-web
    dsbl.org
    dslreports.com

    edacdata3.unm.edu
    enigmasoftwaregroup.com<<<<???? <?>
    eset.com
    estdomains.com
    firetrust.com
    forospyware.com
    forum.aumha.org
    forums.techguy.org
    forums.whatthetech.com

    free-av.com
    f-secure.com
    gdata.de
    geekstogo.com
    gladiator-antivirus.com
    gmer.net
    grc.com
    grisoft.com
    grisoft.cz
    hijackthis.nl
    hijackthis-forum.de

    hosting.ua
    hosts-file.net
    hqhost.net

    ibforums.com
    incodesolutions.com
    internetworldstats.com
    javacoolsoftware.com
    joewein.de
    kaspersky.com
    kaspersky.ru
    kasperskylabs.com
    kaspersky-labs.com
    kerio.com

    ktroy.fi
    lavasoft
    lavasoft.com
    lavasoftsupport.com
    lavasoftusa

    layeredtech.com
    linhadefensiva.org
    maddoktor2.com
    majorgeeks.com
    malekal.com
    malwarebytes.org
    malwaredomainlist.comficora.fi
    malwarehelp.org
    malwareremoval.com
    mcafee.com

    moosoft.com
    msdn.microsoft.com
    my-etrust.com
    networkassociates.com
    newbie.org

    noadware.net
    nod32
    norton.com
    pandasoftware
    pandasoftware.com
    pcflank.com
    pchell.com
    pcmasters.deforum
    pcpitstop.com
    pctools.com

    peb.pl
    phx.corporate-ir.net
    prevx.com
    regnow.com

    rsa.com
    safebrowsing.clients.google.com
    safer-networking.de
    safer-networking.org
    scambusters.org

    sdsc.edu
    security.kolla.de
    securitycadets.com
    security-forums.com

    secuser.model-fx
    sophos.com
    spamcop.net
    spamhaus.org
    spybot.info
    spybot.safer-networking.de
    spywarefri.dk
    spywareinfo.com
    spywareinfoforum.com
    spywarewarrior.com

    sspbl.tripod.com
    static.cache.l.google.com
    stompsoft.com
    suggestafix.com
    sunbeltsoftware.com
    superantispyware.com
    support.microsoft.com
    sygate.com
    symantec.com
    symantecliveupdate
    symantecliveupdate.com
    techguy.org
    techsupportforum.com
    techweb.com
    temerc.com
    thatcomputerguy.us
    thespykiller.co.uk
    tinysoftware.com
    trendmicro.com
    trendsecure.com
    update.microsoft.com
    update.symantec.com
    upgrade.bitdefender.com

    usdoj.gov
    viruslist
    virusscan
    virustorjunta.net
    virustotal
    webuser.co.uk
    whatthetech.com
    windowsupdate.com
    windowsupdate.microsoft.com
    winpatrol.com
    x.akamai.net

    yandex-team.ru
    zango.com<<<<--- <?>
    zonealarm.com
    zonelabs
    zonelabs.com
0-= CA Security Advisor

Couple of oddballs there tho:
enigmasoftware? Wtf are those on the list for? They don't do anything to rid malware, certainly not in the way most of the others do. They're in it for the sheer money aspect IMHO.

And estdomains? They must be competitors. rofl

Not to mention Zango as well.
Image

User avatar
SpySentinel
Posts: 151
Joined: Tue Jan 08, 2008 2:16 pm
experience: I know the functions, OS settings, registry tweaks and more
PC time: About 3 hours a day
Location: The United States
Contact:

Re: Malware Authors Take Note Of temerc.com [Dec 3]

Postby SpySentinel » Thu Dec 04, 2008 6:33 pm

Wow thanks for the heads up, mind if I post at Geeks to Go?
-SpySentinel TIC Moderator

Proud Graduate of GeekU - Learn how to remove malware from the best

Image

Image

User avatar
TeMerc
Site Admin
Site Admin
Posts: 15995
Joined: Fri Jan 28, 2005 5:16 pm
Area Of Expertise: Security
experience: I know the functions, OS settings, registry tweaks and more
PC time: What else is there in life?
Location: PHX, AZ
Contact:

Re: Malware Authors Take Note Of temerc.com [Dec 3]

Postby TeMerc » Thu Dec 04, 2008 7:46 pm

SpySentinel wrote:Wow thanks for the heads up, mind if I post at Geeks to Go?
Of course not, go right ahead.
Image

User avatar
SpySentinel
Posts: 151
Joined: Tue Jan 08, 2008 2:16 pm
experience: I know the functions, OS settings, registry tweaks and more
PC time: About 3 hours a day
Location: The United States
Contact:

Re: Malware Authors Take Note Of temerc.com [Dec 3]

Postby SpySentinel » Sat Dec 06, 2008 5:19 pm

thanks
-SpySentinel TIC Moderator

Proud Graduate of GeekU - Learn how to remove malware from the best

Image

Image


Return to “Site Announcements\Acknowledgments”

Who is online

Users browsing this forum: No registered users and 1 guest