'Poisoned' Google Search Results Produce Malware

This forum is for testing I do with various security settings and tools. Infection infiltration, security lock down among other things. Currently XP Home-w\SP 2 installed

Moderators: Admin Team, Moderators

User avatar
TICTestBox
Site Admin
Site Admin
Posts: 245
Joined: Tue Apr 19, 2005 12:11 pm
Area Of Expertise: Infectcious Malware
experience: I know the functions, OS settings, registry tweaks and more
Location: TeMerc's House
Contact:

'Poisoned' Google Search Results Produce Malware

Postby TICTestBox » Wed Nov 28, 2007 12:02 am

Do you trust Google searches? I know I do. Altho I also know what to look for when doing searches for anything.

Last Friday afternoon late, Jr. wanted some Power Ranger coloring pages. Nothing odd, done it about a 100 times in the last few years give or take and printed about 1 million pages for him to color, feels that way at least.

Search I used and results:
http://www.google.com/search?q=power+ra ... f8&oe=utf8

But I noticed right off the bat that most all of the results were from .cn domains, China....huge red flag for me.

As I was on my primary box, I immediately moved over to test box\Sandboxie and began to click.

First link, POW! Prompt for a coded install, site here:
qzrtxrwiuemm.cn/819.html

I then went thru a couple of page results and had two other sites pushed Spy Shredder on me:
vhzxps.in/hr
hxxp://knygxl.in/an

I stopped after a bit, as most seemed to deliver me to a search engine:
hxxp://www.lookuplive.com/

And that page required two clicks of the back button to get back to results page.

Mind you this wasn't any sort of 'misspelled search' either. I typed what I wanted to see.

As the infection showed up in HJT:

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:8888;https=127.0.0.1:8888;


O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: MSVPS System - {A4D00A75-F69A-49FD-9058-AB925712CCFF} - C:\WINDOWS\popnetkqw.dll

O3 - Toolbar: The jokwmp - {AB9235F6-DB9F-4FDC-AAFB-A3BAF1849E34} - C:\WINDOWS\jokwmp.dll


O4 - HKLM\..\Run: [avp] C:\WINDOWS\avp.exe


O21 - SSODL: E404Helper - {a305ecda-5cd1-4e09-9232-cda4e954a297} - e404d.dll (file missing)

O21 - SSODL: rmvgor - {1E0A7717-1CB7-45F2-8216-4E972BBC31F4} - C:\WINDOWS\rmvgor.dll

O21 - SSODL: sapnet - {51C0F601-D985-4174-9BE6-2D99188D6CBE} - C:\WINDOWS\sapnet.dll



Files collected and scanned:

Code: Select all

File ttvbongfl.exe received on 11.25.2007 18:51:16 (CET)
Additional information
File size: 143360 bytes
MD5: f8c54b5916b704b0d6c9bb36b5d62cfc
SHA1: 75b33842e81c2e4ac147d28d45f5536b5ad4179e


Result: 5/32 (15.63%)

AVG 7.5.0.503 2007.11.25 Downloader.Zlob.NE
CAT-QuickHeal 9.00 2007.11.24 TrojanDownloader.Zlob.ejq
Ikarus T3.1.1.12 2007.11.25 Trojan-Downloader.Win32.Zlob.egn
Kaspersky 7.0.0.125 2007.11.25 Trojan-Downloader.Win32.Zlob.ena
Microsoft 1.3007 2007.11.25 TrojanDownloader:Win32/Zlob.gen!W

==============================

File gormet.dll received on 11.25.2007 18:55:50 (CET)
Additional information
File size: 348160 bytes
MD5: 04d4a3d6467a8241cd2d7c7ee1fac7f2
SHA1: 1b5d4ea3b735c331211f98711a0033f34bb800e8

Result: 5/32 (15.63%)

AntiVir 7.6.0.34 2007.11.23 TR/Zlob.Dll
Avast 4.7.1074.0 2007.11.23 Win32:Agent-LTS
AVG 7.5.0.503 2007.11.25 Downloader.Zlob.OC
Ikarus T3.1.1.12 2007.11.25 Virus.Win32.Agent.LTS
Webwasher-Gateway 6.0.1 2007.11.25 Trojan.Zlob.Dll

=========================

File packer.exe received on 11.25.2007 19:01:07 (CET)
File size: 127488 bytes
MD5: 654bddd78f9c5d3b570b551e5f3caf5d
SHA1: 73aa37e4e4097ab7d67d97d90c3c889ae2d30e6b
packers: UPX
packers: embedded, UPX
packers: PE_Patch.UPX, UPX


Result: 4/32 (12.5%)

AntiVir 7.6.0.34 2007.11.23 TR/Delphi.Downloader.Gen
CAT-QuickHeal 9.00 2007.11.24 (Suspicious) - DNAScan
DrWeb 4.44.0.09170 2007.11.25 Trojan.AVKill.origin
Webwasher-Gateway 6.0.1 2007.11.25 Trojan.Delphi.Downloader.Gen

=======================

File pmkret.dll received on 11.25.2007 19:02:41 (CET)
File size: 283648 bytes
MD5: c68b4565fdfd9e26c7f460d489c1b21f
SHA1: 140dc8b2f0a264ebd38a6dde3c306e58cea6e34e

Result: 2/32 (6.25%)

Ikarus T3.1.1.12 2007.11.25 not-a-virus:AdWare.Win32.Agent.bn
Norman 5.80.02 2007.11.23 Agent.CUUF

=====================

File monhop.exe
File size: 151552 bytes
MD5: 8e195848bb2756a7c10e6c2b1f416458
SHA1: 017e2d13f75634a9b932650dca274963595662e2

Result: 2/32 (6.25%)

AVG 7.5.0.503 2007.11.25 Downloader.Zlob.NA
BitDefender 7.2 2007.11.25 Adware.NetAdware.BY


Since I found these sites, and posted at one of the 'back rooms' where many of the big malware vendors have access, Sunbelt Software, makers of CounterSpy have had a couple of detailed write ups here and here.

Too bad I'm not a well oiled research machine as these guys are(not to mention I was nursing a severely pulled calf muscle, had to keep it elevated and stay off it), I may have made a splash had I written this up sooner, especially now that mainstream media sites are picking it up left and right.

And so it goes.

Lesson learned here folks:
Don't just blindly click links, as much as we all want to trust Google, they can't be relied on to catch everything.

User avatar
TeMerc
Site Admin
Site Admin
Posts: 15995
Joined: Fri Jan 28, 2005 5:16 pm
Area Of Expertise: Security
experience: I know the functions, OS settings, registry tweaks and more
PC time: What else is there in life?
Location: PHX, AZ
Contact:

Postby TeMerc » Wed Nov 28, 2007 10:20 am

Well it looks like Google has rectified the 'poisoning' that as it turns out, was specifically aimed at Google.

See more here @ Sunbelt Blog
Image

User avatar
JeanInMontana
Posts: 2570
Joined: Wed Feb 02, 2005 9:47 am
Gender: Female
experience: I know the functions, OS settings, registry tweaks and more
PC time: More than 4 hours a day
Location: South Central Montana USA
Contact:

Postby JeanInMontana » Wed Nov 28, 2007 10:43 am

Well I know you have been on this topic for MONTHS since way last summer you have been hunting down bad blogs on Google and getting them shut down.
Image Image

User avatar
TeMerc
Site Admin
Site Admin
Posts: 15995
Joined: Fri Jan 28, 2005 5:16 pm
Area Of Expertise: Security
experience: I know the functions, OS settings, registry tweaks and more
PC time: What else is there in life?
Location: PHX, AZ
Contact:

Postby TeMerc » Wed Nov 28, 2007 11:14 am

JeanInMontana wrote:Well I know you have been on this topic for MONTHS since way last summer you have been hunting down bad blogs on Google and getting them shut down.
Yeah it would be nice if Google fixed the splog farms too, but this was a different sort of thing. And much more likely to infect alot more users, seeing as so many people use Google search.

I'm just glad I found the tip of the iceberg and the proper authorities were informed and it's been fixed. I'm doing some searches of my own as we speak.
Image

User avatar
TICTestBox
Site Admin
Site Admin
Posts: 245
Joined: Tue Apr 19, 2005 12:11 pm
Area Of Expertise: Infectcious Malware
experience: I know the functions, OS settings, registry tweaks and more
Location: TeMerc's House
Contact:

Postby TICTestBox » Wed Nov 28, 2007 11:35 am

And in case anyone is interested, you can block all of Chinas IP addresses, of which I retrieved from IP Address Location.org
Have you ever wondered "what is my IP address"?
Or thought about IP block addresses that belong to a specific country?

Maybe you are Looking for IP Address Locations or simple try to find easy way and learn more about protocols and TCP IP?
Have you ever used a web-based IP address lookup tool to find the geographical location of an IP address?
Maybe you are looking for an IP address location or you simply wish to learn more about how networking protocols, like UDP and TCP/IP, work?

We can help with all of this and more.

Using IP Address Location is free. It is the fastest, easiest and most precise way to search and find the exact location of any IP address, OS, DNS, country, country code and contry flag. Furthermore, we have integrated Geolocator and a world map to display your results by city and country. Our IP database is updated every 48 hours so you can be sure the information we provide is up to date.

Our web based IP Lookup tool has analyzed your IP address and and detected next informations about your computer


But I'm sure there is a better way to narrow down this list.....Steven??

Code: Select all

58.14.0.0 58.25.255.255
58.30.0.0 58.63.255.255
58.66.0.0 58.67.255.255
58.68.128.0 58.68.255.255
58.82.0.0 58.83.255.255
58.87.64.0 58.87.127.255
58.99.128.0 58.101.255.255
58.116.0.0 58.119.255.255
58.128.0.0 58.135.255.255
58.144.0.0 58.144.255.255
58.154.0.0 58.155.255.255
58.192.0.0 58.223.255.255
58.240.0.0 58.255.255.255
59.32.0.0 59.83.255.255
59.107.0.0 59.111.255.255
59.151.0.0 59.151.127.255
59.155.0.0 59.155.255.255
59.172.0.0 59.175.255.255
59.191.0.0 59.191.127.255
59.191.240.0 60.31.255.255
60.55.0.0 60.55.255.255
60.63.0.0 60.63.255.255
60.160.0.0 60.191.255.255
60.194.0.0 60.195.255.255
60.200.0.0 60.223.255.255
60.232.0.0 60.233.255.255
60.235.0.0 60.235.255.255
60.245.128.0 60.245.255.255
60.247.0.0 60.247.255.255
60.252.0.0 60.252.255.255
60.253.128.0 60.253.255.255
60.255.0.0 60.255.255.255
61.4.80.0 61.4.95.255
61.4.176.0 61.4.191.255
61.8.160.0 61.8.175.255
61.14.29.8 61.14.29.15
61.14.29.80 61.14.29.95
61.28.0.0 61.28.127.255
61.29.128.0 61.29.255.255
61.45.128.0 61.45.191.255
61.47.128.0 61.47.191.255
61.48.0.0 61.55.255.255
61.87.192.0 61.87.255.255
61.128.0.0 61.161.83.67
61.161.83.69 61.161.155.55
61.161.155.64 61.191.255.255
61.216.99.204 61.216.99.207
61.232.0.0 61.237.255.255
61.240.0.0 61.243.255.255
62.159.35.80 62.159.35.95
62.159.104.192 62.159.104.199
63.150.129.120 63.150.129.127
63.162.142.0 63.162.142.255
63.167.100.192 63.167.100.207
63.246.132.30 63.246.132.39
63.246.133.120 63.246.133.127
63.246.155.184 63.246.155.193
64.6.231.128 64.6.231.191
64.34.99.176 64.34.99.191
64.34.234.0 64.34.234.255
64.34.250.0 64.34.250.15
64.49.203.240 64.49.203.247
64.62.206.224 64.62.206.255
64.62.238.0 64.62.238.255
64.62.255.0 64.62.255.255
64.71.151.96 64.71.151.127
64.71.172.0 64.71.172.255
64.127.103.0 64.127.103.7
64.224.124.225 64.224.124.238
65.19.134.112 65.19.134.119
65.19.135.0 65.19.135.255
65.19.152.0 65.19.152.255
65.19.188.0 65.19.188.255
65.110.57.90 65.110.57.99
66.96.205.205 66.96.205.224
66.111.53.200 66.111.53.209
66.118.176.120 66.118.176.127
66.160.130.0 66.160.130.255
66.160.162.0 66.160.162.255
69.95.65.112 69.95.65.119
69.95.96.0 69.95.96.7
72.3.166.136 72.3.166.143
72.32.164.88 72.32.164.95
72.55.149.64 72.55.149.71
75.126.237.0 75.126.237.7
80.146.214.32 80.146.214.39
85.233.200.160 85.233.200.191
91.193.40.0 91.193.43.255
91.196.232.0 91.196.235.255
116.1.0.0 116.11.255.255
116.13.0.0 116.13.255.255
116.16.0.0 116.31.255.255
116.52.0.0 116.57.255.255
116.58.128.0 116.58.143.255
116.58.208.0 116.58.223.255
116.60.0.0 116.63.255.255
116.66.0.0 116.66.127.255
116.69.0.0 116.70.127.255
116.76.0.0 116.79.255.255
116.89.144.0 116.89.159.255
116.90.184.0 116.90.191.255
116.95.0.0 116.95.255.255
116.112.0.0 116.117.255.255
116.128.0.0 116.192.255.255
116.193.16.0 116.193.63.255
116.194.0.0 116.196.255.255
116.198.0.0 116.199.159.255
116.204.0.0 116.205.255.255
116.207.0.0 116.211.255.255
116.212.115.0 116.212.115.255
116.212.160.0 116.212.175.255
116.213.64.0 116.213.255.255
116.214.32.0 116.214.79.255
116.214.128.0 116.219.255.255
116.224.0.0 116.239.255.255
116.242.0.0 116.249.255.255
116.252.0.0 116.253.255.255
116.254.128.0 116.254.255.255
116.255.128.0 116.255.255.255
117.8.0.0 117.15.255.255
117.21.0.0 117.45.255.255
117.48.0.0 117.51.255.255
117.53.48.0 117.53.63.255
117.53.176.0 117.53.191.255
117.57.0.0 117.58.127.255
117.59.0.0 117.73.255.255
117.74.64.0 117.74.79.255
117.74.128.0 117.95.255.255
117.100.0.0 117.101.255.255
117.103.16.0 117.103.31.255
117.103.128.0 117.103.143.255
117.106.0.0 117.107.255.255
117.112.0.0 117.119.255.255
117.120.64.0 117.121.199.255
117.122.128.0 117.122.255.255
117.124.0.0 117.191.255.255
118.24.0.0 118.31.255.255
118.64.0.0 118.66.255.255
118.67.112.0 118.67.127.255
118.72.0.0 118.81.255.255
118.84.0.0 118.85.255.255
118.88.32.0 118.89.255.255
118.91.240.0 118.91.255.255
118.102.16.0 118.102.31.255
118.103.240.0 118.103.247.255
118.112.0.0 118.126.255.255
118.132.0.0 118.135.255.255
118.144.0.0 118.147.255.255
118.178.0.0 118.178.255.255
118.180.0.0 118.207.255.255
118.212.0.0 118.213.255.255
121.0.16.0 121.0.31.255
121.4.0.0 121.5.255.255
121.8.0.0 121.43.255.255
121.46.0.0 121.49.255.255
121.51.0.0 121.51.255.255
121.55.0.0 121.55.63.255
121.56.0.0 121.63.163.143
121.63.163.152 121.63.163.155
121.63.163.160 121.63.255.255
121.68.0.0 121.71.255.255
121.76.0.0 121.77.255.255
121.89.0.0 121.89.255.255
121.100.128.0 121.100.255.255
121.192.0.0 121.199.255.255
121.201.0.0 121.201.255.255
121.204.0.0 121.207.255.255
121.224.0.0 121.239.255.255
121.248.0.0 121.251.255.255
121.255.0.0 121.255.255.255
122.0.64.0 122.0.255.255
122.4.0.0 122.15.255.255
122.48.0.0 122.49.63.255
122.51.0.0 122.51.255.255
122.64.0.0 122.97.255.255
122.102.0.0 122.102.15.255
122.102.64.0 122.102.95.255
122.112.0.0 122.115.255.255
122.119.0.0 122.119.255.255
122.136.0.0 122.143.255.255
122.144.128.0 122.144.255.255
122.152.192.0 122.152.255.255
122.156.0.0 122.159.255.255
122.192.0.0 122.195.255.255
122.198.0.0 122.198.255.255
122.200.64.0 122.200.127.255
122.204.0.0 122.207.255.255
122.224.0.0 122.247.255.255
122.248.48.0 122.248.63.255
123.0.128.0 123.0.191.255
123.4.0.0 123.15.255.255
123.49.128.0 123.49.255.255
123.52.0.0 123.98.127.255
123.99.128.0 123.100.31.255
123.100.232.0 123.100.232.255
123.101.0.0 123.101.255.255
123.103.0.0 123.103.127.255
123.108.128.0 123.108.143.255
123.108.208.0 123.108.223.255
123.112.0.0 123.135.255.255
123.136.80.0 123.136.95.255
123.137.0.0 123.139.255.255
123.144.0.0 123.175.255.255
123.176.80.0 123.176.95.255
123.177.0.0 123.191.255.255
123.196.0.0 123.197.255.255
123.199.128.0 123.199.255.255
123.206.0.0 123.207.255.255
123.232.0.0 123.235.255.255
123.242.0.0 123.242.127.255
123.244.0.0 123.247.255.255
123.249.0.0 123.249.255.255
123.253.0.0 123.253.255.255
124.6.64.0 124.6.127.255
124.14.0.0 124.17.255.255
124.20.0.0 124.23.255.255
124.28.192.0 124.29.127.255
124.31.0.0 124.31.255.255
124.40.112.0 124.40.191.255
124.42.0.0 124.42.255.255
124.47.0.0 124.47.63.255
124.64.0.0 124.66.127.255
124.67.0.0 124.79.255.255
124.88.0.0 124.95.255.255
124.108.8.0 124.108.15.255
124.108.40.0 124.108.47.255
124.112.0.0 124.119.255.255
124.126.0.0 124.135.255.255
124.147.128.0 124.147.255.255
124.156.0.0 124.156.255.255
124.160.0.0 124.167.255.255
124.172.0.0 124.175.255.255
124.192.0.0 124.193.255.255
124.196.0.0 124.196.255.255
124.200.0.0 124.207.255.255
124.220.0.0 124.240.127.255
124.242.0.0 124.242.255.255
124.243.192.0 124.243.255.255
124.248.0.0 124.251.255.255
124.254.0.0 124.254.63.255
125.31.192.0 125.47.255.255
125.58.128.0 125.58.255.255
125.62.0.0 125.62.63.255
125.64.0.0 125.98.255.255
125.104.0.0 125.127.255.255
125.169.0.0 125.169.255.255
125.171.0.0 125.171.255.255
125.208.0.0 125.208.63.255
125.210.0.0 125.211.255.255
125.213.0.0 125.213.127.255
125.215.0.0 125.215.63.255
125.216.0.0 125.223.255.255
125.254.128.0 125.254.255.255
134.196.0.0 134.196.255.255
147.243.224.0 147.243.255.255
159.226.0.0 159.226.255.255
161.58.177.232 161.58.177.232
161.58.187.144 161.58.187.147
161.207.0.0 161.207.255.255
162.105.0.0 162.105.255.255
166.111.0.0 166.111.255.255
167.139.0.0 167.139.255.255
168.160.0.0 168.160.255.255
192.83.122.0 192.83.122.255
192.124.154.0 192.124.154.255
192.137.31.0 192.137.31.255
192.188.170.0 192.188.170.255
193.220.112.0 193.220.112.255
194.110.69.0 194.110.69.255
194.117.101.45 194.117.101.45
194.117.101.55 194.117.101.55
194.117.103.43 194.117.103.43
194.117.103.58 194.117.103.58
194.117.103.78 194.117.103.79
194.117.103.120 194.117.103.120
194.117.103.123 194.117.103.123
194.117.103.150 194.117.103.150
194.117.103.154 194.117.103.155
194.117.103.181 194.117.103.181
194.117.103.189 194.117.103.189
194.117.103.195 194.117.103.195
194.117.103.206 194.117.103.206
194.117.103.215 194.117.103.215
194.117.103.218 194.117.103.219
194.117.103.230 194.117.103.230
194.117.119.101 194.117.119.101
195.112.167.20 195.112.167.23
195.112.167.56 195.112.167.59
195.112.167.84 195.112.167.87
195.112.167.156 195.112.167.163
195.112.177.20 195.112.177.23
195.112.177.32 195.112.177.35
195.112.177.124 195.112.177.127
195.112.191.12 195.112.191.12
198.17.7.0 198.17.7.255
199.3.210.0 199.3.210.127
202.0.110.0 202.0.110.255
202.2.144.64 202.2.144.127
202.4.128.0 202.4.159.255
202.4.252.0 202.4.255.255
202.8.128.0 202.8.159.255
202.10.64.0 202.10.79.255
202.14.88.0 202.14.88.255
202.14.235.0 202.14.238.255
202.20.120.0 202.20.120.255
202.22.248.0 202.22.255.255
202.38.0.0 202.38.15.255
202.38.64.0 202.38.143.255
202.38.146.0 202.38.147.255
202.38.149.0 202.38.150.255
202.38.152.0 202.38.156.255
202.38.158.0 202.38.161.255
202.38.164.0 202.38.177.255
202.38.184.0 202.38.255.255
202.41.142.0 202.41.142.255
202.41.152.0 202.41.159.255
202.41.240.0 202.41.255.255
202.43.144.0 202.43.159.255
202.46.32.0 202.46.63.255
202.46.224.0 202.46.239.255
202.60.112.0 202.60.127.255
202.63.248.0 202.63.251.255
202.69.4.0 202.69.7.255
202.69.16.0 202.69.31.255
202.70.0.0 202.70.31.255
202.70.161.0 202.70.175.255
202.74.8.0 202.74.15.255
202.75.208.0 202.75.223.255
202.77.170.48 202.77.170.63
202.85.208.0 202.85.223.255
202.89.21.0 202.89.21.255
202.90.0.0 202.90.3.255
202.90.224.0 202.90.239.255
202.90.252.0 202.91.3.255
202.91.128.0 202.91.131.255
202.91.176.0 202.91.191.255
202.91.224.0 202.92.3.255
202.92.252.0 202.93.3.255
202.93.252.0 202.94.31.255
202.95.0.0 202.95.31.255
202.95.252.0 202.120.24.223
202.120.25.0 202.122.7.255
202.122.32.0 202.122.39.255
202.122.64.0 202.122.95.255
202.122.112.0 202.122.119.255
202.122.128.0 202.122.128.255
202.123.96.0 202.123.111.255
202.124.24.0 202.124.27.255
202.125.176.0 202.125.191.255
202.127.0.0 202.127.7.255
202.127.12.0 202.127.31.255
202.127.40.0 202.127.63.255
202.127.112.0 202.127.167.255
202.127.192.0 202.127.255.255
202.130.0.0 202.130.31.255
202.130.224.0 202.130.255.255
202.131.16.0 202.131.23.255
202.131.48.0 202.131.63.255
202.131.208.0 202.131.223.255
202.136.48.0 202.136.63.255
202.136.208.0 202.136.239.255
202.141.160.0 202.141.191.255
202.142.16.0 202.142.31.255
202.143.16.0 202.143.31.255
202.148.96.0 202.148.127.255
202.149.160.0 202.149.191.255
202.149.224.0 202.149.255.255
202.150.16.0 202.150.31.255
202.152.176.0 202.152.191.255
202.153.48.0 202.153.63.255
202.158.160.0 202.158.191.255
202.160.176.0 202.160.191.255
202.164.0.0 202.164.15.255
202.165.96.0 202.165.111.255
202.165.176.0 202.165.191.255
202.165.208.0 202.165.223.255
202.168.160.0 202.168.191.255
202.170.128.0 202.170.159.255
202.170.216.0 202.170.223.255
202.173.8.0 202.173.15.255
202.173.224.0 202.173.255.255
202.176.224.0 202.176.255.255
202.179.240.0 202.179.255.255
202.180.128.0 202.180.159.255
202.181.112.0 202.181.127.255
202.189.80.0 202.189.95.255
202.192.0.0 202.192.241.255
202.192.243.0 202.207.255.255
203.18.50.0 203.18.50.255
203.79.0.0 203.79.15.255
203.80.144.0 203.80.159.255
203.81.16.0 203.81.31.255
203.83.56.0 203.83.63.255
203.86.0.0 203.86.95.255
203.88.32.0 203.88.63.255
203.88.192.0 203.88.223.255
203.89.0.0 203.89.3.255
203.90.0.0 203.90.3.255
203.90.128.0 203.90.223.255
203.91.32.0 203.91.63.255
203.91.96.0 203.91.111.255
203.91.120.0 203.91.127.255
203.92.0.0 203.92.3.255
203.92.160.0 203.92.191.255
203.93.0.0 203.94.31.255
203.95.0.0 203.95.7.255
203.95.96.0 203.95.127.255
203.98.201.0 203.98.201.255
203.98.205.32 203.98.205.47
203.98.205.168 203.98.205.175
203.98.207.0 203.98.207.7
203.98.207.80 203.98.207.111
203.98.209.128 203.98.209.191
203.98.210.0 203.98.210.15
203.98.210.96 203.98.210.103
203.98.213.24 203.98.213.31
203.98.213.176 203.98.213.183
203.99.16.0 203.99.31.255
203.99.80.0 203.99.95.255
203.100.32.0 203.100.47.255
203.100.80.0 203.100.127.255
203.100.192.0 203.100.207.255
203.110.160.0 203.110.191.255
203.118.192.0 203.118.223.255
203.119.24.0 203.119.35.255
203.128.32.0 203.128.63.255
203.128.96.0 203.128.127.255
203.130.32.0 203.130.63.255
203.132.32.0 203.132.63.255
203.134.240.0 203.134.247.255
203.135.96.0 203.135.127.255
203.135.160.0 203.135.175.255
203.142.12.0 203.142.13.255
203.148.0.0 203.148.63.255
203.152.64.0 203.152.95.255
203.156.192.0 203.156.255.255
203.158.16.0 203.158.23.255
203.161.192.0 203.161.223.255
203.166.160.0 203.166.191.255
203.171.224.0 203.171.239.255
203.174.7.0 203.174.7.255
203.174.96.0 203.174.127.255
203.175.128.0 203.175.159.255
203.175.192.0 203.175.255.255
203.176.168.0 203.176.175.255
203.184.80.0 203.184.95.255
203.187.160.0 203.187.191.255
203.190.96.0 203.190.111.255
203.191.16.0 203.191.31.255
203.191.64.0 203.191.127.255
203.191.144.0 203.191.159.255
203.192.0.0 203.192.31.255
203.194.139.159 203.194.139.190
203.196.0.0 203.196.7.255
203.207.64.0 203.208.19.255
203.208.32.0 203.208.63.255
203.209.224.0 203.209.255.255
203.212.0.0 203.212.15.255
203.212.80.0 203.212.95.255
203.222.44.168 203.222.44.175
203.222.166.96 203.222.166.103
203.222.166.192 203.222.166.255
203.222.167.56 203.222.167.63
203.222.167.128 203.222.167.143
203.222.174.200 203.222.174.207
203.222.176.244 203.222.177.71
203.222.177.104 203.222.177.111
203.222.177.192 203.222.177.255
203.222.182.96 203.222.182.111
203.222.182.144 203.222.182.159
203.222.187.176 203.222.187.183
206.73.60.96 206.73.60.127
206.73.91.32 206.73.91.95
206.73.195.64 206.73.195.95
206.73.210.96 206.73.210.127
206.73.227.64 206.73.227.127
206.73.246.32 206.73.246.47
206.168.117.160 206.168.117.175
206.182.199.208 206.182.199.215
206.182.200.128 206.182.200.191
206.182.221.112 206.182.221.127
206.182.221.192 206.182.221.255
206.222.2.184 206.222.2.191
206.222.7.216 206.222.7.223
207.117.165.0 207.117.165.255
207.150.160.30 207.150.160.39
207.150.169.200 207.150.169.209
207.209.206.128 207.209.206.255
208.18.90.0 208.18.90.255
209.50.243.8 209.50.243.15
209.51.198.144 209.51.198.151
209.51.209.64 209.51.209.71
209.51.221.40 209.51.221.47
209.93.110.0 209.93.110.127
209.93.112.128 209.93.112.255
209.93.114.128 209.93.114.191
209.93.178.0 209.93.178.160
209.93.184.192 209.93.184.255
209.93.189.0 209.93.191.255
209.93.194.64 209.93.194.127
209.93.236.104 209.93.236.111
209.93.238.128 209.93.238.255
209.93.240.128 209.93.240.255
210.2.0.0 210.2.31.255
210.5.0.0 210.5.31.255
210.5.144.0 210.5.159.255
210.12.0.0 210.13.255.255
210.14.64.0 210.14.95.255
210.14.112.0 210.15.191.255
210.16.128.0 210.16.191.255
210.21.0.0 210.22.255.255
210.23.32.0 210.23.63.255
210.25.0.0 210.31.210.3
210.31.210.8 210.47.255.255
210.51.0.0 210.53.255.255
210.56.192.0 210.56.223.255
210.72.0.0 210.78.255.255
210.79.64.0 210.79.127.255
210.79.224.0 210.79.255.255
210.82.0.0 210.83.255.255
210.87.128.0 210.87.191.255
210.185.192.0 210.185.255.255
210.192.96.0 210.192.127.255
211.64.0.0 211.71.255.255
211.80.0.0 211.103.255.255
211.136.0.0 211.167.255.255
212.63.181.28 212.63.181.31
212.63.181.40 212.63.181.47
212.63.181.76 212.63.181.79
212.63.181.140 212.63.181.143
212.63.181.180 212.63.181.187
212.63.181.200 212.63.181.203
212.63.181.224 212.63.181.227
212.63.183.4 212.63.183.4
212.63.183.9 212.63.183.10
212.63.183.15 212.63.183.15
212.63.183.19 212.63.183.19
212.63.183.23 212.63.183.23
212.63.183.28 212.63.183.28
212.63.183.58 212.63.183.58
212.63.183.62 212.63.183.62
212.63.183.64 212.63.183.64
212.63.183.68 212.63.183.68
212.63.183.212 212.63.183.219
212.63.183.228 212.63.183.231
212.184.11.112 212.184.11.119
216.94.105.0 216.94.105.255
216.94.116.128 216.94.116.255
216.110.34.96 216.110.34.103
216.139.183.80 216.139.183.87
216.158.143.65 216.158.143.128
216.158.147.1 216.158.147.255
216.179.192.0 216.179.199.255
216.195.41.0 216.195.41.255
216.198.215.32 216.198.215.63
216.218.168.16 216.218.168.31
217.8.101.0 217.8.101.255
217.243.166.64 217.243.166.71
217.244.15.128 217.244.15.191
218.0.0.0 218.31.255.255
218.56.0.0 218.99.255.255
218.104.0.0 218.109.255.255
218.185.192.0 218.185.223.255
218.192.0.0 218.207.255.255
218.240.0.0 218.247.255.255
218.249.0.0 218.249.255.255
219.72.0.0 219.72.255.255
219.82.0.0 219.82.255.255
219.128.0.0 219.159.255.255
219.216.0.0 219.239.255.255
219.242.0.0 219.247.255.255
220.101.192.0 220.101.255.255
220.112.0.0 220.115.255.255
220.152.128.0 220.152.255.255
220.154.0.0 220.155.255.255
220.160.0.0 220.207.255.255
220.231.0.0 220.231.63.255
220.231.128.0 220.231.255.255
220.232.64.0 220.232.127.255
220.234.0.0 220.234.255.255
220.242.0.0 220.243.255.255
220.248.0.0 220.252.255.255
221.0.0.0 221.12.191.255
221.13.0.0 221.15.255.255
221.122.0.0 221.123.255.255
221.129.0.0 221.131.255.255
221.133.224.0 221.133.255.255
221.136.0.0 221.137.255.255
221.172.0.0 221.183.255.255
221.192.0.0 221.199.207.255
221.199.224.0 221.239.255.255
222.16.0.0 222.95.255.255
222.125.0.0 222.125.255.255
222.126.128.0 222.126.255.255
222.128.0.0 222.143.255.255
222.160.0.0 222.163.255.255
222.168.0.0 222.223.255.255
222.240.0.0 222.249.255.255

User avatar
MysteryFCM
Site Admin
Site Admin
Posts: 3721
Joined: Sun May 15, 2005 12:42 pm
Location: Newcastle, UK
Contact:

Postby MysteryFCM » Wed Nov 28, 2007 4:20 pm

As I mentioned in the IM, you could convert the IP ranges into CIDR ranges, which would considerably shorten the list ....... but it would take a bit of time to do such.

You can do such using;

http://jodies.de/ipcalc

/edit

or ....

http://ip2cidr.com/
http://www.kgsoft.com/products/iprange2cidr/
Regards

Steven Burn
I.T. Mate / hpHosts
it-mate.co.uk / hosts-file.net

Keeping it FREE!

User avatar
TeMerc
Site Admin
Site Admin
Posts: 15995
Joined: Fri Jan 28, 2005 5:16 pm
Area Of Expertise: Security
experience: I know the functions, OS settings, registry tweaks and more
PC time: What else is there in life?
Location: PHX, AZ
Contact:

Postby TeMerc » Thu Nov 29, 2007 11:07 am

Looks like the RBN gang have just upped the ante on Google 'poisoning'.

Sunbelt has discovered a new campaign, with two different 'groups'.
...we’re seeing indications that another attack may be on the way. We have seen another spate of websites freshly registered, using the similar .cn domains. There seem to be two different groups here.

0-= Sunbelt Blog
Image

User avatar
TeMerc
Site Admin
Site Admin
Posts: 15995
Joined: Fri Jan 28, 2005 5:16 pm
Area Of Expertise: Security
experience: I know the functions, OS settings, registry tweaks and more
PC time: What else is there in life?
Location: PHX, AZ
Contact:

Postby TeMerc » Fri Nov 30, 2007 8:16 am

Sandi Hardmeier has an excellent write up about Googles attemtpt to try to get regular users to report malicious sites.

Her analogy:
If Google wants to fight the bad guys one site at a time, then all power to them .. I sure as hell hope they have a hell of a lot of manpower behind them - they're gonna need it. Consider the analogy of the elephant and the ant. The elephant is massive - the ant is miniscule, but the elephant is one, and the ants are millions. A swarm of ants can overwhelm anything if they put their minds to it,even the elephant. Now replace "elephant" with "Google" and "malicious web sites" with "ants". I think you see my point.
0-= Spyware Sucks blog
Image


Return to “TeMerc Test Box”

Who is online

Users browsing this forum: No registered users and 1 guest